Final changes to Harvard Research Data Security Policy – Effective July 15th

ORARC, together with the OVPR and HUIT, will implement the fully revised Harvard Research Data Security Policy (HRDSP) starting July 15, 2020.

ORARC began a partial roll-out of the revised HRDSP on May 15, 2020, which was limited to the following:

  • As part of their reviews, the IRB will assign Non-Sensitive/Sensitive determinations, which will replace the numeric Data Security Level (DSL) 1-5.  The content of the IRBs’ review will not change, just the nomenclature of their determinations.

As of July 15, 2020 the entirety of the updated HRDSP will go live. The full policy can be found here.

What else do researchers need to know about data security review?

    • All projects given a “Sensitive” DSL by the IRB will require School-specific Information Security Officer (ISO) review and approval before final IRB approval or determination is issued.
    • The IRB will inform the researchers what the DSL is for their project. For “Sensitive” determinations, researchers must submit a request for security review in the Data Safety Application. The request will automatically be routed to their School-specific ISO.
    • Once the researcher has created a record in the Data Safety Application, they should link that record to the ESTR record via the Manage Related Projects activity.
    • As always, ISOs will work with researchers to support the review and implementation of research data management plans according to the specific DSL.
    • To learn more, about the IRB and Data Security Review processes, visit the following Harvard resources: HLC IRB Data Confidentiality guidanceOffice of the Vice Provost for Research, & Research Data Management