Success Notification Overlay
Failure Notification Overlay
The Office of Missouri State Auditor

Scott Fitzpatrick

State Auditor's School District Data Breach Hotline

Online Reporting Form

In accordance with Sec. 162.1475, RSMo, in the event of a data breach, school districts must notify the State Auditor's Office. To fulfill this requirement, the school district's information technology/security representative should complete the form below. Upon receipt, the State Auditor's Office may contact the representative and/or other district personnel to obtain further information, as well as obtain periodic updates.

Contact Information
School Mailing Address
Incident
*Has the district already notified the Department of Elementary and Secondary Education, i.e. through their reporting form?
No

Please use the "Incident Description" field below to provide a narrative of the incident, including (as applicable):

  • When the incident began
  • When and how the incident was detected
  • A general summary of the cause or circumstances enabling the incident
  • The scope and scale of the incident (use estimates as needed):
    • Affected parties
    • Number of records
    • Time span of records
    • Presence of directory information versus personally identifiable information; see 34 CFR Section 99.3 as well as Section 407.1500(9), RSMo
  • The current status of the incident and activities remaining:
    • Whether the cause or circumstances enabling the incident were resolved (i.e. improvement of controls or processes to avoid repeat situations)
    • Whether external parties were notified as applicable (i.e. affected individuals/families, law enforcement)
  • Discussion of the following considerations, if applicable:
    • Has the district internally created any policies, procedures, or plans regarding security incident response and/or data breach response? These would be beyond the adoption of Missouri School Board Association policies EHBC and EHBC-AP(1). If "yes" please provide copies.
    • Did the incident involve any element of legitimacy (i.e. abuse or error by an employee in a position of trust; error in recurring practices or transmissions)?
    • Were all relevant user accounts, especially those accessible outside the district's network (i.e. home or mobile web access), disabled (locked, etc.) as necessary?
Optional Attached File(s):

Please contact moaudit@auditor.mo.gov for assistance or to provide additional information.