Re: Retiree Account Privileges

[Mike Cunningham <mike.cunningham () PCT EDU>]

*         Do you allow retired faculty and/or staff to keep their e-mail accounts?

Yes, any retiree can request to keep their account



*         How do you determine a retiree from a person who just resigns?

HR definition. If the employee is not working they are retired. If they are then they are not. We have had instances 
where we discovered a former employee who left as a retiree and said they were done working who then ended up taking a 
full-time job at another college and we terminated all their retiree benefits


*         Do you put them on a separate domain such as alumni or retired?

No


*         Do you provide a full mailbox service or just an e-mail forward?

Full mailbox service





*         Do you purge their existing mailbox contents and have them start fresh to protect institutional data?

We do not force a delete and start empty. Their supervisor deals with the cleanup of email the same as cleanup of 
office documents, tests, LMS sites, etc. The supervisor also gets a complete copy of the retirees email account at the 
time they leave to review for college related conversations


*         How long do they get to keep their account or forward?  A time period and then a renewal?  Based on activity?

Forever if they use it. 6 months of inactivity (no logon is inactivity) and we may delete the account.


Mike Cunningham
VP of Information Technology Services/CIO
Pennsylvania College of Technology




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gregg, 
Christopher S.
Sent: Tuesday, June 14, 2016 11:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Retiree Account Privileges

I apologize if this was discussed recently.  I scanned the archives and didn't see anything since 2010.

We are revisiting our stance on providing e-mail accounts and/or addresses to retirees when they leave the university.  
We already have a process in place for faculty who are designated as official faculty emeriti but that is a specific 
official role, so this would be for others who don't fit into that category.

I am curious how are your institutions handle this.


*         Do you allow retired faculty and/or staff to keep their e-mail accounts?

If you do provide retirees with e-mail accounts...



*         How do you determine a retiree from a person who just resigns?


*         Do you put them on a separate domain such as alumni or retired?


*         Do you provide a full mailbox service or just an e-mail forward?



*         Do you purge their existing mailbox contents and have them start fresh to protect institutional data?


*         How long do they get to keep their account or forward?  A time period and then a renewal?  Based on activity?

We're a recently migrated Office365 shop.  Our tentative plan to is to offer a new empty mailbox connected to the 
previous SMTP address in our main domain to those who meet the agreed upon age/tenure requirements that our Provost, 
HR, and Advancement folks determine.   We would then like to include some form of activity check and terminate accounts 
that go unused for a period of time.  This plan should  provide a fair amount of risk mitigation.

The main risks remaining would be that some sensitive data still might be mailed to the person's address based on habit 
or old script, or that a retiree would get involved in some incident with their new account that requires significant 
effort by our security and/or legal team (litigation hold, abuse complaint, compromised account, etc).

I'd prefer that if we offer anything it would be an e-mail forward, but there seems to be a consensus among our 
leadership that we should offer a full account to retirees.  I am trying to find a way to provide the service in way 
that limits our risk and meets our business requirement.

Thanks,

Chris



Chris Gregg
Associate Vice President of Information Security & Risk Management
Information Technology Services (ITS)
csgregg () stthomas edu<mailto:csgregg () stthomas edu>
p 1 (651) 962-6265
University of St. Thomas | stthomas.edu<https://www.stthomas.edu/>

[University of St. Thomas : All for the Common Good]<http://www.stthomas.edu/e>