Personal Information Protection Law of the People’s Republic of China

October 25, 2021

On November 1, 2021, China’s Personal Information Protection Law (PIPL) will go into effect. Stanford University’s DigiChina website has published a translation, here. The PIPL is similar to the General Data Protection Regulation (GDPR) in many ways, however there are some important distinctions (IAPP gives a good overview, here).

As is the case with identified or identifiable data pertaining to individuals in the European Economic Area or United Kingdom (“Personal Data” under GDPR), Personal Information under PIPL is considered Sensitive research data, and must be treated accordingly per the Research Data Security Policy and Enterprise Information Security Policy.... Read more about Personal Information Protection Law of the People’s Republic of China

GDPR Research Guidance

August 18, 2021

International projects and collaborations are an instrumental part of Harvard's research community. Certain activities, such as working with Personal Data per the General Data Protection Regulation (GDPR), require researchers and administrators to be aware of applicable restrictions and considerations. To help clarify some of GDPR's relevant requirements, the Office of the Vice Provost of Research, with input from other stakeholders, has developed ...

Read more about GDPR Research Guidance

Updated Research Data Security Policy goes live July 15, 2020

July 13, 2020

OVPR and HUIT, working with stakeholders, have revised the Harvard Research Data Security Policy (HRDSP), which will be effective as of July 15, 2020. The updated HRDSP better reflects current roles and practices, and importantly, requires use of the existing applications (e.g. ESTR-IRB, Agreements-DUA, and Data Safety and Security) to provide easier access to relevant information and reviews.... Read more about Updated Research Data Security Policy goes live July 15, 2020

New Research Data Safety Application

December 5, 2019

December 5 is the soft launch of the new Data Safety Application!

The research administration and compliance team has been working with the Office of the Vice Provost of Research and Harvard University Information Technology to develop a Data Safety and Security system to support the review and implementation of research data management plans. The soft launch of the Data Safety Application on December 5 will provide a period where School Security Officers can use the system to complete reviews and work with research teams to gather feedback. Based on this period of feedback, HUIT and OVPR will continue to refine system functionality and make improvements to the security review process.... Read more about New Research Data Safety Application


Data Security Review Pilot Beginning June 1, 2019

May 13, 2019

Harvard's Research Data Security Policy requires all research that receives a data security level (DSL) assignment of 3, 4, or 5 be reviewed by a School Security Officer (SSO). Historically, DSL 3 has been reviewed within a one-year time frame, while SSO review of DSL 4 and DSL 5 has been required prior to IRB approval. With the recent changes to the federal regulations governing human subject protections, many studies that received a DSL 3 used the continuing review timepoint as a “due date” for the DSL 3 review. As continuing review is no longer a requirement for many studies, a working group has been thinking about ways to revisit this practice.

Starting June 1, 2019, and lasting through the summer, a pilot of a revised SSO-practice will take place. Studies that receive a DSL 3 will follow the review practice of DSL 4 and DSL 5 – SSO review will be required before IRB approval.
... Read more about Data Security Review Pilot Beginning June 1, 2019