When using O2, all cluster users must adhere to Harvard security policies, such as the Information Security Policy and the Harvard Research Data Security Policy. In practice, the scope of these policies are wide-ranging. They govern the type of data that can be uploaded to the cluster, as well as the general account security measures that need to be followed. Please read the example cases below for further insight on how the Harvard Information Security and Research Data these security policies apply to using the O2 cluster.
...
Harvard Data Security Levels
Before we can discuss what type of data can be stored on O2, we must first briefly discuss the Harvard Data Security Levels. Harvard Information Security Policy defines 5 levels of data security. Level 1 includes data that is deemed public information, whereas Levels 2-5 have data that is considered "confidential information." The higher the data level, the more likely harm would be caused to individuals or the University if the data were divulged. Each security level has defined requirements for keeping information safe and protected. See here for the full Information Security Policy.
What type of data can I store on O2?
O2 can be used for storing and analyzing data that is Harvard Security Level 3 or below. The O2 cluster is not HIPAA compliant, and . It cannot be used for storing personally identifiable genetic information or personally identifiable healthcare information. Using ; these are both are considered Harvard Data Security Level 4. All data processed on O2 must be de-identified data on O2 is permitted.
How can I de-identify data?
...