Box Data Classifications

Summary

How to manage and apply classification labels in Box

Body

Description

If you're a content owner, Box enables you to apply a Security Classification Label to your files, and to cascade a classification label to your folders and their contents. Using ISU's classification labels enables you to better protect your shared sensitive content from negligent access.

Guide Navigation

Applying a classification to a file or Folder

Applying a classification to a file.

  1. In your Files window, click beside the file's name to highlight it.
  2. In the top of the window, select More Options (three-dot menu) Classify.
  3. Under Select Classification, click the down arrow and select a classification label. A file can have only one classification label.
  4. In the bottom of the window, click Apply.

 

To apply a cascading classification to a folder:

  1. In your Files window, click beside the folder's name to highlight it.
  2. In the top of the window, select More Options (three-dot menu) Classify.
  3. Under Select Classification, click the down arrow and select a classification label. A folder can have only one classification label.
  4. To apply your selected classification as a replacement to all existing classifications, click Overwrite all existing classifications with this value.
  5. In the bottom of the window, click Apply.

Note: After you apply a classification, Box displays the classification badge under Details in the right-hand sidebar, and next to the file's or folder's name in Preview when people select it or preview its contents.

Source: Using security classification Box Support

Searching for all content bearing a given classification

  1. In the top of your Box window, in the Search Files and Folders field, click the Advanced Search icon.
  2. Select the Metadata tab
  3. Under Metadata Template, click Select a Template and select Classification.
  4. Under Classification, click Select Value and select the classification label.
  5. To launch the search, do one of the following:
    • in the top of your Box window, in the Search Files and Folders field, click the search icon (magnification glass), or
    • on your keyboard press Enter .

Source: Using security classification Box Support

Public 

This label is for information intended for public consumption (e.g., Course Catalogs, Press Releases, Campus Maps).

Definition
Public Data

Restrictions

  • No Restrictions

Institutional 

The Default label for most University business (e.g.,FERPA-protected student records, Internal Memos, Departmental Budgets, Non-sensitive Research).
 
Definition
Institutional Data as per ITS Asset Management ISUPP 2430
 
Restrictions
  • Shared link: Idaho State University & External Collaborators only
  • External Collaboration: Allow Specified Domains and external users only
    • Note: A Drop down to Select Justification is available for external users
    • example justification screen when inviting external users
  • Download & Print: External partners restricted
  • Application integration: Restricted
  • FTP: Restricted
  • Watermarking: Enabled

Critical 

This label is for highly regulated or sensitive data (e.g., Bank account numbers, HIPAA/Health data, SSNs, or proprietary IP).
Definition
Critical Data as per ITS Asset Management ISUPP 2430
 
Restrictions
  • Shared link: Internal Collaborators Only
  • External Collaboration: Restricted
  • Download & Print: External Partners Restricted, Mobile Devices restricted to Owner/co-owner
  • Application integration: Restricted
  • FTP: Restricted
  • Watermarking: Enabled
*The additional sub-classification of Patient Documentation further restricts downloading and printing
*The additional sub-classification of Clinic Operations allows printing

Box Data Classification Decision Tree

Follow the path that best describes the most sensitive piece of information in your file or folder.

1. Does the data contain any of the following?

  • Social Security Numbers (SSNs)
  • Health/Medical Records (HIPAA)
  • Credit Card/Financial Account Numbers
  • Biometric Data or Passport IDs
  • YES Label: CRITICAL (Strict Access)
  • NO Go to Question 2

2. Does the data contain "Non-Public" institutional information, such as:

  • Student Education Records (FERPA, e.g., Grades, Transcripts)
  • Unpublished Research Data
  • University Budgets or Internal Memos
  • Employee IDs or Home Addresses
  • YES Label: INSTITUTIONAL (Standard University Business)
  • NO Go to Question 3

3. Is this information intended for the General Public?

  • Course Catalogs
  • Campus Maps or Press Releases
  • Publicly available Policy Manuals
  • YES Label: PUBLIC (Open Sharing)
  • UNSURE Default to: INSTITUTIONAL (Safety first!)
Examples:
A student's GPA or Class Rank 
   Institutional  
Why? Protected by FERPA; restricted to "Need to Know" staff.

A research spreadsheet with patient names 
   Critical 
Why? Potential HIPAA/PII violation; must be encrypted/watermarked.

A flyer for a campus "Spring Fling" event 
 Public 
Why? Intended for wide distribution; no security risk.

A list of employee home phone numbers
   Institutional  
Why?  Private contact info; not for public link sharing.

Draft of a patent-pending technology  
 Critical  
Why? High intellectual property value; requires download restrictions.

Additional Resources

 

 

 

Details

Details

Article ID: 169695
Created
Mon 3/16/26 3:48 PM
Modified
Thu 4/16/26 6:10 PM