Data Security – Information on Storage and Use of Confidential Data (HRCI)
We would like to bring your attention to how Harvard University classifies different types of confidential data and how they should be stored. Confidential data is defined as “Information about a person or an entity that, if disclosed, could reasonably be expected to place the person or the entity at risk of criminal or civil liability, or to be damaging to financial standing, employability, reputation or other interests.” Harvard University’s Technology Security Office pages also suggest how such data should be handled and stored. In particular it states, “All confidential information must be encrypted when transported across any network.”
Please note that *none* of the general purpose storage offered by Research Computing (RC), unless expressly custom designed and built for a particular purpose, satisfies this criterion. Under no circumstances should any confidential data be stored in RC storage unless there we have made arrangements with your lab to provide appropriate space and have an IRB determination for your data. If you have any confidential data that you need stored, please email email@example.com to schedule an appointment. We will be happy to discuss your particular needs and design a storage solution that is compliant to Federal, State and University regulations.
Data safety is something that should be all of our concern. Faculty, staff and students at Harvard are routinely responsible for data that is governed by various regulations. We ask you to regularly audit the nature of the data you are using and are responsible for and ensure that you are taking the right steps to protect yourself and others from harm. If you have any questions about interpreting the University, State or Federal regulations and how that applies to your data please contact us at firstname.lastname@example.org.