Introduction

All users of confidential information must adhere to state and federal regulatory statutes as well as Harvard policies pertaining to confidential information.

In 2007 the Commonwealth of Massachusetts passed a law mandating the protection of what Harvard calls high-risk confidential information. This law imposes specific requirements for the proper destruction of electronic and paper records containing high-risk confidential information (See Section 9.1: Disposition and Destruction of Records.) and the reporting of improper access to or use of records containing such information. (See Section 9.2: Reporting Security Breaches.) The majority of the other states have similar laws.