University Policy 5.4.2
Reporting Electronic Security Incidents

Users of information technology devices connected to the Cornell network must report all electronic security incidents promptly and to the appropriate party or office. The Information Technology Security Office has the responsibility to evaluate incidents for potential of a breach of institutional information, including personally identifiable information held by university, and, when necessary, initiate the Data Privacy Incident Response Team (DPIRT) process.