Opportunistic TLS vs Verified TLS

Did you guys know that NetSuite uses Opportunistic TLS? on all of their email services.. and they are deprecating 3rd party SMTP integrations after the 2019.2 release. What this means is that if you have compliance needs and your communications via NetSuite email systems(cases, saved searches etc) contain PII or other sensitive information and the domain of the recipient does not have any TLS services.. -> NetSuite will send out the message with zero encryption and in plain text format.
Rookie Asked on October 16, 2019 in Administration.

From the NetSuite Terms of Service:

“(b) HIPAA. HIPAA. Customer agrees that: (i) Oracle is not acting on Customer’s behalf as a Business Associate or subcontractor; (ii) the Service may not be used to store, maintain, process or transmit protected health information (“PHI”) and (iii) the Service will not be used in any manner that would require Oracle or the Service to be compliant with the Health Insurance Portability and Accountability Act of 1996, as amended and supplemented (“HIPAA”). In the preceding sentence, the terms “Business Associate,” “subcontractor,” “protected health information” or “PHI” shall have the meanings described in HIPAA”

https://www.netsuite.com/portal/assets/pdf/terms-of-service-v032618.pdf

on October 16, 2019.

In general, isn’t emailing PII a bad habit anyways?

Also – NS expressly forbids requirements to comply with HIPAA.

Opportunitistic TLS seems like it’d be a good thing, not a bad… if you have a requirement to force TLS, you’re probably emailing stuff you shouldn’t really be storing in NetSuite anyways…

on October 16, 2019.
Add Comment
0 Answer(s)

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.
  • This site made possible by our sponsors:   Tipalti   Celigo   Limebox   Become a Sponsor