Box: Appropriate Use Guidelines

Box is a cloud-based storage solution that allows you to share files with people inside and outside of Washington University.  WashU and Box.net have partnered to provide service that meets common higher education security and regulatory requirements.


Box Appropriate Use Policy

The grid below is a quick reference guide for understanding what data should and should not be stored in WUSTL Box.

AppropriateAppropriate With Assistance*Not Appropriate
Attorney/Client Privileged InformationProtected Health Information (HIPAA)Credit Card or Payment Card Industry (PCI) Information
IT Security InformationSocial Security NumbersExport Controlled Research (ITAR or EAR)
Other University Sensitive Data Not Specifically Addressed ElsewherePersonally Identifiable Information (PII)
Sensitive Identifiable Human Subject ResearchFederal Information Security Management Act (FISMA) Data
Student Education Records (FERPA)
Student Loan Application Information (GLBA)

Please view: Cloud Service Guidelines, and Considerations for Use.


* Appropriate with assistance means that those unfamiliar with WUSTL Box should seek guidance from IT staff in order to ensure proper use of the system to avoid accidentally putting sensitive data at risk.  Guidance provided by IT staff generally focuses on two important items:

  • If you choose to use the Box Drive app, a copy of your data is downloaded to your local machine.  If you are dealing with sensitive data, it is imperative that you have local disk encryption enabled prior to installing and using Box Drive.
  • If you use the sharing and collaboration features of WUSTL Box to share sensitive data, you must fully understand how the features work in order to ensure that you do not accidentally grant access to people who should not have access to the sensitive data.