Rutgers Connect FAQ

    Does the administration possess the ability to search entire Rutgers’ email traffic and use eDiscovery tools to view or access current or past email?

    All requests for access to email are carefully screened by Rutgers Legal and Compliance departments.  Rutgers has been required to provide such data using various tools in the past and the requirement here is not changing. 

    Rutgers email administrators have always had the capability to access account holder’s email but have only done so under direct guidance of Rutgers Legal in response to a subpoena, eDiscovery and OPRA requests.  Additionally, Microsoft keeps strict records on who accesses accounts, which cannot be modified by Rutgers.
     

    How can I collect and send email headers in the OWA or the Outlook desktop client?

    Collecting email headers can be done the same way for OWA as well as Outlook 2016, 2013, and 2010 on both Windows and Mac. The easiest method is to compose a new email and then drag the email whose headers you would like to collect into this new email. The message will be added as an attachment and all of its information, including headers, will be available to the support staff you are asked to send them to. Although this is the easiest way, users who are concerned about sharing message content may prefer an alternative which shares only header information. In OWA, right-click a message in your inbox and click “View Message Details” from the context menu, then copy the text displayed and paste it into an email. In the desktop client, open the message in a new window, click “File” > “Properties”, copy all text from the “Internet Headers” box, and paste it into an email. For more information about email headers, users may wish to view https://oit.rutgers.edu/faq/how-can-i-collect-and-send-email-headers .

    Is it safe to store Non-Public Personal Info (NPPI), HIPAA, or other restricted data on Office 365 (cloud)?

    Is it safe to store Non-Public Personal Info (NPPI), HIPAA, or other restricted data on Office 365 (cloud)?

    Is Rutgers Connect/Office 365 HIPAA, FERPA, GLBA, etc. compliant?

    Is it better to store this type of data on a local fileserver (which is kept updated and firewalled) within our building or in the Office 365 cloud (OneDrive)?

    • Office 365 is compliant with HIPAA, FERPA, GLBA, and others.  See: https://products.office.com/en-ca/business/office-365-trust-center-top-10-trust-tenets-cloud-security-and-privacy
    • Microsoft has provided Rutgers with a BAA.
    • Microsoft also has many documents on security and Office 365 including: https://go.microsoft.com/fwlink/p/?LinkId=401240
    • Security for sensitive data needs to happen not just in the cloud but also on the Rutgers side, including how the data is stored, transmitted and handled in the given department/unit of the University and by the users who have access to that data.  A department/unit handling sensitive data may also want to speak to the Rutgers Compliance office.
    • For those units/departments that are HIPAA-covered entities, their outgoing email will be routed through Zix for further protection within Rutgers Connect.  Please speak of your needs to OIT during the migration process.  See more information on Zix in the IT Staff FAQs.

    How will eDiscovery and similar requests be handled?

    eDiscovery currently applies to all files stored on Rutgers Connect, including email, calendars, and OneDrive files. Office 365 features which are not HIPAA-compliant, etc., will not be available through Rutgers Connect for this reason. eDiscovery and OPRA requests will be administrated centrally by OIT, also removing this time-consuming task from departmental/unit IT staff.  There are also eDiscovery tools and an Archive available for eDiscovery that simplify the handling of eDiscovery and OPRA requests. 

    Because all Rutgers Connect data is subject to such requests, people should not use Rutgers Connect for personal files or messages.

    What will happen to RCI?

    Just as we did with Eden and other OIT student systems in Camden and Newark, RCI and its equivalent in Camden and Newark (Andromeda, Crab) will have its email service turned off after email users are completely migrated off of RCI and a period of time has gone by, to make sure there are no issues and everything has been migrated successfully.  Other services (such as web sites, software access, and others) currently running on RCI, and the equivalent systems in Camden and Newark, will continue to run as needed.  In some cases, services may be moved to other systems.

Pages