Access Control Systems are systems that manage physical access to Harvard-owned properties, structures, or services.

Permission to access resources in a digital domain (after positive authentication)

Service provided by Harvard that allows applications to check the status of users prior to allowing system access.

Information about a person or an entity that, if disclosed, could reasonably be expected to place the person or the entity at risk of criminal or civil liability, or to be damaging to financial standing, employability, reputation or other interests.

Text approved by Harvard counsel to be appended to Harvard contracts in which the vendor is working with Harvard confidential information. The contract riders specify the protections that must be implemented and the criteria that must be met in order for a vendor to work with Harvard confidential information.

Information that can be used to identify individuals either directly or indirectly must be removed. For information to be de-identified under HIPAA, 18 separate identifiers must be removed from the individual's record before that information can be considered de-identified. Covered entities have the option of stripping fewer identifiers from i [..]

A Research Data Set where all personal identifiers have been removed (and normally replaced by a random identity key) such that no personally identifiable data remains.

The algorithmic transformation of a data set to an unrecognizable form using an encryption key. The original data set or any part thereof can be recovered only with knowledge of a secret decryption key.

Family Educational Rights and Privacy Act; a federal law that requires protecting the privacy of student records.  Learn more about the Family Educational Rights and Privacy Act

FERPA also gives a student the right to block public display of directory information. Schools are required to convey to students the information they classify as directory information, and to allow students and parents a reasonable amount of time to request that the School not disclose directory information about them. This request is referred to [..]