IT staff are responsible for complying with the Cornell University Uniform Information and Confidentiality Annual agreement included in Policy 4.12, Data Stewardship and Custodianship:

• Cornell University Policy 4.12, Data Stewardship and Custodianship https://policy.cornell.edu/policy-library/data-stewardship-and-custodianship

IT staff are responsible for complying with Cornell's financial policies including:

• Cornell University Policy 4.6 Standards of Ethical Conduct https://policy.cornell.edu/policy-library/standards-ethical-conduct 
• Cornell University Conflicts Policy https://policy.cornell.edu/policy-library/conflicts-interest-and-commitment-excluding-financial-conflict-interest-related
• Cornell University Policy 3.6 Financial Irregularities https://policy.cornell.edu/policy-library/financial-irregularities-reporting-and-investigation

IT staff are responsible for complying with all of Cornell University Information Technology polices:

• https://live-itcornell.pantheonsite.io/cit-intranet/9points

Central IT staff are responsible for complying with all CIT Policies, Procedures and Processes:

• http://www./about/policies/index.cfm

Awareness of confidential data

IT staff should be aware of the following:

• You are responsible for appropriately safeguarding the university information you handle as part of your position at Cornell.
• You have an obligation to take reasonable measure to understand and secure university information on your computer and other file storage space used for work purposes, including both personal and university-owned equipment.
• You are obligated to function in compliance with University Policy 5.10, Information Security. Summary: https://policy.cornell.edu/policy-library/information-security
• Currently classified as confidential are Social Security, credit card, driver's license and bank account numbers, as well as protected health information defined under HIPAA.
• If you do not have local procedures to help you comply with Policy 5.10, refer to the central IT procedures for securing confidential data.

Actions

• You should regularly use Identity Finder, or some other data discovery tool to scan for confidential data on any university-owned computers and other storage spaces assigned for your use. Be aware that a data discovery tool cannot find all instances of all types of confidential data. It can only assist in determining whether confidential data is present. Because of these limitations, you should maintain awareness of data stored on your system and periodically review your files, including electronic mail, for confidential data.
• When you become aware of confidential data, through the scanning process or by other means, you must take whatever action is specified by all applicable university processes and local processes.
• If you have confidential data and have a business need to continue to store and/or access this data, you should contact your IT director for further assistance and instruction.

The university strongly discourages keeping confidential data on your computer which will require security procedures, mandated by university policy, limiting the use of your system.

Additional Resources 

Find links to shared best practices and methodologies as well as the guiding principles that extend across all of IT@Cornell.

• IT@Cornell Guiding Principles
• Cornell Project Management Methodology (CPMM)—The Office of Planning and Program Management is currently updating the methodology, including best practices, templates, and processes for project management and business analysis. A link will be provided when the revised methodology is available.
• Quality Management Best Practices
• Web Accessibility
• Security
• Policy Responsibilities and Awareness for the IT Community