Educause Security Discussion mailing list archives
Retiree Account Privileges
From: "Gregg, Christopher S." <csgregg () STTHOMAS EDU>
Date: Tue, 14 Jun 2016 15:52:29 +0000
I apologize if this was discussed recently. I scanned the archives and didn't see anything since 2010. We are revisiting our stance on providing e-mail accounts and/or addresses to retirees when they leave the university. We already have a process in place for faculty who are designated as official faculty emeriti but that is a specific official role, so this would be for others who don't fit into that category. I am curious how are your institutions handle this. * Do you allow retired faculty and/or staff to keep their e-mail accounts? If you do provide retirees with e-mail accounts... * How do you determine a retiree from a person who just resigns? * Do you put them on a separate domain such as alumni or retired? * Do you provide a full mailbox service or just an e-mail forward? * Do you purge their existing mailbox contents and have them start fresh to protect institutional data? * How long do they get to keep their account or forward? A time period and then a renewal? Based on activity? We're a recently migrated Office365 shop. Our tentative plan to is to offer a new empty mailbox connected to the previous SMTP address in our main domain to those who meet the agreed upon age/tenure requirements that our Provost, HR, and Advancement folks determine. We would then like to include some form of activity check and terminate accounts that go unused for a period of time. This plan should provide a fair amount of risk mitigation. The main risks remaining would be that some sensitive data still might be mailed to the person's address based on habit or old script, or that a retiree would get involved in some incident with their new account that requires significant effort by our security and/or legal team (litigation hold, abuse complaint, compromised account, etc). I'd prefer that if we offer anything it would be an e-mail forward, but there seems to be a consensus among our leadership that we should offer a full account to retirees. I am trying to find a way to provide the service in way that limits our risk and meets our business requirement. Thanks, Chris Chris Gregg Associate Vice President of Information Security & Risk Management Information Technology Services (ITS) csgregg () stthomas edu<mailto:csgregg () stthomas edu> p 1 (651) 962-6265 University of St. Thomas | stthomas.edu<https://www.stthomas.edu/> [University of St. Thomas : All for the Common Good]<http://www.stthomas.edu/e>
Current thread:
- Retiree Account Privileges Gregg, Christopher S. (Jun 14)
- Re: Retiree Account Privileges Sue Contarino (Jun 14)
- Re: Retiree Account Privileges Mike Cunningham (Jun 14)
- Re: Retiree Account Privileges Melissa Jackman (Jun 14)
- Re: Retiree Account Privileges Mandi Witkovsky (Jun 14)
- Re: Retiree Account Privileges Mandi Witkovsky (Jun 14)
- Re: Retiree Account Privileges Mandi Witkovsky (Jun 14)
- Re: Retiree Account Privileges Walter Moore (Jun 14)
- Re: Retiree Account Privileges Doug Brooks (Jun 14)
- Re: Retiree Account Privileges Theresa Rowe (Jun 18)
- Re: Retiree Account Privileges Theresa Rowe (Jun 18)