Barring a higher level of confidentiality, you may transmit Confidential Information (Levels 2 and 3) via email provided that you exercise a high level of care to ensure that the message reaches only your intended recipients. If you do so, it is strongly recommended that it be sent only to Harvard-affiliated email addresses (i.e. do not forward to personal Gmail accounts).
Level 2 or 3 Confidential Information must be protected on your computer. Disk or file encryption are examples of suitable protection. Your personal device must be configured to restrict access to the person who uses the device. Smart phones and tablets must be configured to require a PIN or password for access, and must be set to automatically wipe their storage after 10 bad PIN or password guesses.
Reminder: Level 4 high risk confidential information must never be stored on your computer or storage device.
Yes. This information is considered high risk and is very carefully managed. Access to this information must be controlled and reviewed periodically. If you need to gather High Risk Confidential Information from sources within the University, from non-University sources, or from the individuals themselves or provide such information to a vendor, you must obtain permission to do so from the School or University CIO. HUIT Security or your school security officers will work with you to develop a plan to provide sufficient protection for the Level 4 data.