Cornell provides annual training exercises for Ithaca-based campus employees with access to sensitive data. These reminders are part of our commitment to protecting institutional and personal information.


The following training modules are assigned via our CULearn system:

  • Payment Cards Industry (PCI) training
  • Health Insurance Portability and Accountability Act (HIPAA)


Any questions pertaining to PCI should be directed to HIPAA questions can be directed to



The following data protection compliance training modules are planned for development:

  • GDPR awareness for overseas operations
  • Effective transparency and privacy notices under the GDPR
  • Data classification and special categories of personal data
  • Documenting legitimate interest under the GDPR
  • Managing consent under the GDPR
  • Reporting data privacy concerns or incidents
  • Vendors, contracts, and data protection requirements