U of I Box, Family Educational Rights and Privacy Act information
The major factors why Box is considered FERPA compliant:
How do I know Box is FERPA compliant?
- Auditing — Comprehensive audit trails for account actions, document lifecycles, sharing activity and more
- Data encrypted at rest — 256 bit AES encryption of stored data
- Encryption key policy — Encryption keys are securely stored in separate locations and frequently rotated
- Security Certifications — including SSAE 16 Type II, Safe Harbor, SAS 70 type II
- TLS (SSL) required — Yes, 256 bit SSL v3.3 required for all file access
- Safe backups
Please note the previous items apply to data stored on Box servers.
Data stored on client systems should be secured as stated in Illini Secure Institutional Data Security Standard.
This includes data made available for offline access by Box Sync or other applications.