shield Harvard University
Harvard Shield
About                                
Enterprise Security Policy
Information Security & Privacy
Human Subjects
For Students
For Employees
IT Related Rules
Resources
Personnel Manual
For Registrars
Harvard Confidential Info
Working with Vendors
Accepting Credit Cards
Federal and Regulatory
Glossary of Terms
FAQ's       
Reporting Security Incidents
Reporting Violations
Privacy Policy
Security Presentations
Search the Site
For Employees :: Resources
 
 
  • Web Privacy Statements
  • Contract Riders
  • Confidentiality Agreement
  • Requesting High Risk Information - Process
  • Requesting High Risk Information - Form
  • Advisories

    • Web Privacy Statements

    Policy

    All Harvard sponsored or Harvard run web sites must have a link to a privacy statement on at least the first page of the site. The privacy statement must also appear on the entry page of any group of pages under different management.  The link must be in a visible location (normally centered on the bottom line), in a font not smaller than that used elsewhere on the web page. The site must adhere to the privacy policy that is posted.

    All privacy statements must at least:

    1. Identify the categories of personal information collected (if any)

    2. The categories of third parties with whom you may share such information (if any)

    3. Describe how a consumer can review and request changes to any of his or her personal information if there is a process to do so

    4. Describe how consumers will be notified of material changes to the privacy policy

    5. Identify the effective date of the privacy policy

    The following are examples of privacy statements for different situations. Harvard web sites should use one of these or, if none of them cover the specifics of a particular web site, can create their own. Any privacy statement developed for such a specific purpose must be reviewed by the Office of the General Counsel.

    Examples of Privacy Statements

    • Privacy statement for use where no information is collected. See sample here.
    • Privacy statement for use where IP addresses are logged and analyzed for statistical purposes. See sample here.
    • Privacy statement for use where the web site maintains an identity for the visitor to provide continuity of identification between sessions. See sample here.
    • Privacy statements for web sites which do not match the above, including any sites which transact business, must be developed individually with the help of OGC.

    Instructions for using the Confidentiality Agreement
    Harvard employees who have access to Harvard confidential data are obliged to sign a Confidentiality Agreement upon being hired, and annually thereafter. The hiring manager will download and complete the form, describing the anticipated work involving confidential data. The hiring manager will then have the employee sign. The finalized, signed document is kept in the employee's personnel file.



     
 
 
Advisory on use and protection of HUID
New summary of security breaches at educational institutions
  >> See all  
Printer Friendly Page
 Trademark Notice|Privacy Policy | © 2008 President and Fellows of Harvard College  
Supported by WDS