General Guidance

Data Confidentiality and Secure Handling

  • Data Security Levels at Harvard - Research Data Examples
    This resource provided by Harvard Data Security helps you determine what level of access is appropriate for your data. Determine whether it should be made available for public use, limited to the Harvard community, or be protected as either "confidential and sensitive," "high risk," or "extremely sensitive." See also: Harvard Data Classification Table
     
  • Harvard's Best Practices for Protecting Privacy and Harvard Information Security Collaboration Tools Matrix
    Follow the nuts-and-bolts advice for privacy best practices at Harvard. The latter resource reveals the level of security that can be relied upon for a large number of technological tools and platforms used at Harvard to conduct business, such as email, Slack, Accellion Kiteworks, OneDrive/SharePoint, etc.
     
  • Harvard Information Security Quick Reference Guide
    Storage guidelines, based on the data's security classification level (according to its IRB classification) is displayed on page 2, under "handling."
     
  • Email Encryption
    Harvard Microsoft 365 users can now send encrypted messages and files directly from the Outlook web or desktop apps. Encrypting an email adds an extra layer of security to the message and its attachments (up to 150MB), and means only the intended recipient (and their inbox delegates with full access) can view it. Message encryption in Outlook is approved for sending high risk (level 4) data and below.

Data De-Identification

Generative AI

  • Harvard-affiliated researchers should not enter data classified as confidential (Level 2 and above), including non-public research data, into publicly-available generative AI tools, in accordance with the University’s Information Security Policy. Information shared with generative AI tools using default settings is not private and could expose proprietary or sensitive information to unauthorized parties.

Sharing Qualitative Data

  • Repositories for Qualitative Data
    If you have cleared this intention with your IRB, secured consent from participants, and properly de-identified your data, consider sharing your interviews in one of the data repositories included in the link above. Depending on the nature of your research and the level of risk it may present to participants, sharing your interview data may not be appropriate. If there is any chance that sharing such data will be desirable, you will be much better off if you build this expectation into your plans from the beginning.
     
  • Guide for Sharing Qualitative Data at ICPSR
    The Inter-university Consortium for Political and Social Research (ICPSR) has created this resource for investigators planning to share qualitative data at ICPSR. This guide provides an overview of elements and considerations for archiving qualitative data, identifies steps for investigators to follow during the research life cycle to ensure that others can share and reuse qualitative data, and provides information about exemplars of qualitative data.
     
  • NIH Data Management & Sharing Policy (DMSP)
    This policy, effective January 25, 2023, applies to all research, funded or conducted in whole or in part by NIH, that results in the generation of scientific data, including NIH-funded qualitative research. Click here to see some examples of how the DMSP policy has been applied in qualitative research studies featured in the 2021 Qualitative Data Management Plan (DMP) Competition. As a resource for the community, NIH has developed a resource for developing informed consent language in research studies where data and/or biospecimens will be stored and shared for future use. It is important to note that the DMS Policy does NOT require that informed consent obtained from research participants must allow for broad sharing and the future use of data (either with or without identifiable private information). See the FAQ for more information.

International Projects

  • Research Compliance Program for FAS/SEAS at Harvard
    The Faculty of Arts and Sciences (FAS), including the School of Engineering and Applied Sciences (SEAS), and the Office of the Vice Provost for Research (OVPR) have established a shared Research Compliance Program (RCP). An area of common concern for interview studies is international projects and collaboration. RCP is a resource to provide guidance on which international activities may be impacted by US sanctions on countries, individuals, or entities and whether licenses or other disclosure are required to ship or otherwise share items, technology, or data with foreign collaborators.