Storing Documents on Box
UMass Amherst has an agreement with Box that covers sensitive data including HIPAA (Health Insurance Portability and Accountability Act), FERPA (Family Educational Rights and Privacy Act), Massachusetts General Law 93H and intellectual property data.
While UMass Amherst IT policy permits the storage of some sensitive data on Box, departments and individuals are responsible for configuring Box in compliance with any other regulations on data including HIPAA, human subject data restrictions, or other data use agreements. These supersede UMass Amherst's agreement with Box.
Box is not an acceptable storage location for data covered by export control restrictions (e.g., ITAR, EAR).
Sharing Documents with Box
- Only share documents with individuals who have a legitimate need to access them.
- Only share the minimum information necessary for collaboration.
- Box allows you to assign different levels of access to your collaborators (e.g., editor, viewer). Assign the lowest level of permissions necessary for your collaborators.
Syncing Documents with Box
Box enables users to automatically sync documents on their local computers. Syncing is disabled by default to avoid the accidental download or sharing of sensitive documents. Do not enable sync for documents that contain sensitive data.
Using Secure Online Storage at UMass Amherst vs. Commercial Products
Box and the university have a contract and Business Associates Agreement that cover sensitive data such as HIPAA (Health Insurance Portability and Accountability Act), FERPA (Family Educational Rights and Privacy Act), Massachusetts General Law ch.93h, and intellectual property data. Sensitive data stored in any other commercial service (e.g., Dropbox, personal Google Apps account) is not covered by a similar agreement.