Below is the statement, from Rutgers, regarding how they address data security:
1. Rutgers will implement and maintain reasonable administrative, physical and technical safeguards (“Safeguards”) which attempt to prevent any collection, use or disclosure of, or access to District Data that this Agreement does not expressly authorize, including, without limitation, an information security program that meets commercially reasonable industry practice to safeguard District Data. Such information security program includes: (a) physical security of all premises in which District Data will be processed and/or stored; and (b) reasonable precautions taken with respect to the employment of, access given to, and education and training of any and all personnel furnished or engaged by Rutgers to perform any part of the services hereunder.
2. Rutgers has implemented administrative, technical, and physical security procedures to protect information stored in our servers, which are located in the United States. It uses security safeguards such as physical access controls to buildings and files, at-rest data encryption, and in transit data encryption using HTTPS with TLS 1.3 to help prevent unauthorized access to the information it maintains. Despite this, neither the Internet nor any data storage system can be guaranteed to be 100% secure."