Skip to Content

Vanderbilt IT

Home > Services > box > Vanderbilt Box Storage

Vanderbilt Box Storage

Box.com Policy

Box provides robust security for stored data. State-of-the-art technology and industry best practices are used for data encryption during transit of data to and from the Box cloud and while data is being stored within Box. However, due to federal, state and local laws and University policies and standards, Box should not be used to store, collect or share certain types of regulated and sensitive data. 

Vanderbilt faculty and staff are responsible for safeguarding Vanderbilt University data stored on the computers, devices and online services. To ensure secure data transfer, faculty and staff should only use the Box web interface (http://vanderbilt.box.com) or official Box apps to transfer data to Box.

A breakdown of permissions by data type is provided below:

Data Type Permitted Not-Permitted Examples
Non-confidential or general business

   

De-identified human subject research

 

Data that does not include any information which could be used to identify the individuals involved in the research

Sensitive identifiable human subject research  

 

Any individually identifiable research data containing sensitive information about mental health, genetics, alcohol & drug abuse, or illegal behaviors

Student educational records (FERPA)

 

 

Grades, student transcripts, degree information, disciplinary records and class schedule

Protected health information
(ePHI-HIPAA)

 

 

Any unique identifying attribute, characteristic, code or combination that allows identification of an individual, and that is combined with medical or health information. Examples include, but not limited to, data of birth, date of death, email addresses, telephone numbers and device ID numbers

Social Security Numbers

 

123-45-6789

Gramm Leach Bliley (GLBA) student loans application information

 

Student loan information, payment history and student financial aid data
Payment card information (PCI)  

Cardholder name, account number, expiration date, verification number, security code
Export controlled research (ITAR, EAR)  

Data containing research on items such as chemical and biological agents, satellite communications, certain software or technical data, and work on formulas for explosives
FISMA data  

Any government data that is regulated by the Federal Information Management and Security Act, including VA data, FDA data and Medicare data

Last Modified: 2016-08-17