Revised Research Data Security Policy

July 14, 2020
Image of a doctor in scrubs

Message from OSP

OVPR and HUIT, working with stakeholders, have revised the Harvard Research Data Security Policy (HRDSP), which will be effective as of July 15, 2020. Additional information can be found on the OVPR website (Updated Research Data Security Policy goes live July 15, 2020), as well as the Research Administration and Compliance Systems website (RACS - Data Safety). Please don’t hesitate to reach out to Rachel Talentino with any questions


Updated Research Data Security Policy Guidance

Message from OVPR & HUIT

OVPR and HUIT are excited to announce that starting May 15th 2020, the University will be implementing a partial rollout of the updated Research Data Security Policy Guidance.

What do we mean by partial? Only certain requirements from the updated HRDSP Guidance will be effective in May, specifically:

  • As part of their reviews, IRBs will begin assigning non-Sensitive/Sensitive determinations, as opposed to a specific Data Security Level (DSL). The content of the IRBs’ reviews will not change, just the specificity of their determinations. More info on CUHS here, more info on Longwood here.
  • Related to the IRBs’ switch to a binary determination, information & school security officers (ISOs) will work with researchers to determine the applicable DSL. Researchers will submit a request for security review in the new Data Safety Application, and the request will automatically be routed to the cognizant ISO. 
  • All projects deemed “Sensitive” by the IRBs, and all research data that, based on HUIT guidance, appears to be DSL 3, 4 or 5, will be required to be submitted in the Safety Application for ISO review.
  • Similarly, all data that is subject to a DUA will be required to be submitted in the Safety Application for ISO review (in addition to submitting a request in the Agreements-DUA Application).

Research Administration and Compliance Systems has done an amazing job developing a Summary of these reviews, and their website provides helpful guidance on using each of the Applications: Data SafetyESTR-IRB and Agreements-DUAs!

Please note: the entirety of the updated HRDSP will go live July 15, 2020.

Please direct your questions to Rachel Talentino in OVPR.  More guidance will be developed in the upcoming months, so stay tuned and stay healthy!