What happens to my LastPass account if I leave Harvard?

You get to keep your Personal Premium LastPass Account! This is why we made you use your personal email address when signing up. Once your yearly subscription with Harvard is up, you'll either have to pay the yearly premium fee or use the free version. Either way, you get to keep all the passwords stored in your personal premium LastPass account. 

If I observe copyrighted material being shared or reproduced in violation of copyright, who should I notify ?

Harvard has a designated Digital Copyright agent who may be notified by email to dmca@harvard.edu. Details of what the report should include may be found at http://www.harvard.edu/reporting-copyright-infringements.  Find out more about the Digital Millennium Copyright Act at www.dmca.harvard.edu.

If I suspect or observe a security breach, who should I notify first?

Both the Chief Information Security Officer (Christian Hamer) and the Office of General Counsel must be notified. If you discover or are dealing with a data security breach, contact the Office of the General Counsel by calling 617-495-1280 or by emailing scott_fields@harvard.edu. The OGC will help coordinate the response to the breach.

Inform the local School Security Officer or CIO according to applicable protocol.

What is the best way to create a strong password?

Passwords must be created to comply with the University’s information security policy. This means a minimum of 8 characters with at least one non-alphabetic character. Passwords should not be individual dictionary words, common names, or sequences of numbers. "F4&yh10!" is an example of an acceptable password.

Read more

What are the important laws and regulations that govern my use of Harvard Confidential Information?

A few of the laws that are important to know about are those that govern student information, personally identifiable information (Harvard refers to this as High Risk Confidential Information) and medical record information. Harvard Office of the General Counsel (OGC) may be consulted about compliance with the laws and regulations that are relevant to the Harvard community.

Family Education Rights and Privacy Act (FERPA)

Read more

May I send Confidential Information in unencrypted email?

Barring a higher level of confidentiality, you may transmit Confidential Information (Levels 2 and 3) via email provided that you exercise a high level of care to ensure that the message reaches only your intended recipients.  If you do so, it is strongly recommended that it be sent only to Harvard-affiliated email addresses (i.e. do not forward to personal Gmail accounts).

What are the rules for storing Confidential Information on my computer?

Level 2 or 3 Confidential Information must be protected on your computer. Disk or file encryption are examples of suitable protection. Your personal device must be configured to restrict access to the person who uses the device. Smart phones and tablets must be configured to require a PIN or password for access, and must be set to automatically wipe their storage after 10 bad PIN or password guesses.


Reminder: Level 4 high risk confidential information must never be stored on your computer or storage device.

Do I need permission to work with High Risk Confidential Information?

Yes. This information is considered high risk and is very carefully managed. Access to this information must be controlled and reviewed periodically. If you need to gather High Risk Confidential Information from sources within the University, from non-University sources, or from the individuals themselves or provide such information to a vendor, you must obtain permission to do so from the School or University CIO. HUIT Security or your school security officers will work with you to develop a plan to provide sufficient protection for the Level 4 data.