Learn how to get approval to store restricted data in UBbox.
Each UBbox folder containing restricted data must have a data steward (see “Definitions and References” section). The data steward is a named individual responsible for the restricted data.
- Data stewards must obtain approval to store restricted data in UBbox as follows:
- For Category 1: Restricted Data, including data regulated by HIPAA, the Information Security Officer (ISO) and the appropriate security/privacy official approve the request.
- Additional approval requirements:
- Mandatory training must be completed before accessing restricted data and at minimum on an annual basis thereafter. UB EDGE, when possible, should be used for all mandatory training.
- Restricted data training
- UBbox-specific training for data stewards and folder co-owners:
- Read and understand this entire document.
- Minimal Box specific training for anyone with access to restricted data folders: Read and understand the following sections of this document:
- User responsibilities when storing and accessing restricted data in UBbox
- Visual Indicators
- Folder Icons
- Folder Naming Convention
- Restrictions and permitted methods of accessing restricted data in UBbox (all sections)
- For data subject to HIPAA:
- HIPAA training provided by the security/privacy officials of the covered function.
- Security/privacy officials are responsible for ensuring adherence to training requirements.
- Security/privacy officials are responsible revoking access to restricted data in UBbox if mandatory training requirements are not met in a timely manner.
- Written approval from data steward's direct supervisor.
- Written description of need to store restricted data in UBbox.
- Written confirmation from the data steward that they have read this document and will comply with all its requirements.
- Data Stewards are responsible for maintaining records of approvals and training completion.
Submit a ticket to the UBIT Help Center using the form below.