The following discloses our information gathering and disclosure practices for Web applications. This policy is inclusive of, but not limited to the Harvard Wiki Service.

In addition to compliance with the Harvard Enterprise Information Security Policy (HEISP), sites operate under the auspices of privacy policies of individual Harvard schools or administrative units.

Information Gathering

Our web server software generates log files that include the IP addresses of computers that access websites and files running on our servers. Many of our applications also collect the Harvard ID, XID, or other personal identification used for authentication and authorization to view online content.

Logs and other information routinely recorded by our software are retained in secure databases and securely stored in compressed files on our systems. Log files are removed from our systems periodically and securely stored offline.

We also collect information volunteered by visitors to some websites running on our servers, such as survey information and/or event registrations. Information submitted by participants in degree and non-degree courses is also stored.

We may use cookies to maintain a user's identity between web sessions.

Uses of Information

Staff strictly abide by University, school, and departmental guidelines for information security and privacy.

Staff use IP addresses to help diagnose problems with our server and to administer our website. We also use this information to tailor site content to user needs, and to generate aggregate statistical reports. The information we collect is not shared with commercial or other nonprofit organizations.

In compliance with [HEISP|http://www.security.harvard.edu/] and with school-based policies, we may use personally identifiable information to help diagnose problems with our server or our software.

Disclosure of Information

We may provide anonymized reports aggregating access statistics for individual pages to site administrators. These reports do not provide personally identifiable information.

In compliance with the policies of a given individual school or administrative unit, we will provide personally identifiable information regarding student activity on a website in order to resolve issues of student conduct.

Effective Date

This policy is effective January 31, 2008. Changes to this policy will be posted on this site.