Skip to main content

Information Technology
  2. Services
  3. box
  4. Vanderbilt Box Storage

Vanderbilt Box Storage

Box.com Policy

Box provides robust security for stored data. State-of-the-art technology and industry best practices are used for data encryption during transit of data to and from the Box cloud and while data is being stored within Box. However, due to federal, state, local laws and policies, Box should not be used to store, collect or share certain types of regulated and sensitive data.

Vanderbilt University Medical Center faculty and staff should use the VUMC instance and Box Policy detailed at  https://www.vumc.org/it/box-vumc.   

A breakdown of permissions by data type is provided below:

Data Type Permitted Not-Permitted Examples
Non-confidential or general business

   

De-identified human subject research

 

Data that does not include any information which could be used to identify the individuals involved in the research
Sensitive identifiable human subject research  

 

 Any individually identifiable research data containing sensitive information about mental health, genetics, alcohol & drug abuse, or illegal behaviors

Student educational records (FERPA)

  

 

Grades, student transcripts, degree information, disciplinary records and class schedule

Protected health information
(ePHI-HIPAA)

  

 

Any unique identifying attribute, characteristic, code or combination that allows identification of an individual, and that is combined with medical or health information. Examples include, but not limited to, data of birth, date of death, email addresses, telephone numbers and device ID numbers

Social Security Numbers

  

123-45-6789

Gramm Leach Bliley (GLBA) student loans application information

  

Student loan information, payment history and student financial aid data
Payment card information (PCI)  

Cardholder name, account number, expiration date, verification number, security code
Export controlled research (ITAR, EAR)  

Data containing research on items such as chemical and biological agents, satellite communications, certain software or technical data, and work on formulas for explosives
FISMA data  

Any government data that is regulated by the Federal Information Management and Security Act, including VA data, FDA data and Medicare data