Computing Services Privacy Policy

HMDC/IQSS IT support treats user data as private, but recognizes the need to access data or programs when necessary to maintain systems, consistent with the FAS Computer Rules and Responsibilities, section I, Privacy of Information[1]:

    "Information stored on a computer system or sent electronically over a network is the property of the individual who created it. Examination, collection, or dissemination of that information without authorization from the owner is a violation of the owner's rights to control his or her own property. Systems administrators, however, may gain access to users data or programs when it is necessary to maintain or prevent damage to systems or to ensure compliance with other University rules. "

Further, consistent with section II, HMDC/IQSS IT system activity is logged automatically:

    "Users understand that timesharing and network-based system activity is automatically logged on a continuous basis. These logs do not include private user text, mail contents, or personal data, but do include a record of user processes that may be examined by authorized system administrators."

and

    "The staff of FAS IT consider user accounts to be the private property of individuals who have opened them, and as a result will never ask users to reveal their passwords. However, users who request assistance from FAS IT give the staff implicit permission to view specific data in their accounts that is necessary to investigate, diagnose, or correct the problem."

Similarly, IQSS/HMDC users give HMDC/IQSS IT staff implicit permission to view specific data in their accounts that is necessary to investigate, diagnose or correct a current problem.

HMDC/IQSS IT staff will use minimally invasive means necessary to diagnose and correct reported problems. For example:

    HMDC/IQSS IT staff will never ask users for their passwords.
    HMDC/IQSS IT staff will not use user credentials to access non HMDC/IQSS accounts or files, unless specifically requested by the user in writing.
    HMDC/IQSS IT staff will use pattern matching tools (for example, grep) rather than viewing the content of files that potentially are personal or confidential, wherever feasible; and only when necessary to diagnose or correct reported problems.
    HMDC/IQSS IT staff will never view the content of files identified as HRCI unless authorized explicitly in writing by the FAS Director of Security, and/or IRB-authorized faculty.

[1] Available at https://policy.security.harvard.edu/policies