Skip to main content

University Data Cleanup and Inventory Initiative

This article applies to: Data Discovery


To greatly reduce Cornell's risk of suffering data breaches, it's critical to identify what confidential data must be stored (temporarily or permanently) on a staff computer or departmental file server, to secure and track confidential data while it's being stored, and to delete that confidential data from staff computers and departmental file servers as soon as the data is no longer needed. 

Each campus unit is required to establish a local data cleanup program. The details of implementation vary but a unit must:

  • Set guidelines for what action is to be taken when confidential data is found on a computer. Policy 5.10, Information Security, classifies as confidential any of the following data elements when they appear in conjunction with an individual’s name or other identifier:
    • Social Security number
    • Credit card number
    • Driver’s license number
    • Bank account number
    • Protected health information, as defined by HIPAA
  • Require all staff and faculty in the unit to:
    • Acknowledge their responsibility to understand and safeguard the university information they handle.
    • Determine where confidential data is stored on their computers and other file spaces assigned for their use.
    • Run a data discovery tool, to assist in finding confidential data.
    • Take whatever action, if any, is specified by university policy and local practice when confidential data is found, be it through the scanning process or by other means.
Note: To help ensure successful completion of the program, the unit may require its employees to formally attest that they have fulfilled these requirements.
  • Maintain an inventory of computers than continue to hold confidential data.

A unit should also be implementing guidelines for how confidential data is to be handled in the future and other ongoing data security measures.

Was this page helpful?

Your feedback helps improve the site.

Comments?