Securing and protecting IT resources and sensitive data at CHA is a shared responsibility. Laws and CHA policies help define this responsibility, which applies to CHA owned and managed computers, as well as to personally owned devices used to access sensitive CHA data.
The following guidelines include links to resources that are designed to help you meet your responsibility of protecting sensitive data.
Don't request access unless you truly need it.
Remove access when no longer appropriate.
Comply with laws, policies, and regulations when handling specific types of data.
Follow Information Security Risk Management guidelines to help protect sensitive data.
Take extra care when traveling.
Take extra care when working from home or away from campus.
If you use personal devices with sensitive data, you will have extra responsibilities.
Never use personal accounts to maintain or share the CHA's sensitive data.
Use cloud services responsibly
Learn where specific types of data can be safely stored.
If you are working with HIPAA data, ITS offers some HIPAA-aligned services.
If you use DropBox for Research, learn how to use it securely.
Follow device security rules.
Securely dispose of media that has ever held, stored, or transmitted sensitive data.
Don't wait to gather evidence or resolve it yourself; report immediately if you suspect a breach.
Chief Privacy Officer
Ann D'Arcy-James
617-665-1227
Chief Compliance Officer
Glover Taylor
617-806-8701
Chief Information Security Officer
Arthur F. Ream III
617-591-3400
Associate General Counsel
Andrea Synnott
617-591-4426
You are responsible for complying with the policies and standards below. The information on this page help you meet that responsibility.