Educause Security Discussion mailing list archives
Re: do your former employees get to keep their email address?
From: Sherry Callahan <scallahan () KUMC EDU>
Date: Wed, 21 Aug 2013 14:49:50 +0000
Bob, We don't allow our employees or students to retain their email address after they leave the University on a permanent basis and we also don't allow auto-forwarding of email. Employees lose access immediately and students retain access for up to 6 months after they leave. HIPAA requirements are a huge driver behind that policy, but there are other reasons as well (licensing, state policy, legal liability, etc. ) We've had that policy in place for about 11 years now, so I can't really comment on a transition like the one you are about to embark on. However, if I can provide some advice it would be to ensure that this policy change is well communicated. That will prevent any frustration and phone calls from folks who have lost their access and then want copies of their email, contacts, etc. If they know to be prepared, they'll have plenty of time to work out the transition on their own. Sherry Callahan Information Security Officer University of Kansas Medical Center (913) 588-0966 | scallahan () kumc edu<mailto:scallahan () kumc edu> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn Sent: Wednesday, August 21, 2013 9:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] do your former employees get to keep their email address? This is only somewhat security related. USU has just decided, by policy, to terminate an employee's email account and their email address at the end of employment. There are two motivations for this new policy: 1) University email address is being used as the access token for personal use of software that has been licensed by USU to include that use. We cannot extend that access to former employees under terms of the licensing agreement. 2) HR wants to be able to access and retain the business related communications that are directed to a former employee's address. One category of protest to this decision is from people who want to maintain the professional connections they have made using their USU address. That can't always be accomplished by sending out a change-of-address message to everyone in your addressbook. Up to this point we HAVE been maintaining forwards from a former employee's old USU address to their current address elsewhere. Has anyone else dealt with this transition in the extent of your email service? Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University three common hazardous email scams to watch out for: 1) unfamiliar transaction report from familiar business 2) attachment with no explanation in message body 3) "phishing" for your email password
Current thread:
- do your former employees get to keep their email address? Bob Bayn (Aug 21)
- Re: do your former employees get to keep their email address? Sherry Callahan (Aug 21)
- Re: do your former employees get to keep their email address? John K Lerchey (Aug 21)
- Re: do your former employees get to keep their email address? Pete Hickey (Aug 21)
- Re: do your former employees get to keep their email address? Walter Moore (Aug 21)
- Re: do your former employees get to keep their email address? Shalla, Kevin (Aug 21)
- Re: do your former employees get to keep their email address? Roger A Safian (Aug 21)
- Re: do your former employees get to keep their email address? W. Greg Price, Sr. (Aug 21)
- Re: do your former employees get to keep their email address? Tim Doty (Aug 21)
- Re: do your former employees get to keep their email address? Shamblin, Quinn (Aug 21)
- Re: do your former employees get to keep their email address? Tim Faircloth (Aug 21)
- Re: do your former employees get to keep their email address? John C. Roberts (Aug 21)
(Thread continues...)
- Re: do your former employees get to keep their email address? Sherry Callahan (Aug 21)