Educause Security Discussion mailing list archives
Re: [Ext] Re: [SECURITY] Alumni and Retiree Email Question
From: Valdis Klētnieks <valdis.kletnieks () VT EDU>
Date: Wed, 30 Oct 2019 14:20:43 -0400
On Wed, 30 Oct 2019 15:13:50 -0000, Mark Reboli said:
3. Retirees have the potential to store information that may be sought for by eDiscovery litigation or via new privacy laws does that present an issue to you?
There's two different cases to worry about here, and neither one interacts perfectly with either retirees or email addresses.. First, there's the possibility that somebody departed the university, and had data they had previously stored on a personal machine. The fact they're a retiree or still have an email address isn't really relevant - if they were somebody who worked there for 5 years and departed for another job across town, you're still in exactly the same boat. Second, you have somebody still employed at the university who sent email to a departed ex-employee after they had already left the organization. Again, the fact they're a retiree isn't relevant, a non-retired ex-employee is the same exact problem. And the real question becomes "why were they sent mail that might be subject to ediscovery?". Was there a failure to notify remaining staff that the person had departed and business email shouldn't be sent to them anymore? Does the organization need to do a better job of removing the departed from internal mailing lists and other outboarding activities? In a *very* large organization, it's possible that the departed may have some straggler emails about day-to-day business - for instance, somebody in the Physics department mailing to their usual contact in the Registrar's office, unaware they've departed in the past few days. The proper solution here is probably policies and systems that ensure that all that sort of stuff goes through role addresses - which it should be doing *anyhow*, because if the Physics department sends a grade correction to samanta () registrar your edu and Samantha is on maternity leave or extended sick leave, you have a problem. So it should have gone to grade-corrections () registrar your edu or something like that... A slightly stickier situation is where a current employee sends a departed staffer a private email regarding a situation that may end up in litigation - I could see how things could get ugly and an email that contained the phrase "Hey Bob - really weird here, I saw Jeff and the new hire Cynthia being *way* too chummy in the break room" might become important. But again, Bob would probably get the email on their Gmail account if they didn't have a retiree address..... ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Attachment:
_bin
Description:
Current thread:
- Re: Alumni and Retiree Email Question Seth A. Shestack (Oct 31)
- Re: Alumni and Retiree Email Question Mandi Witkovsky (Oct 31)
- Re: [Ext] Re: [SECURITY] Alumni and Retiree Email Question Madeksho, Chris (Oct 31)
- Re: [Ext] Re: [SECURITY] Alumni and Retiree Email Question Mark Reboli (Oct 31)
- Re: [Ext] Re: [SECURITY] Alumni and Retiree Email Question Valdis Klētnieks (Oct 31)
- Re: [Ext] Re: [SECURITY] Alumni and Retiree Email Question Ruth Ginzberg (Oct 31)
- Re: [Ext] Re: [SECURITY] Alumni and Retiree Email Question Ken Connelly (Oct 31)
- Re: [Ext] Re: [SECURITY] Alumni and Retiree Email Question Madeksho, Chris (Oct 31)
- Re: Alumni and Retiree Email Question Mandi Witkovsky (Oct 31)
- Re: Alumni and Retiree Email Question Scott Norton (Oct 31)
- <Possible follow-ups>
- Re: Alumni and Retiree Email Question Mike Beane (Oct 31)