Cornell policy establishes three data security classifications:
Confidential data is subject to stringent security requirements. Unless otherwise classified, all information used in the conduct of university business is restricted, and not open to the general public. University data that has been explicitly made available to the public, with no authentication required for network access, is public.
However, all information at Cornell should be protected. Even data that you may not consider sensitive should be protected. Take appropriate measures, outlined in this web site, to protect university data, wherever you are and whatever computer you are using.
Be aware of what types of information are stored on your computer and take steps to protect it.
Examples of the Diverse Types of Data Seen at Cornell
In addition to being subject to Cornell policies and processes, confidential data is subject to more stringent security requirements.
Data currently classified as confidential includes the following, when they appear in conjunction with an individual’s name or other identifier:
This set may expand based on future regulatory requirements or designations made by the appropriate university data steward. Data stewards are senior officers of the university responsible for determining how data in their area should be handled. For example, the Vice President for Human Resources is the data steward for administrative data pertaining to Cornell employees. The data steward role is defined in University Policy 4.12, Data Stewardship and Custodianship.
In addition to the other measures outlined in this section, some data at Cornell is subject to state and federal legislation, including:
