Protecting Data at HBS

Data Classification Levels ("DCL")

To ensure a common understanding, Harvard uses a 5-step scale for data sensitivity. The higher the number, the more sensitive the data is, and the stronger protections you need to take when accessing and storing it. Not following these steps could be seen as negligence in the eyes of not only our customers, but in the view of numerous regulations and laws.

Harvard's Classification follow this progression:

  • DSL 1: Publicly available and unrestricted data

  • DSL 2: Business Sensitive or Unpublished data

  • DSL 3: Confidential Information

  • DSL 4: High Risk Confidential Information

  • DSL 5: Information which could be life threatening.

Data Classification Examples

Harvard maintains two pages for Data Classification documents with examples of how to consider your data.

Where can you store data?

Once you have determined the DCL of the data, you can determine where it is appropriate to store that data.

Level 1 Only

  • Personal Email Accounts

  • Personal Slack or Discord accounts

  • Personal Dropbox, Google, OneDrive or other cloud accounts

Up to Level 2

Up to Level 3.

Up to Level 4