UW Madison’s Enterprise Box Service
1. Responsible Use
Personal Box accounts cannot be used to store HIPAA protected data (Protected Health Information, PHI), regardless of whether they were setup through UW-Madison or through a non-campus account. In order for the UW–Madison Enterprise Box Service to be used in a way that is HIPAA compliant, additional controls must be added. Please see the SecureBox IT Service page for more information concerning requirements and how to get started.
In general, UW-Madison Enterprise Box is suitable for sensitive information as long as the appropriate permission controls are in place. You should NOT store restricted data on this service. Please see Data Governance Data Classification for specific data definitions
Individuals using this service are required to:
- Follow the UW System Acceptable Use of Information Technology Resources Policy.
- Protect the privacy and confidentiality of students and other institutional information as required by FERPA (privacy of student information)
- In accordance with federal regulations and UW-Madison policies, all research involving human subjects must be reviewed and approved by an Institutional Review Board prior to any research intervention with a participant. See Human Research Protection Program for details.
- Comply with all other applicable University policies, State and Federal laws, including for example:
2. System Use
- UW Madison’s Enterprise Box Service is available only to active UW-Madison students, faculty, staff with a UW Madison Microsoft 365 email account. Emeritus staff and Retirees with IT Services also retain access to the Box Service. Alumni are not eligible for the Box Service.
- Box should not be used as a primary data back-up system or for the storage of data that is not intended for regular access and use.
- We recommend that you keep backup copies of your critical files on other media, such as a local hard drive, CD-ROM, and/or Bucky Backup. In the unlikely event that there is a system outage, your online files will not be accessible until service returns.
- UW-Madison Box should not be used to store personal files or data not related to your employment or coursework at the university.
- You are responsible for the integrity of your data files.
- Before you leave the University, be sure to download copies of your data to other media, such as a local hard drive, CD-ROM, and/or a personal Box account.
- As well, make sure any data that is necessary is transferred to another active user.
3. Privacy Statement
UW-Madison respects the legitimate privacy interests of UW Madison Enterprise Box Users within appropriate limits for educational, ethical and legal reasons.
- UW Madison Enterprise Box administrators routinely monitor the volume of UW Madison Enterprise Box traffic for system management purposes.
- Usage may also be subject to security testing and monitoring.
- If the University receives a credible report that a violation has occurred, or if, in the course of managing the service, discovers evidence of a violation, then the matter will be referred for investigation, University disciplinary action, and/or criminal prosecution.
- Complaints that specific material violates the law or University policy should be reported to The Office of Cybersecurity
- If you are employed by the University, you should be aware that any documents that you save or publish in the UW Madison Enterprise Box may be subject to the Wisconsin Open Records Act. For more information on the Records Management, please click