Privacy Principles at Cornell

Support for US and International Data Privacy Standards

As applies to Cornell’s mission and in support of the fundamental right for privacy, Cornell strives to honor EU-U.S. Data Privacy Framework principles.  Generally, these include:

The Notice Principle: Cornell strives to provide information to data subjects on a number of key elements relating to the processing of their personal data (e.g. type of data collected, purpose of processing, right of access and choice, conditions for onward transfers and liability). 

The Data Integrity and Purpose Limitation Principle: Cornell strives to limit personal data to what is relevant for the purpose of processing, reliable for its intended use, accurate, complete and current. Where a new (changed) purpose is materially different but still compatible with the original purpose, the Choice Principle gives data subjects the right to object (i.e. opt out). 

Note: This obligation does not prevent Cornell from continuing to process personal information for longer periods, but only for the time and to the extent such processing reasonably serves one of the following specific purposes: archiving in the public interest, journalism, literature and art, scientific and historical research and statistical analysis. 

The Access Principle: data subjects have the right to obtain from an organization whether such organization is processing personal data related to them. Data subjects must be able to correct, amend or delete personal information where it is inaccurate or has been processed in violation of the Principles.

The Security Principle: organizations creating, maintaining, using or disseminating personal data must take "reasonable and appropriate" security measures, taking into account the risks involved in the processing and the nature of the data.