Please read the following information from CSSD regarding the types of information you can store in Box. The below info comes from the following webpage: http://www.technology.pitt.edu/mobile-services/box-pitt/box-dataguidelines.html
"Box provides robust security for the data you store. However, due to federal, state, and local laws and University policies and standards, it should not be used to store, collect, or share certain types of regulated and sensitive data. This includes data regulated by HIPAA, FERPA, and GLB. Please keep in mind that you are responsible for safeguarding University of Pittsburgh data stored on the computers, devices, and online services you use.
Box uses state-of-the-art technology and industry best practices for data encryption during transit to and from the Box cloud, as well as while stored within Box. For this reason, we recommend you use only the Box web interface (http://pitt.box.com) or official Box apps to transfer data securely to Box. If you use an app for Box that has been developed by a third party, you should take steps to ensure that the app transfers data using a secure method."
|
Data Type
|
Permitted
|
Not-Permitted
|
Examples
|
| Non-confidential or general business |
•
|
||
| De-identified human subject research |
•
|
Data that does not include any information which could be used to identify the individuals involved in the research | |
| Sensitive identifiable human subject research |
•
|
Any individually identifiable research data containing sensitive information such as information about mental health, genetics, alcohol and drug abuse, or illegal behaviors. | |
| Student educational records (FERPA) |
•
|
Grades, student transcripts, degree information, disciplinary records, and class schedule. | |
| Protected health information (ePHI-HIPAA) |
•
|
Any unique identifying attribute, characteristic, code, or combination that allows identification of an individual, and that is combined with medical or health information. Examples include, but are not limited to, date of birth, date of death, email addresses, telephone numbers, and device ID numbers. | |
| Social Security Numbers |
•
|
123-45-6789 | |
| Gramm Leach Bliley (GLBA) student loans application information |
•
|
Student loan information, payment history, and student financial aid data | |
| Payment card information (PCI) |
•
|
Cardholder name, account number, expiration date, verification number, and security code. | |
| Export controlled research (ITAR, EAR) |
•
|
Data containing research on things such as chemical and biological agents, satellite communications, certain software or technical data, and work on formulas for explosives. | |
| FISMA data |
•
|
Any government data that is regulated by the Federal Information Management and Security Act, including VA data, FDA data, and Medicare data. |
