Protecting Data at HBS
Data Classification Levels ("DCL")
To ensure a common understanding, Harvard uses a 5-step scale for data sensitivity. The higher the number, the more sensitive the data is, and the stronger protections you need to take when accessing and storing it. Not following these steps could be seen as negligence in the eyes of not only our customers, but in the view of numerous regulations and laws.
Harvard's Classification follow this progression:
DSL 1: Publicly available and unrestricted data
DSL 2: Business Sensitive or Unpublished data
DSL 3: Confidential Information
DSL 4: High Risk Confidential Information
DSL 5: Information which could be life threatening.
Data Classification Examples
Harvard maintains two pages for Data Classification documents with examples of how to consider your data.
Where can you store data?
Once you have determined the DCL of the data, you can determine where it is appropriate to store that data.
Level 1 Only
Personal Email Accounts
Personal Slack or Discord accounts
Personal Dropbox, Google, OneDrive or other cloud accounts
Up to Level 2
Up to Level 3.
HBS Zoom: follow required privacy settings, no L4 recordings
Harvard Dropbox or Harvard Google accounts
Available to HBS Researchers. Contact HUIT at ithelp@harvard.edu for more information.
Up to Level 4
Special SharePoint Sites suitable for Level 4 data can be requested.