It is critical that Harvard Chan School researchers familiarize themselves with University and sponsor policies and requirements related to data security. Basic information and links are provided below. Andy Ross, the Harvard Chan School’s information security officer, is available to answer questions and assist in navigating requirements.
Harvard Research Data Security Policy
- The University rolled out an updated data security policy to support tracking, monitoring, and compliance associated with the data security requirements for research data sets (sensitive information collected as part of research, or obtained or shared under a Data Use Agreement or sponsored award).
- Researchers who work with data that are sensitive or require a Data Use Agreement (DUA), for example, must submit data management plans via the new Data Safety Application for review prior to accessing the data.
- Researchers who access sensitive data or data that are subject to contractual requirements (DUAs) must complete an annual online Data Security Training Course (also available as a CITI module) which provides an overview of processes and procedures in compliance with the updated policy.
- Please find more information regarding the updated research data security policy or contact Andy Ross, the School’s information security officer if you have any questions.
International Data Privacy Regulations
The General Data Protection Regulation (GDPR) is a far-reaching data privacy regulation applicable to the personal data of those located in the European Economic Area (“EEA”). Harvard’s Office of the Vice Provost for Research (OVPR) has developed a guidance document on this regulation’s important implications for research: OVPR GDPR Research Guidance document.
China’s Personal Information Protection Law (PIPL) went into effect in 2021 and is similar to GDPR regulations in many ways with some important distinctions. Learn more about PIPL on Harvard University’s Data Management webpage.