Storing Restricted and Sensitive Data in Box @ UNH

Box @ UNH provides enhanced security via SSL connection and encryption of data at rest; however, some data is inappropriate for storage in Box @ UNH as well as most university general use servers and fileshares.

  • UNH Data Classifications and Storage

    • Public Data (1 lock): No restrictions on storage in Box @ UNH.
    • Sensitive data (2 lock): No restrictions on storage in Box @ UNH
    • Restricted (legally protected) data (3 locks): Certain information should not be stored in Box @ UNH. Contact UNH ISS for appropriate solutions.
  • Don't store unnecessary data:

    • Scan existing files with Identity Finder before transfer to Box @ UNH to locate SSN's and credit card numbers.
    • Old and outdated files no longer useful (e.g., "just in case")
    • No business need for the data (or obsolete business need).
    • Legal exposure; data is discoverable in lawsuits.
    • Define and use a record retention policy (USNH Policy)
  • Box @ UNH not accepted nor recommended for:

    • Protected health information (PHI) subject to HIPAA/HITECH regulations
      • Understand "cover entity"
      • PHI not covered by HIPAA still must be protected
    • Credit Card information
      • Customer data; does not apply to P-Cards
      • Policy, not law
    • Export controlled research data
      • Sharing risk
  • Be wary of using Box Sync when storing restricted data.

    • Places inappropriate information on local devices
    • Use only with encrypted devices when storing restricted data

Can I store my own sensitive data in Box?

While we do not explicitly prohibit incidental personal use of Box, we strongly discourage and do not recommend using Box @ UNH for personal files. Remember that Box is a university-provided resource, subject to legal and right-to-know discovery.

Details

Article ID: 609
Created
Fri 7/19/19 5:28 PM
Modified
Wed 9/16/20 6:49 PM