Report a Data Privacy Incident

Anyone handling information relating to Cornell business is responsible for reporting instances where this information:

  • may be shared with or disclosed to unauthorized users;
  • is stored on a lost/stolen device,
  • is stored on a device infected with malicious software,
  • or is modified, deleted, or exposed in other ways that might harm the privacy of an individual.


Where can I learn more?

There are many resources at Cornell to help you better understand your role and responsibilities for privacy and data protection. Please feel free to engage or consult the following resources for more information:




University Policy: 5.4.2
Reporting Electronic Security Incidents
Consult this document to find up-to-date information on roles, responsibilities, and contact information for reporting data privacy and security incidents.
Your supervisor Provides unit, department, program, or event-specific guidance on data privacy incident response procedures that are above and beyond standard university policy.
IT Service Desk (607) 255-5500
Your general IT and support source on campus. Key for students and many departments and programs across campus.
IT Security Liaison Acts as a local incident manager for key academic and administrative units across campus. See this list of IT Security Liaisons.
IT Security Office (607) 255-6664
Functions as the formal intake resource for all suspected or actual data privacy and security incidents.
Privacy Officer (607) 255-4096
Offers guidance on any privacy-related questions or concerns.
Cornell University Police (607) 255-1111
Your first stop to report any lost/ stolen personal or Cornell-owned devices.

in instances where your personal information is stored on lost/stolen devices, a police report can help you with the necessary documentation for applying for identity theft protection programs.