Report a Data Breach - Winston-Salem City Government

Technology and Data North Carolina 4 Minutes Read · published February 10, 2026 Flag of North Carolina

Introduction

Winston-Salem, North Carolina residents and contractors who suspect a data breach involving city-held information should follow municipal reporting and remediation steps promptly. This guide explains who to contact at the city, what information to collect, immediate actions to protect affected individuals, and where to find official forms and policies. When a breach involves personal data or public records managed by the city, timely reporting helps meet legal notice obligations and lets city information technology and records teams coordinate containment, notification, and remediation.

Who is responsible

The city department that typically leads response to incidents involving municipal information is the city Information Technology or Information Security office, working with the City Attorney and the City Clerk/Public Records custodian for records issues. For breaches affecting contractors, the contracting department and procurement office may also be involved. Contact details and submission portals are listed in the Help and Support / Resources section below.

Immediate actions to take

  • Preserve evidence: preserve logs, screenshots, email headers and devices; do not alter or destroy potential evidence.
  • Report internally: notify your supervisor and the city IT/security team immediately.
  • Document scope: list data types exposed, estimated number of affected records, and suspected timeframe.
  • Stop further disclosure: disconnect affected systems from networks if advised by IT and preserve chain of custody.
Report suspected breaches immediately to reduce risk and preserve evidence.

Penalties & Enforcement

Winston-Salem does not publish a separate municipal penalty schedule for data breaches on a single consolidated city ordinance page; specific monetary fines or administrative penalties for data security incidents are not specified on the city pages cited in the Resources section. Enforcement and remedies typically involve coordination among the city IT/security team, the City Attorney, and any applicable state law enforcement or regulatory agencies.

  • Enforcer: City Information Technology/Information Security and the City Attorney handle municipal response and enforcement actions.
  • Inspection & complaint pathway: complaints and incident reports go to the city IT/security intake and the City Clerk for public records concerns.
  • Fines: not specified on the cited page.
  • Escalation: first response, investigation, and remedial orders are typical; specific escalation penalties for repeat or continuing offences are not specified on the cited page.
  • Non-monetary sanctions: possible orders to remediate systems, injunctions, contractual remedies, and referral to state or federal authorities; exact sanctions not specified on the cited page.
  • Appeals and review: appeal routes are handled through the City Attorney or administrative review; specific time limits for appeals are not specified on the cited page.
If a municipal penalty or formal enforcement action is possible, the City Attorney will outline appeal rights and deadlines.

Applications & Forms

The city does not publish a single, citywide "data breach" form in one central ordinance page; incident reporting typically uses the city IT/security incident intake process or the City Clerk's public records complaint channels. If you are a contractor, check your contract's incident-reporting clause for a required form or timeline; if no form is published, contact the city IT/security team or City Clerk for submission instructions.

Action steps: reporting and follow-up

  • Step 1: Within 24–72 hours, notify your supervisor and the city IT/security office and provide preserved evidence.
  • Step 2: Submit an incident summary to the city IT/security intake or City Clerk as applicable.
  • Step 3: Cooperate with forensic investigation and follow mitigation instructions from the city IT/security team.
  • Step 4: If required by law, the city will arrange or advise on notifications to affected individuals and regulators; document costs and actions for contractual or insurance purposes.
Collecting accurate timelines and preserving logs speeds up forensic work and legal compliance.

Common violations and typical outcomes

  • Unauthorized access to city systems - outcome: investigation, containment, contractual remedies; monetary fines not specified.
  • Disclosure of personal data in public records beyond authorized scope - outcome: remediation orders and possible corrective notices; specific penalties not specified.
  • Failure by a contractor to report an incident per contract terms - outcome: breach of contract remedies and possible termination; financial penalties depend on contract terms.

FAQ

Who do I contact first if I discover a suspected city data breach?
Notify your supervisor and the city Information Technology/Information Security office immediately; copy the City Attorney or City Clerk for potential public records impact.
Will the city notify affected residents?
If notification is required by law or city policy, the city will coordinate notifications; timelines and content depend on the incident and applicable law.
Are there fines for data breaches by city employees or contractors?
Specific municipal fines for data breaches are not listed on the cited city pages; contractual or statutory penalties may apply depending on circumstances.

How-To

  1. Preserve all relevant logs, emails, and devices without alteration.
  2. Notify your supervisor and the city IT/Information Security office immediately and provide an incident summary.
  3. Provide any requested evidence to the city investigators and follow containment instructions.
  4. Work with the City Attorney or designated official to determine whether public notification or regulatory reporting is required.
  5. Document remediation steps, communications, and costs for records and contractual compliance.

Key Takeaways

  • Report suspected breaches quickly to preserve evidence and speed remediation.
  • City IT/Information Security, the City Attorney, and the City Clerk are central to response.
  • If specific fines or timelines are needed, contact the City Attorney or the contracting office; the cited city pages do not specify penalties.

Help and Support / Resources

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data