What types of data are appropriate for my enterprise Box account?
Important: Box at IU is designed as a flexible storage service and collaboration tool, but is not acceptable for any institutional data classified as "restricted" (e.g., birthdate, ethnicity, marital status, benefits enrollment, grades) or "critical" (e.g., SSN or driver's license number, banking/student loan information, password/PIN, credit card number). Some types of education records are protected by privacy law; for examples of what is appropriate with education record data, see the possible use cases outlined in What kinds of tasks can I accomplish with my enterprise Box account?
The service is appropriate for personal files and institutional information classified as public or university-internal. For a more complete list, see Classifications of Institutional Data. Also, see What is sensitive data, and how is it protected by law?
You shouldn't use your enterprise Box account to collect, process, or store data covered by laws that protect privacy or require security measures. Individuals who use enterprise Box accounts for university work are responsible for ensuring that sensitive information is not placed or stored in unapproved or inappropriate locations.
If you have sample cases that propose the use of Box for institutional data classified at higher levels, email the Committee of Data Stewards for consideration.
For possible use cases involving the types of data that could be used in Box, see What kinds of tasks can I accomplish with my enterprise Box account?
Important: Before you begin using your enterprise Box account, be sure to revise your settings according to How do I securely set up my enterprise Box account?
The enterprise Box support content available here is a result of a collaborative effort by the Internet2 early adopter institutions.
Last modified on April 11, 2013.
