7.10 Privacy of Information
Information stored on a computer system or sent electronically over a network is the property of the person who created it. Examination, collection, or dissemination of that information without authorization from the owner is a violation of the owner’s rights to control his or her own property. Systems administrators, however, may gain access to user’s data or programs when maintaining or preventing damage to systems or ensuring compliance with other University rules is necessary.
Computer systems and networks provide mechanisms for the protection of private information from examination by unauthorized persons. These mechanisms are necessarily imperfect, and any attempt to circumvent them or to gain unauthorized access to private information (including both stored computer files and messages transmitted over a network) will be treated as a violation of privacy and will be cause for disciplinary action.
In general, information that the owner would reasonably regard as private must be treated as private by other users. Examples include the contents of electronic mail boxes, the private file storage areas of individual users, and information stored in other areas that are not public. That measures have not been taken to protect such information does not make inspection of such information by others permissible.
On shared and networked computer systems, certain information about users and their activities is visible to others. Users are cautioned that certain accounting and directory information (for example, user names and electronic mail addresses), certain records of file names and executed commands, and information stored in public areas are not private. Nonetheless, such unsecured information about other users must not be manipulated in ways that the rightful user might reasonably find intrusive; for example, eavesdropping by computer and systematic monitoring of the behavior of others are likely to be considered invasions of privacy that would be cause for disciplinary action. The compilation or redistribution of information from University directories (printed or electronic) to third parties, especially those outside the University, is forbidden. To learn more about policies and procedures regarding information security and privacy at Harvard, please refer to http://www.security.harvard.edu/.
To create and nurture a diverse community of the best people committed to leadership in alleviating human suffering caused by disease