Educause Security Discussion mailing list archives

Re: Retiree Email Accounts

From: "Gregg, Christopher S." <csgregg () STTHOMAS EDU>
Date: Wed, 29 Aug 2018 17:58:59 +0000

In the past we allowed for retiree accounts, in which case staff would get a new clean account and faculty would be 
able to keep their existing account and contents.

We stopped that practice a couple of years ago but still allow faculty emeriti to keep their accounts.  The thought by 
the institution is that they have an official agreement with the university still and are quasi-employees.  They also 
have an official sponsor in our Provost's office.

I think one key in making the argument against providing this service is to require some department to own the retiree 
population getting the accounts - vetting who is eligible, dealing with exceptions, dealing with any complaints, 
determining when they no longer need the accounts, etc.  We found that while some people thought it was a nice service 
to offer individuals, no one really wanted to own the population and process.  That and the other e-discovery & false 
representation concerns mentioned already tipped the balance away from us offering the service.

Thanks,

Chris


Chris Gregg
Associate Vice President of Information Security & Risk Management, CISO
Information Technology Services (ITS)
csgregg () stthomas edu<mailto:csgregg () stthomas edu>
p 1 (651) 962-6265
University of St. Thomas | stthomas.edu<https://www.stthomas.edu>





From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Williams, David
Sent: Wednesday, August 29, 2018 12:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Retiree Email Accounts


How does your institution address email accounts for retirees?

*         Deactivate upon termination?

*         Continuous use of email account?

*         Move email account to  separate domain (e.g., John.Doe () retiree dcccd edu<mailto:John.Doe () retiree dcccd 
edu>)?  What about retention of email upon retirement?

*         Other?

Retirees at our institution are allowed to maintain their email accounts.  I have given good cause for removing this 
entitlement from a security exposure and support perspective, but, have been requested to solicit comments from other 
education institutions.

Thank you for any feedback!

David Williams
Chief Information Privacy & Security Officer
Director, Risk Management
Dallas County Community College District (DCCCD)
District Service Center (DSC)
4343 IH 30
Mesquite, Texas  75150-2018
david.williams () dcccd edu<mailto:david.williams () dcccd edu>
972.860.7793 (phone)
972.860.7929 (fax)
www.dcccd.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dcccd.edu%2F&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7C887b52b3a8f74ab4a75008d60dd4d160%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C636711605043618017&sdata=C5bhfqo%2BswAI9cSYFm3o2yD5zy3eU78S89P2RlTlu5Q%3D&reserved=0>
[Twitter 
Icon]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FCIPSODCCCD&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7C887b52b3a8f74ab4a75008d60dd4d160%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C636711605043618017&sdata=I526lXItusTbX3ZWGTPktL6CMtQHrTFBqNoHfTHh%2BRY%3D&reserved=0>
  [Small LinkedIn] 
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdavidrwilliamscisa&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7C887b52b3a8f74ab4a75008d60dd4d160%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C636711605043618017&sdata=nSwIulOMFA%2Fh4vlDa123iSyb9Jyo6Tlp%2BM8EFIRFmN4%3D&reserved=0>

[https://myportal.dcccd.edu/SiteCollectionImages/Nov2016Images/Email%20Sig/DCCCD_Email_Signature.jpg]
*******************************************************************************
NOTICE: This communication, including attachments, may contain information that is confidential and protected by the 
attorney/client or other privileges. It constitutes non-public information intended to be conveyed only to the 
designated recipient(s). If the reader or recipient of this communication is not the intended recipient, an employee or 
agent of the intended recipient who is responsible for delivering it to the intended recipient, or you believe that you 
have received this communication in error, please notify the sender immediately by return e-mail and promptly delete 
this e-mail, including attachments without reading or saving them in any manner. The unauthorized use, dissemination, 
distribution, or reproduction of this e-mail, including attachments, is prohibited and may be unlawful. Receipt by 
anyone other than the intended recipient(s) is not a waiver of any attorney/client or other privilege

Current thread:

Retiree Email Accounts Williams, David (Aug 29)
- Re: Retiree Email Accounts Theresa Rowe (Aug 29)
- Re: Retiree Email Accounts Robert Hughes (Aug 29)
- Re: Retiree Email Accounts Jackson, William (Aug 29)
  - Re: Retiree Email Accounts Dan Wasson (Aug 29)
    - Re: Retiree Email Accounts Gael Frouin (Aug 29)
- Re: Retiree Email Accounts Gregg, Christopher S. (Aug 29)
- Re: Retiree Email Accounts Miller, Richard H (Aug 29)
  - Re: Retiree Email Accounts Theresa Rowe (Aug 29)
    - Re: Retiree Email Accounts Ronald King (Sep 05)
    - Re: Retiree Email Accounts Scott Stoops (Sep 06)
    - Re: Retiree Email Accounts Frank Barton (Sep 06)
    - Re: Retiree Email Accounts Theresa Rowe (Sep 06)
    - Re: Retiree Email Accounts Miller, Richard H (Sep 07)
    - Re: Retiree Email Accounts Tom Klimek (Sep 06)
    - Re: Retiree Email Accounts Walter Moore (Sep 06)
- Re: Retiree Email Accounts Steve Niedzwiecki (Sep 07)

(Thread continues...)