RDCRN Folder Classifications and Policies
- Michael Wagner
- Michal Kouril (external)
In order to organize Box data space and differentiate between various access policies based on the nature of data protection we established the following 4 folder and data classifications.
Classification | Purpose | PHI/PII ok? | Management /Ownership Responsibility | Sample Top-Level Folder Names | Box settings |
|---|---|---|---|---|---|
| Folder and documents are for RDCRN-internal purposes, e.g., to be shared network-wide or consortium-wide. | No. Permissions are controlled at the group (network, consortium, protocol, committee) level. | Folders classified as RDCRN-internal are generally managed by DMCC and or consortium management staff. All users must be in-network, no links allowed. | RDCRN AllConsortia, BBD-Consortium, etc. | 1User is “editor” or “viewer” 2,3Only RDCRN auth. |
| Tightly controlled folder, may not be shared with external collaborators due to potentially sensitive (PHI/PII) content. | Yes. | Folders can be owned/managed by individual RDCRN members, must provide quarterly attestation that sensitive information is being handled appropriately. | BBD-7701-upload | 1User responsible for permissions and attestation is “co-owner” on the folder. 2,3Only RDCRN auth. |
| Folder and documents intended for collaborative work. Contents can be shared with external (non-RDCRN) collaborators. | No. | Folders can be owned/managed by individual RDCRN members, as long as they abide by the governing policies. | BBD-OI-collaboration | User responsible for permissions is “co-owner” on the folder. External users require Box 2FA. No further restrictions. |
| Personal sandbox folder for individual users. | Yes. | Folders are owned by individuals with full box license, but no sharing is allowed. | John Doe - Home | 1User is “editor” 2,3Only RDCRN auth.
|
1 “[x] Only box folder owners and co-owners can send collaborator invites” - although this doesn’t disable links they will not grant further access if the user is not a “co-owner”.
2”[x] Restrict collaboration to within RDCRN”
3”[x] Only collaborators can access this folder via shared links”