Yes, Texas A&M has protocols with regard to data breaches which include a required Information Security Incident plan. HonorLock is contractually required to inform Texas A&M of any data breach to their information systems.
See Texas A&M System Policy and
Texas A&M IT Control Catalog requirements.
Per the Agreement, HonorLock is required to comply with all Texas A&M policies, rules, standards, practices related to safety and security policies. Further, under the Agreement, HonorLock’s responsibilities with regard to any data breaches is fully discussed. In particular, HonorLock must report any unauthorized disclosure of data within two business days of discovery to the University.
SAP 29.01.03.M0.10 “Information Resources – Notification of Unauthorized Access, Use, or Disclosure of Sensitive Personal Information” provides the protocol for the initial Texas A&M response. Texas A&M IT also has a publicly available incident response plan:
https://it.tamu.edu/policy/it-policy/controls-catalog/controls/IR/IR-8/