Box: Appropriate Use Guidelines
Box is a cloud-based storage solution that allows you to share files with people inside and outside of Washington University. WashU and Box.net have partnered to provide service that meets common higher education security and regulatory requirements.
Box Appropriate Use Policy
The grid below is a quick reference guide for understanding what data should and should not be stored in WUSTL Box.
| Appropriate | Appropriate With Assistance* | Not Appropriate |
| Attorney/Client Privileged Information | Protected Health Information (HIPAA) | Credit Card or Payment Card Industry (PCI) Information |
| IT Security Information | Social Security Numbers | Export Controlled Research (ITAR or EAR) |
| Other University Sensitive Data Not Specifically Addressed Elsewhere | Personally Identifiable Information (PII) | |
| Sensitive Identifiable Human Subject Research | Federal Information Security Management Act (FISMA) Data | |
| Student Education Records (FERPA) | ||
| Student Loan Application Information (GLBA) |
Please view: Cloud Service Guidelines, Considerations for Use, and Summary of Terms and Conditions.
* Appropriate with assistance means that those unfamiliar with WUSTL Box should seek guidance from IT staff in order to ensure proper use of the system to avoid accidentally putting sensitive data at risk. Guidance provided by IT staff generally focuses on two important items:
- If you choose to use the Box Drive app, a copy of your data is downloaded to your local machine. If you are dealing with sensitive data, it is imperative that you have local disk encryption enabled prior to installing and using Box Drive.
- If you use the sharing and collaboration features of WUSTL Box to share sensitive data, you must fully understand how the features work in order to ensure that you do not accidentally grant access to people who should not have access to the sensitive data.