Stolen or lost IT-equipment

1. Contact your immediate supervisor or the first available manager without delay and inform them of the theft.
2. Contact IT Support as soon as possible, and have your AUID or email address ready.
3. If the device is a PC, tablet or mobile phone, IT Support will start by helping you change your password, so that your username and login cannot be misused.
4. If the stolen device is a PC, tablet or mobile phone, the theft must be reported to the local police.
   1. Before you contact the police, please look up the security marking (Dxxxxx) and the serial number of the stolen device. IT Support can help you look up this information.
   2. When you report the theft, the police can provide guidance and help you with the next part of the process, depending on whether the theft happened in Denmark or abroad.
5. NB! - If you have any reason to suspect that there may be a security breach involving personal data, follow the instructions in point 6 below. If not, continue to point 7.
6. If personal data that you had on the AU device has been stolen, you must immediately report the security breach using the following link: How to report a security breach involving personal data.* If you don’t have another PC available, you must ask a manager, a colleague or IT Support to report the breach for you. Once the notification form in the link above has been filled in, it will automatically be sent to the Data Protection Unit (DPO). When reporting the security breach, it is important that you provide information on where and how the theft took place and which AU data is on the AU device. This makes it possible for DPO to assess whether a security breach involving personal data has taken place that must be reported to the Danish Data Protection Agency. According to the General Data Protection Regulation (GDPR), a possible security breach must be reported to the Danish Data Protection Agency within 72 hours of it being discovered. Therefore, it is important that the General Data Protection Regulation receives the report as soon as possible. If necessary, the General Data Protection Regulation will contact you for further information.
7. If the breach does not involve personal data but other important AU data (such as research data), you must report the breach according to the guide in the following link: How to report a security breach that does not involve personal data.** When reporting a breach, it is important that you provide information on where and how the theft took place and which AU data is on the AU device. 
8. If necessary, you can borrow a temporary PC, tablet or mobile phone from IT Support until you have arranged with your manager to order new equipment.
9. NB! - If the stolen AU equipment is found and returned to you, you must not turn it on, connect it to a PC or connect it to an AU network. The device must be submitted to IT Support, so they can check the equipment for any possible vulnerabilities and unknown programs/viruses. IT Support decides whether the AU device can be reused or whether it must be disposed of/scrapped.
10. Speak to your immediate supervisor about the process, since it can be somewhat emotionally “tough/difficult” to have your AU device stolen, and you might need to mentally process the event afterwards. 

* Please also use this link if you have any reason to suspect the theft involves a loss of personal data on portable storage media, such as USB flash drives, SD cards or external hard drives.

**  Please also use this link if the theft involves a loss of important AU data on portable storage media, such as USB flash drives, SD cards or external hard drives – even if this is not personal data.