Search Google Appliance

Information Technology

Requirements to Store and Share University Data with Secure Online Storage at UMass Amherst

Storing Documents on Box

UMass Amherst has an agreement with Box that covers sensitive data including HIPAA (Health Insurance Portability and Accountability Act), FERPA (Family Educational Rights and Privacy Act), Massachusetts General Law 93H and intellectual property data.

While UMass Amherst IT policy permits the storage of some sensitive data on Box, departments and individuals are responsible for configuring Box in compliance with any other regulations on data including HIPAA, human subject data restrictions, or other data use agreements. These supersede UMass Amherst's agreement with Box.

Box is not an acceptable storage location for data covered by export control restrictions (e.g., ITAR, EAR).

Sharing Documents with Box

  • Only share documents with individuals who have a legitimate need to access them.
  • Only share the minimum information necessary for collaboration.
  • Box allows you to assign different levels of access to your collaborators (e.g., editor, viewer). Assign the lowest level of permissions necessary for your collaborators.

Syncing Documents with Box

Box enables users to automatically sync documents on their local computers. Syncing is disabled by default to avoid the accidental download or sharing of sensitive documents. Do not enable sync for documents that contain sensitive data.

Using Secure Online Storage at UMass Amherst vs. Commercial Products

Box and the university have a contract and Business Associates Agreement that cover sensitive data such as HIPAA (Health Insurance Portability and Accountability Act), FERPA (Family Educational Rights and Privacy Act), Massachusetts General Law ch.93h, and intellectual property data. Sensitive data stored in any other commercial service (e.g., Dropbox, personal Google Apps account) is not covered by a similar agreement.

Related Documents