shield Harvard University
Harvard Shield
About                                
Enterprise Security Policy
Information Security & Privacy
Human Subjects
For Students
For Employees
For Registrars
Harvard Confidential Info
Working with Vendors
Accepting Credit Cards
Authorization
Data Protection
Compliance Certification
Transaction Monitoring
Disclosing Breaches
Local Policies
Federal and Regulatory
Glossary of Terms
FAQ's       
Reporting Security Incidents
Reporting Violations
Privacy Policy
Security Presentations
Search the Site
Accepting Credit Cards :: Disclosing Potential Breaches
 
 
  • In 2003, a California State Law went into effect that requires disclosure from companies in the event of unauthorized access of non-public customer information. The law applies if there are any California residents in your database. The law is triggered by any incident in which customer data is "reasonably believed" to have been compromised. There is an exemption in the law if the data is encrypted.
  • Upon discovery of a security breach that may jeopardize credit information, the user is required to immediately contact Cash Management (Cheryl Margey 617-495-5471 or Michelle Sazo 617-495-1647).  Cash Management will involve a credit card incident response team comprised of representatives of Cash Management, UIS Network Services, RMAS, & OGC. This team will work with your local business and technical people in investigating and remediating the situation. VISA and MasterCard require merchants to have an incident response team to deal with potential breaches of credit card data. Cash management will be responsible for notifying our acquiring bank of any breaches. Local units will be responsible for any fines or penalties resulting from breaches of their data.

 		 
 
Universities adopt serious protections after high risk laptops are stolen
Advisory on use and protection of HUID
  >> See all  
Printer Friendly Page
 Trademark Notice|Privacy Policy | © 2008 President and Fellows of Harvard College  
Supported by WDS