Box@UNL

Changes to cloud storage

Change is coming to cloud storage at the University of Nebraska. ITS is beginning the process of moving all data from Box to Microsoft 365 services. Learn more at its.nebraska.edu/box.

Box@UNL Simple, Secure Sharing from Anywhere.

Box@UNL Login What may I store in Box?
Box

Change is coming to cloud storage at the University of Nebraska. ITS is beginning the process of moving all data from Box to Microsoft 365 services.

The University of Nebraska is moving file storage and collaboration services from Box to Microsoft 365. This change is driven by three factors.

  • Cost Savings – Box is eliminating unlimited storage for Higher Education customers. If the University were to stay on Box, the cost of maintaining file and collaboration services would be unsustainable.
  • Improved Services – Microsoft 365 builds on essential file and collaboration services with SharePoint and Teams. Both tools introduce new collaboration and communication capabilities for faculty, staff, and students.
  • Enhanced Security – Microsoft 365 includes security services that will enhance protection for University data beyond what is currently available with existing “Box for Research” services.

For more information, please visit https://its.nebraska.edu/box

What kinds of data may I store on Box?

YES

NEEDS APPROVAL

NO

Research data subject to export controls

Exports include:
  • Verbal communication
  • Transfer of written documents
  • Transfer of U.S. computer software to a foreign national whether in the U.S. or abroad if the technology is controlled by export regulations
    No

Human subjects research data containing personally identifiable information (PII)

PII includes:
  • A user name or email address, in combination with a password or security question and answer
  • First name or first initial in combination with any one or more of the following:
    • SSN (SSN is not approved to be stored in BOX)
    • drivers license or state ID number
    • Account number, credit or debit card number, in combination with security code, access code, or password
    • Unique electronic ID number or routing code, in combination with security code, access code, or password
    • Unique biometric data, such as fingerprint, voice print, or retina or iris image, or other unique physical representation
Request Approval
  Needs Approval  
Human subjects research data that is coded as long as the decryption table is not stored on Box Yes    
Research data that does not contain PII and is not subject to export controls Yes    

Social Security Numbers

(see more information about SSN Usage Policy at https://its.unl.edu/ssn/)

Request Approval

  Needs Approval  
Drivers License Numbers
- Request Approval
  Needs Approval  
Credit Card Numbers     No
Bank Account Numbers
- Request Approval
  Needs Approval  
Electronic protected health information as defined by HIPAA
- Request Approval
  Needs Approval  

Data classified as Low Risk

Low Risk data consists of institutional data used in conducting business not covered by international, state or federal privacy and security laws.  Low Risk data is categorized as neither "restricted" nor "sensitive."  Generally, this is information that can be made available to the public without risk of harm to the university or any entities with an affiliation to the university.

Yes    

Data classified as Medium Risk require high levels of protection, and it does not contain any of the non-allowed items in this chart.

Medium Risk data consists of data that is not protected by regulatory requirements, but should be protected from public view. This data might include (but is not limited to) academic, research, athletic, public service or administrative data that is restricted for reasons related to public or individual safety, competition, ongoing development or is otherwise sensitive in nature.

Yes    

Data classified as High Risk (restricted use)

High Risk data is considered highly confidential and is strictly protected by federal, state, university, professional code or other binding regulation. Any data that could, by itself or in combination with other such data, be used for identity theft, fraud or other such crimes should be treated as confidential data.

- Request Approval

  Needs Approval