Skip to main content

Information Security

Cornell University expects all data stewards and custodians who have access to and responsibilities for university data to manage it as set forth in this policy. This is in accordance with the rules regarding collection, storage, disclosure, access, processing, destruction, and classification of information and minimum privacy and security standards.

Policy details


IT Security Office, Weill Cornell Medicine Privacy Office.

Revision History:

7/24/2020: Substantial revisions to align with current technology and security environment. Data classifications changed from Confidential (Level 1) to High Risk; Restricted (Level 2) to Moderate Risk; and Public (Level 3) to Low Risk. Removed Procedures section for Weill Cornell Medicine.

6/25/2018: Updated hyperlinks throughout.