Information technologies require a new level of awareness and business practice for the management of institutional information. Privacy and security programs assist in that process. (For more information about the university security policy and practices, please visit: cit.cornell.edu/security.)
This site focuses on the collection, retention, redistribution and repurposing of institutional information, in short, privacy information management.
Information management is an essential component of sound university administration. Cornell acquires a tremendous variety and quantity of information about individuals in the course of business with students, staff, faculty and alumni, as well as affiliates, board members and other "friends of the university."
A patchwork of privacy laws touches some of that information, for example, the Family Rights Privacy Act (FERPA) for education records, the Gramm-Leach-Bliley Act (Also known as GLBA or the Financial Services Modernization Act of 1999) for personally identifiable information in financial transactions, and the Health Information Portability Accountability Act (HIPAA) for medical records. Application of these regulations is difficult, however, because of their piecemeal nature. Law and regulation, smart business practices, and institutional reputation nonetheless require comprehensive management of institutional information.
This web site sets forth the charge, process and tools for that process. First, there is a brief explication of the principles, known as "Fair Information Principles," the industry standard for all information management. Complementary practices, known as "Fair Information Practices," provide practical meaning for those principles.
From February 2011 through January 2012, the IT Policy Office contracted with a service to guide privacy information management. This service included documentation about information privacy management as well as departmental and university-wide assessment materials. The assessment period has now ended and materials are being reviewed to make tailored recommendations for Cornell University, outlined in a 1-3 year plan.
Finally, a nascent "privacy" group is forming on campus under the name “Cornell Privacy Information Management.” The Confluence site for it may be found at: https://confluence.cornell.edu/display/CPIM or send us a message at cpim@cornell.edu.
