Main Content

Keeping Your Data Safe Abroad

Young businesswoman uses laptop early in the morning at the airport

SDI Productions/E+ via Getty Images

International travel exposes your device to risks that take many different forms. The good news is that vigilance and a few simple steps can protect you, your device, and your information.

Protect Your Data and Devices

How you communicate and use your devices matters. Harvard University Information Technology (HUIT) can fill you in on the simple things you can do before you leave and while you’re away to protect your devices and data.

Country-Specific Considerations

In addition to HUIT's advice, be mindful of your destination’s IT laws and practices, including the legality of Virtual Private Networks (VPNs) and device encryption.

It’s common for some governments to monitor and store internet activity or copy data from your device without your consent. Assume that you don’t have any online privacy in cafes, hotels, and other public places or when passing through airport security and land border checkpoints—where some government authorities may even request access to your devices and accounts. Also keep in mind that many countries regularly monitor phone networks.

The International SOS country guides (requires HarvardKey login) and Freedom on the Net country reports are helpful resources to learn about your destination.

High Cyber Risk Locations

There are additional measures you’ll need to plan for if you’re conducting research in a high cyber risk location, where there’s an increased risk of data and identity theft. Faculty, staff, and researchers on University-related trips to China, Iran, North Korea, and Russia may borrow a device from HUIT.

Protocols for Research Data, Samples, and Equipment

Country-specific laws and Harvard policy provide specific guidance and requirements for protecting identifiable research information.

If you’re conducting research with human subjects abroad—whether it’s medical or biological research, surveys, interviews, or records review—you’ll need prior approval from your School's Institutional Review Board. You also might need approval from a foreign IRB—your School’s IRB can advise you on that.

And if you're transporting research data or things like biological samples and scientific equipment across borders, review the export control policies and procedures. You can also check with your School’s export control administrator to make sure you have the proper export and import licenses to do so.

OFAC-Sanctioned Locations

If you’re traveling in Cuba, Iran, North Korea, Sudan, Syria, or certain regions of Ukraine, you won’t be able to access or communicate via University-provided technology resources that require your HarvardKey (such as VPN, Microsoft 365 Outlook or OneDrive, Zoom, Canvas, and my.harvard). Duo—the third-party tool that Harvard uses for 2-step verification—blocks authentications from countries and regions that are subject to the US Office of Foreign Assets Control’s (OFAC) economic and trade sanctions.


Request a consultation with HUIT's Information Security & Data Privacy team.

Request a PrivSec Consultation