In cases where High Risk Confidential Information (HRCI) such as SSNs or Level 4 or Level 5 Research Information may be exposed to or accessed by unauthorized persons, or a laptop with High Risk Confidential Information is lost or stolen, report the breach immediately by following these steps:

1. Call Office of General Counsel – Scott Fields 617-496-3006. OGC main number is 617-495-1280.
2. Email University Chief Information Security Officer Christian Hamer christian_hamer@harvard.edu [1]
3. Call Office of the University CIO 617-495-9092
4. Notify the CIO and Security Officer of the School according to local contact information. See http://www.security.harvard.edu/resources/school_security_officers [2]

In cases where Confidential Information (CI) such as Harvard University ID numbers or Level 2 or 3 Research Information may be exposed to or accessed by unauthorized persons, or a laptop with confidential information is lost or stolen, report the breach immediately.

1. Notify the CIO and Security Officer of the School according to local contact information. See http://www.security.harvard.edu/resources/school_security_officers [2]
2. Call Office of General Counsel – Scott Fields 617-496-3006. OGC main number is 617-495-1280.

In case of a potential network security breach, the School network administrator should be notified. If the local network security administrator is not known or is not available, the HUIT Information Security group should be notified in cases of potential security breach. All security matters should be submitted via the Support Services Help Desk at ithelp@harvard.edu [3].

In cases where a laptop is lost and there is no confidential information, review best practice for reporting loss. www.security.harvard.edu/resources/best-practices [4]

Upon discovery of a security breach that may jeopardize credit information, the user is required to immediately contact Harvard Cash Management (Cheryl Margey 617-495-5471).

In cases where there is a concern about compliance with the Enterprise Security Policy, please contact your Central Administration IT manager or School CIO. For an independent, confidential conversation, you may contact the University Ombudsman - http://www.universityombudsman.harvard.edu/ [5].

In addition, the University maintains a Whistleblowing Policy [6].  The policy is intended to encourage all members of the Harvard community to report suspected violations of law or Harvard policy.  The policy provides a mechanism for reporting and investigating suspected violations, including a Compliance Hotline which is available to University affiliated persons wishing to remain anonymous when reporting concerns regarding compliance matters.

The Compliance Hotline is answered by an independent third-party vendor and is a toll-free, 24-hour-a-day resource to report concerns for those who do not feel comfortable speaking with a supervisor or other resource. To report via the Compliance Hotline please call 1-877-694-2ASK (2275) or submit a report online [7].