IT Community Policy Responsibilities and Awareness
IT staff are responsible for complying with the Cornell University Uniform Information and Confidentiality Annual agreement included in Policy 4.12, Data Stewardship and Custodianship:
- Cornell University Policy 4.12, Data Stewardship and Custodianship
IT staff are responsible for complying with Cornell's financial policies including:
- Cornell University Policy 4.6 Standards of Ethical Conduct
- Cornell University Conflicts Policy
- Cornell University Policy 3.6 Financial Irregularities
IT staff are responsible for complying with all of Cornell University Information Technology polices:
Central IT staff are responsible for complying with all CIT Policies, Procedures and Processes:
Awareness of confidential data
IT staff should be aware of the following:
- You are responsible for appropriately safeguarding the university information you handle as part of your position at Cornell.
- You have an obligation to take reasonable measure to understand and secure university information on your computer and other file storage space used for work purposes, including both personal and university-owned equipment.
- You are obligated to function in compliance with University Policy 5.10, Information Security. Summary:
- Currently classified as confidental are Social Security, credit card, driver's license and bank account numbers, as well as protected health information defined under HIPAA.
- If you do not have local procedures to help you comply with Policy 5.10, refer to the central IT procedures for securing confidential data.
- You should regularly use Identity Finder, Cornell Spider or some other data discovery tool to scan for confidential data on any university-owned computers and other storage spaces assigned for your use. Be aware that a data discovery tool cannot find all instances of all types of confidential data. It can only assist in determining whether confidental data is present. Because of these limitations, you should maintain awareness of data stored on your system and periodically review your files, including electronic mail, for confidential data.
- When you become aware of confidential data, through the scanning process or by other means, you must take whatever action is specified by all applicable university processes and local processes.
- If you have confidential data and have a business need to continue to store and/or access this data, you should contact your IT director for further assistance and instruction.
The university strongly discourages keeping confidential data on your computer which will require security procedures, mandated by university policy, limiting the use of your system.