The university shall disclose any breach of its data to any person whose sensitive, personal information was, or is reasonably believed to have been, acquired by an unauthorized person. This disclosure shall be made in the most expedient time possible. It is the university’s sole discretion to determine the scope of the breach.
The disclosure may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation.
The university shall make every reasonable effort to contact individuals impacted. Contact may be made in person, by mail, and/or by e-mail.
If the university does not have sufficient contact information, a general disclosure will be posted on a UNLV web site and appropriate news media outlets will be notified.
The university will provide information about data breaches as required by federal and state laws, and NSHE regulations and/or policies.
Procedures to Accompany the UNLV Breach of Information Notification Policy (PDF)