Skip to main content

Reporting Electronic Security Incidents

Users of information technology devices connected to the Cornell network must report all electronic security incidents promptly and to the appropriate party or office. The Information Technology Security Office has the responsibility to evaluate incidents for potential of a breach of institutional information, including personally identifiable information held by university, and, when necessary, initiate the Data Privacy Incident Response Team (DPIRT) process.

Policy details


Your local college or unit administrative office.

Revision History:

July 24, 2019: Full Review Performed. Addition Weill Cornell Medicine (WCM) to scope the policy. Other changes for clarity of procedures. 

June 22, 2018: Updated hyperlinks throughout.

December 13, 2017: Rewritten to conform to new IT governance structure, including introduction of ISPAC, renaming of job titles, and changing DIRT to DPIRT.