Frequently Asked Questions

What about CI on USB drives, CDs, etc?

Only when there is a business reason to do so, non-HRCI confidential info may be kept on USB drives, CDs or external hard drives only if those devices are encrypted. In these cases, please contact IT Security (ithelp@harvard.edu) to request an IronKey secure flash drive, which will be provided at no cost.

Okay, but if I really do have to keep some CI on my desktop computer to get my work done?

CI may be kept on desktop computer if it is properly configured. It must have a timeout password controlling access to the desktop, the operating system must be updated regularly, have updated anti-virus software, have its firewall active and kept in a secured room, etc. In other words, all common-sense steps must be taken so that the computer may be used to work with CI to securely complete a specific business related task. If you still need the data once the task is completed, the data must be moved to a secure FAS file server, such as \\fas-depts (commonly known in the Economics...

Read more about Okay, but if I really do have to keep some CI on my desktop computer to get my work done?

What about other student info?

Student info (such as grades, reference letters, transcripts, personal statements, class work) must be treated as CI. As a general rule, it is best for faculty and staff to treat all student data as CI, unless there are specific reasons not to.

What about student contact (catalog) info?

Some students are identified as having a Family Educational Rights and Privacy Act (FERPA) “block,” which means ALL information relating to them (including contact info) may be kept only on a secure server and not on a desktop computer. Since you may not always know which students have FERPA blocks, the best practice would be to not to keep any student contact info on a desktop or laptop computer.

May I keep student info on my desktop computer?

The recommended location for all CI is a secure Harvard file server, such as the network location commonly known in our department as the H: drive. Confidential student information such as grades or reference letters must not be kept on a desktop or even an encrypted laptop unless there are specific business reasons for doing so and the personal computer is configured appropriately. Once the business task is completed, the data should be removed to a secure Harvard server and the files overwritten using an approved secure-erase program. For more details,...

Read more about May I keep student info on my desktop computer?

How do I securely discard or reassign my old Harvard computer?

Before transferring or disposing of a Harvard-owned computer, the hard disk must be securely "wiped.” Deleting or reformatting the HD is not sufficient. To have this done, please call 5-9000. Harvard computers cannot be transferred outside of Harvard unless approved by Peter Brown and unless the operating system has been removed.