FAQ

What happens to my LastPass account if I leave Harvard?

You get to keep your Personal Premium LastPass Account! This is why we made you use your personal email address when signing up. Once your yearly subscription with Harvard is up, you'll either have to pay the yearly premium fee or use the free version. Either way, you get to keep all the passwords stored in your personal premium LastPass account. 

If I observe copyrighted material being shared or reproduced in violation of copyright, who should I notify ?

Harvard has a designated Digital Copyright agent who may be notified by email to dmca@harvard.edu. Details of what the report should include may be found at http://www.harvard.edu/reporting-copyright-infringements.  Find out more about the Digital Millennium Copyright Act at www.dmca.harvard.edu.

Read more about If I observe copyrighted material being shared or reproduced in violation of copyright, who should I notify ?

If I suspect or observe a security breach, who should I notify first?

Both the Chief Information Security Officer (Christian Hamer) and the Office of General Counsel must be notified. If you discover or are dealing with a data security breach, contact the Office of the General Counsel by calling 617-495-1280 or by emailing scott_fields@harvard.edu. The OGC will help coordinate the response to the breach.

Inform the local School Security Officer or CIO according to applicable protocol.

Read more about If I suspect or observe a security breach, who should I notify first?

What is the best way to create a strong password?

Passwords must be created to comply with the University’s information security policy. This means a minimum of 8 characters with at least one non-alphabetic character. Passwords should not be individual dictionary words, common names, or sequences of numbers. "F4&yh10!" is an example of an acceptable password.

A longer password is a stronger password. Consider creating a password comprised of several unrelated words with numbers and special characters interspersed. This is often referred to as a pass

Read more about What is the best way to create a strong password?

What are the important laws and regulations that govern my use of Harvard Confidential Information?

A few of the laws that are important to know about are those that govern student information, personally identifiable information (Harvard refers to this as High Risk Confidential Information) and medical record information. Harvard Office of the General Counsel (OGC) may be consulted about compliance with the laws and regulations that are relevant to the Harvard community.

Family Education Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act is a federal law governing the maintenance and disclosure of records maintained by schools

Read more about What are the important laws and regulations that govern my use of Harvard Confidential Information?

May I send Confidential Information in unencrypted email?

Level 1 and 2 information may be sent via email.

Level 3 information should not be directly emailed. Instead, store the information in a Harvard-contracted file storage service, limit the permissions to only intended recipients, and share the link via email. Public or so-called anonymous links should not be used. Examples of Harvard-contracted file storage services include g.Harvard apps and Office 365.

Level 4 information may be sent via Accellion. Please confirm that recipients understand and are ready to appropriately

Read more about May I send Confidential Information in unencrypted email?

What are the rules for storing Confidential Information on my computer?

Level 2 or 3 Confidential Information must be protected on your computer. Disk or file encryption are examples of suitable protection. Your personal device must be configured to restrict access to the person who uses the device. Smart phones and tablets must be configured to require a PIN or password for access, and must be set to automatically wipe their storage after 10 bad PIN or password guesses.

 

Reminder: Level 4 high risk confidential information must never be stored on your computer or storage device.

Read more about What are the rules for storing Confidential Information on my computer?

Do I need permission to work with High Risk Confidential Information?

Yes. This information is considered high risk and is very carefully managed. Access to this information must be controlled and reviewed periodically. If you need to gather High Risk Confidential Information from sources within the University, from non-University sources, or from the individuals themselves or provide such information to a vendor, you must obtain permission to do so from the School or University CIO. HUIT Security or your school security officers will work with you to develop a plan to provide sufficient protection for the Level 4 data.