Re: do your former employees get to keep their email address?

[Sherry Callahan <scallahan () KUMC EDU>]

Bob,

We don't allow our employees or students to retain their email address after they leave the University on a permanent 
basis and we also don't allow auto-forwarding of email.  Employees lose access immediately and students retain access 
for up to 6 months after they leave.  HIPAA requirements are a huge driver behind that policy, but there are other 
reasons as well (licensing, state policy, legal liability, etc.  )

We've had that policy in place for about 11 years now, so I can't really comment on a transition like the one you are 
about to embark on.  However, if I can provide some advice it would be to ensure that this policy change is well 
communicated.  That will prevent any frustration and phone calls from folks who have lost their access and then want 
copies of their email, contacts, etc.  If they know to be prepared, they'll have plenty of time to work out the 
transition on their own.
Sherry Callahan
Information Security Officer
University of Kansas Medical Center
(913) 588-0966 | scallahan () kumc edu<mailto:scallahan () kumc edu>



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn
Sent: Wednesday, August 21, 2013 9:36 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] do your former employees get to keep their email address?

This is only somewhat security related.   USU has just decided, by policy, to terminate an employee's email account and 
their email address at the end of employment.  There are two motivations for this new policy:
1) University email address is being used as the access token for personal use of software that has been licensed by 
USU to include that use.  We cannot extend that access to former employees under terms of the licensing agreement.
2) HR wants to be able to access and retain the business related communications that are directed to a former 
employee's address.

One category of protest to this decision is from people who want to maintain the professional connections they have 
made using their USU address.  That can't always be accomplished by sending out a change-of-address message to everyone 
in your addressbook.  Up to this point we HAVE been maintaining forwards from a former employee's old USU address to 
their current address elsewhere.

Has anyone else dealt with this transition in the extent of your email service?

Bob Bayn    SER 301    (435)797-2396       IT Security Team
Office of Information Technology,     Utah State University
     three common hazardous email scams to watch out for:
     1) unfamiliar transaction report from familiar business
     2) attachment with no explanation in message body
     3) "phishing" for your email password