Box @ UNH provides enhanced security via SSL connection and encryption of data at rest; however, some data is inappropriate for storage in Box @ UNH as well as most university general use servers and fileshares.
-
UNH Data Classifications and Storage
- Public Data (1 lock): No restrictions on storage in Box @ UNH.
- Sensitive data (2 lock): No restrictions on storage in Box @ UNH
- Restricted (legally protected) data (3 locks): Certain information should not be stored in Box @ UNH. Contact UNH ISS for appropriate solutions.
-
Don't store unnecessary data:
- Scan existing files with Identity Finder before transfer to Box @ UNH to locate SSN's and credit card numbers.
- Old and outdated files no longer useful (e.g., "just in case")
- No business need for the data (or obsolete business need).
- Legal exposure; data is discoverable in lawsuits.
- Define and use a record retention policy (USNH Policy)
-
Box @ UNH not accepted nor recommended for:
- Protected health information (PHI) subject to HIPAA/HITECH regulations
- Understand "cover entity"
- PHI not covered by HIPAA still must be protected
- Credit Card information
- Customer data; does not apply to P-Cards
- Policy, not law
- Export controlled research data
-
Be wary of using Box Sync when storing restricted data.
- Places inappropriate information on local devices
- Use only with encrypted devices when storing restricted data
Can I store my own sensitive data in Box?
While we do not explicitly prohibit incidental personal use of Box, we strongly discourage and do not recommend using Box @ UNH for personal files. Remember that Box is a university-provided resource, subject to legal and right-to-know discovery.