Skip to main content

IT@Cornell


Cornell Box Policy

Because Cornell Box is an easy way to store and collaborate on files that can be accessed from almost anywhere, it's ideal for a wide range of university work. Be a good custodian of institutional information. See permitted uses for Cornell Box.

In more precise terms, the use of Box is prohibited for all health care or "HIPAA" data; content subject to export control laws; and "confidential data" as defined by Cornell University Policy 5.10. (For more information on what that data includes, please see page 7, "Definitions" of the policy at http://www.dfa.cornell.edu/cms/treasurer/policyoffice/policies/volumes/informationtech/upload/vol5_10.pdf

If you need to securely transfer information of these types, use Cornell DropBox (dropbox.cornell.edu), a campus service for securely transferring documents. Files are encrypted during transport. To get started, see How to Send and Receive Files with Cornell DropBox.

All federal, state, and local laws and Cornell University Policies apply to the use of Box.

Notes on Research Data

Faculty who wish to use Box for research information that includes Human Subject Data should consult the Institutional Review Board, or, for research under a grant, relevant contract provisions in consultation with University Counsel or the Office of Sponsored Research.

Popular Applications that Sync with Box

Box's security provisions are sufficiently robust to support education and financial records, but only as a desktop/laptop to storage function.  Third Party applications that can sync with Box, for example popular ones such as Google Apps, applications to edit Microsoft Word or Excel like Zoho, or Adobe for pdf files, take the data out of the secure Box environment and onto that company's application servers. The Cornell contract with Box does NOT extend to those companies or applications at this time, so their use for education and financial records is disallowed. Custodians should not use Box for administrative data in general without clearance from their data steward. For more information about data stewardship and custodianship rules, please see University Policy 4.12:  http://www.dfa.cornell.edu/treasurer/policyoffice/policies/volumes/governance/data.cfm