U-M Box
Log In to U-M Box

Protecting Sensitive Data

Box adheres to the highest industry standards for security at every level and commits extensive resources to the design, implementation, monitoring, and maintenance of its security infrastructure. Box: Security Leadership in the Cloud.

Before storing any sensitive data, be sure to check the Sensitive Data Guide to confirm that your files can be safely stored in Box.

Following is information everyone should know in order to fully understand how to best protect their sensitive data in U-M Box.

Minimum Expectations for Using U-M Box Securely with Sensitive Data

Every user is responsible for using U-M Box securely to store or share data. Sensitive regulated data—such as protected health information (PHI), export controlled research (ITAR, EAR) and Student Education Records (FERPA)—are often subject to federal and state laws that require users to exercise special care. Following the guidance below will help you store and share sensitive university data safely in U-M Box and will reduce the risk of costly fines and penalties.

Sensitive data is required to be stored in a shared account's folder.

For specific instructions on the minimum requirements for using U-M Box securely with sensitive data, see Using U-M Box Securely with Sensitive Data.

For specific information, see the following sections on Using U-M Box Securely with Sensitive Data,

Know Your Folder Icons

Blue folder with people and sync tag Blue folder with people and sync tag
  • Owned by U-M
  • I am co-owner
  • I sync this folder
Blue folder with people Blue folder with people
  • Owned by U-M
  • I collaborate here
  • I have some access, but not owner or co-owner
Manila folder with sync tag Yellow folder with sync tag
  • Personal folder
  • only I have access
  • I sync this folder
Manila folder Yellow folder
  • Personal folder
  • only I have access
Gray folder with people Gray folder with people
  • Owned by "Another University"

Understanding Your Folder Permissions

Roles determine what actions users can take. Following is a visual for the possible actions for each role.

Co-owner Editor Viewer Uploader Previewer Uploader Viewer Previewer Uploader
Create Tasks
Invite People
Edit Folder Name
Edit Folder Properties
Send View-Only Links
View Items in Folder
Sync Folder
Set Access Permissions
Restrict Invitations
View Access Stats
Create/Edit Box Notes
View Box Notes

Set the Appropriate Folder Security Settings for Protecting Sensitive Data

How to configure your settings:

Do not put sensitive data in folders owned by individual users. Instead, use a shared account that is set up specifically for sensitive data, and include the appropriate individuals on the shared account. More information on shared accounts.

Using Folder Tags

While Tags do not protect folders or the content in the folder, they are a way to visually indicate that the folder is secure for sensitive data. Use the drop-down menu or the right-click menu and choose Add/Edit Tags.

Add/Edit Tags Menu

A new window will open. Users can add or edit the desired name of the Tag.

Add/Edit Tags