Reporting Security Incidents and Exposure of Confidential Information

In cases where High Risk Confidential Information (HRCI) such as SSNs or Level 4 or Level 5 Research Information may be exposed to or accessed by unauthorized persons, or a laptop with High Risk Confidential Information is lost or stolen, report the breach immediately by following these steps:

  1. Contact OGC Legal Services Officer Ranna Farzan at 617-496-3006. OGC main number is 617-495-1280.
  2. Contact University Chief Information Security Officer Christian Hamer
  3. Notify the CIO and Security Officer of the School according to local contact information.

In cases where Confidential Information (CI) such as Harvard University ID numbers or Level 2 or 3 Research Information may be exposed to or accessed by unauthorized persons, or a laptop with confidential information is lost or stolen, report the breach immediately by following these steps:

  1. Notify the School CIO and Security Officer according to local contact information.
  2. Contact OGC Legal Services Officer Ranna Farzan at 617-495-4778. OGC main number is 617-495-1280.

In case of a potential network security breach, the School network administrator should be notified. If the local network security administrator is not known or is not available, the HUIT Information Security group should be notified. All security matters should be submitted via the University Help Desk at ithelp@harvard.edu.

Upon discovery of a security breach that may jeopardize credit information, the user is required to immediately contact Harvard Cash Management (Cheryl Margey 617-495-5471).

In cases where there is a concern about compliance with the Information Security Policy, please contact your School CIO or Security Officer.  Alternatively, for an independent, confidential conversation, you may contact the University Ombudsman - http://universityombudsman.harvard.edu/.

In addition, the University maintains a whistleblowing policy. The policy is intended to encourage all members of the Harvard community to report suspected violations of law or Harvard policy. The policy provides a mechanism for reporting and investigating suspected violations, including a Compliance Hotline which is available to University affiliated persons wishing to remain anonymous when reporting concerns regarding compliance matters.

The Compliance Hotline is answered by an independent third-party vendor and is a toll-free, 24-hour-a-day resource to report concerns for those who do not feel comfortable speaking with a supervisor or other resource. To report via the Compliance Hotline please call 1-877-694-2ASK (2275) or submit a report online.

See also: Advisories