What types of data are appropriate for my enterprise Box account?
Box at Indiana University is a flexible storage service and collaboration tool that is appropriate for use with personal files, and for work involving institutional data classified as Public, University-internal, or Restricted.
For examples of possible use cases involving education record data, see What kinds of tasks can I accomplish with my enterprise Box account?
You may not use your enterprise Box account to collect, process, or store data covered by laws that protect privacy or require security measures. Box is not appropriate for storing or sharing institutional data classified as Critical, such as Social Security and driver's license numbers, banking and student loan information, passwords and passphrases, PINs and credit card numbers, and electronic protected health information (ePHI) regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Individuals who use enterprise Box accounts for university work are responsible for ensuring that sensitive institutional data are not placed or stored in unapproved or inappropriate locations. If you have sample cases that propose the use of Box for institutional data classified at higher levels, email the IU Committee of Data Stewards for consideration.
The IU Committee of Data Stewards and the University Information Policy Office (UIPO) set official classification levels and data management standards for institutional data in accordance with the university's Management of Institutional Data (DM-01) policy. If you have questions about the classifications of institutional data, contact the appropriate Data Steward. To determine the most sensitive classification of institutional data you can store on any given UITS service, see the "Choosing an appropriate storage solution" section of At IU, which dedicated file storage services and IT services with storage components are appropriate for sensitive institutional data, including research data containing protected health information?
For information about working with sensitive institutional data (including research-related ePHI) at IU, see:
- At IU, which dedicated file storage services and IT services with storage components are appropriate for sensitive institutional data, including research data containing protected health information?
- When using UITS HIPAA-capable systems at IU, what safeguards must I implement to comply with rules that protect the privacy and security of electronic protected health information?
- Protecting red-hot data: A guide to safe handling of critical information
Important: Before you begin using your enterprise Box account, be sure to revise your settings according to How do I securely set up my enterprise Box account?
This is document bbvn in the Knowledge Base.
Last modified on 2014-11-24.
- Fill out this form to submit your issue to the UITS Support Center.
- Please note that you must be affiliated with Indiana University to receive support.
- All fields are required.