Appropriate Use Guidelines

The grid below is a quick reference guide for understanding what data should and should not be stored in WUSTL Box.  A detailed policy document outlining appropriate use guidelines for externally hosted computing services can be found here.

Appropriate Appropriate With Assistance* Not Appropriate
Attorney/Client Privileged Information Protected Health Information (HIPAA) Credit Card or Payment Card Industry (PCI) Information
IT Security Information Social Security Numbers Export Controlled Research (ITAR or EAR)
Other University Sensitive Data Not Specifically Addressed Elsewhere Personally Identifiable Information (PII)
Sensitive Identifiable Human Subject Research Federal Information Security Management Act (FISMA) Data
Student Education Records (FERPA)
Student Loan Application Information (GLBA)

Box Appropriate Use Policy:

Box is a cloud-based storage solution that allows you to share files with people inside and outside of the university. Internet2 and Box.net have partnered to work with representative universities to develop a hosted service that meets common higher education security and regulatory requirements.

Click the links in the sidebar to the right to view Cloud Service Guidelines, Considerations for Use, and a Summary of Terms and Conditions.

* Appropriate with assistance means that those unfamiliar with WUSTL Box should seek guidance from IT staff in order to ensure proper use of the system to avoid accidentally putting sensitive data at risk.  Guidance provided by IT staff generally focuses on 2 important items:

  • If you choose to use the Box Sync app, a copy of your data is downloaded to your local machine.  If you are dealing with sensitive data, it is imperative that you have local disk encryption enabled prior to installing and using Box Sync.
  • If you use the sharing and collaboration features of WUSTL Box to share sensitive data, you must fully understand how the features work in order to ensure that you do not accidentally grant access to people who should not have access to the sensitive data.