Box: Working with Sensitive Data

Overview

Review Box: Security Leadership in the Cloud to learn about the steps Box takes to ensure the security of our data. Check the Sensitive Data Guide to confirm that your files can be safely stored in Box.

Minimum Expectations

You are responsible for the data you store and share. Sensitive regulated data—such as protected health information (PHI), export controlled research (ITAR, EAR) and Student Education Records (FERPA)—is subject to laws that require special care. Following these guidelines helps you store and share sensitive data safely and reduces the risk of fines and penalties.

Important: It is recommended that sensitive data be stored in a Shared Account folder.

Learn more: For specific instructions on the minimum requirements for using U-M Box securely with sensitive data, see Use Box Securely with Sensitive Data on the SafeComputing site.

Guidelines:

Icon

Description

  • Personal folder

  • Owned by: You

  • Color: Manila

  • Collaborated folder

  • Owned by: Someone within your enterprise

  • Color: Blue

  • External collaborated folder

  • Owned by: Someone outside your enterprise

  • Color: Grey

  Co-Owner Editor Viewer Uploader Previewer Uploader Viewer Previewer Uploader
Download      
View/Add Comments  
Delete Files/Folders          
View/Create Tasks  
Add/Edit Tags          
View Tags
View Metadata
Edit Metadata    
Invite People          
Edit Folder Name          
Create Subfolders    
Edit Folder Settings            
Preview  
Send View-Only Links      
Upload    
View Item List in Folder
Sync Folder          
Set Access Permissions          
Restrict Invitations            
View Access Stats          
Move          
Copy        

Folder Security Settings

Select Settings from the More Options drop-down list.

Invitation Restrictions:

  • Only folder owners and co-owners can send collaborator invites 
    This is the most important choice. Only individuals who own the content should be in full control of who is able to access it.
  • Restrict collaboration to within University of Michigan
    We do not have a recommendation on whether or not to collaborate externally. It is your responsibility to share data with only those who should have access to it.
  • Hide Collaborators
    If the identity of the collaborators is sensitive, choose this option. Otherwise, we do not recommend hiding collaborators as it is more secure to know exactly who has access to files and folders.
  • Allow anyone who can access this folder from a shared link to join as a collaborator
    This is not permitted with sensitive data.

Commenting:

Disable commenting for this folder
Sharing and collaboration is the goal of using Box, we do not recommend disabling the ability to comment on folders. 

Note: All roles, except Uploader, have the ability to view comments.

Shared Link Access:

Only collaborators can access this folder via shared links.. 
Leave the drop-down set to For both files and folders.

Tags: 
Last Updated: 
Tuesday, May 30, 2017