Cornell Cashnet Privacy Statement

The privacy and security of your personal information is the foremost consideration of Cashnet, administered by Transact. As part of the Cashnet service, the Office of the Bursar and Cashnet are completely committed to safeguarding your personal information and protecting your privacy.

Cashnet Service uses enrollee information under the following conditions:

• Cashnet uses client personal information only in the delivery and payment of your Bursar account.
• Cashnet keeps all of your profile information private and does not share it with any third parties.

We will not disclose the information you provide unless acting under a good faith belief that such action is necessary to do the following:

• Conform to legal requirements or comply with legal process.
• Protect and defend the rights or property of Cashnet, Cornell University, the Office of the Bursar, or Transact.
• Act to protect the interests of its members or others.

The Office of the Bursar will not send any unsolicited information to you at the email addresses you provide, except as mentioned below:

• To welcome new users.
• To inform users when a new billing statement is available.
• To confirm payments made through Cashnet.
• To inform users of account or payment problems.
• To inform users about changes to the service or their account.

If at any time you believe that Cashnet has not adhered to these principles, please notify us by email, and we will make all reasonable efforts to promptly correct the problem.

Cornell Cashnet Security Statement

Cashnet is to be used only by Cornell University students and their designated proxies to view billing statements and make electronic payments. As noted in University Policy 5.4.1, Security of Information Technology Resources, the following activities are considered violations of this policy and may lead to disciplinary action under standard university rules for misconduct and existing judicial, disciplinary, or personnel processes, or legal prosecution of outsiders:

• Knowingly or intentionally, maintain insecure passwords on IT devices attached to the network (e.g., absence of administrative password, password written and stored in a insecure location, shared passwords, etc.).
• Knowingly or intentionally, attach misconfigured IT devices to the network.
• Knowingly or intentionally, compromise an IT device attached to the network or intentionally use an application or computing system with a known compromise.
• Knowingly or intentionally, (or negligently after receiving notice from an information technology officer or professional), transmit any computer virus or other form of malicious software
• Knowingly or intentionally, access or exploit resources for which you do not have authorization.
• Knowingly or intentionally, perform network or system scans on resources not authorized by the IT Security Director, unit head, unit security liaison, or local support provider.

To protect the privacy and integrity of information, Cashnet users should observe the following precautions:

• Always be sure to log off of your Cashnet account when you are done with Cashnet. Leaving your browser running or just closing your browser could result in someone else viewing or altering your personal information.
• Familiarize yourself with the visual clues displayed on your browser that indicate that you have connected with a secure Web server. A secure server is denoted by an unbroken yellow key or closed lock icon in the lower left corner of the browser. If these clues are missing after you connect to Cashnet, do not enter your User Name and/or Password, and notify the Office of the Bursar immediately.
• Choose a password that is difficult to guess, and do not share your password with anyone. If you have reason to believe someone else is using your account, notify the Office of the Bursar immediately.

If you have any questions about this material, email Cornell's security personnel at security@cornell.edu or call (607) 255-9900.