Re: [Ext] Re: [SECURITY] Alumni and Retiree Email Question

[Ken Connelly <ken.connelly () UNI EDU>]

We offer graduates (alumni) the opportunity to convert their @uni.edu
address to an @alumni.uni.edu address, either retaining their previous
username for the userpart or using some form of first.last for the
userpart.  first.last is on a first-come, first-served basis. We haven't
been doing this long enough to encounter problems with duplications, but
my guess is that if somebody already has rob.smith () alumni uni edu, the
next person with that name will just retain their CatID username as the
userpart of their alumni address.

-ken

On 10/30/19 1:34 PM, Ruth Ginzberg wrote:
> One possible solution I haven't seen mentioned yet -- 
>
> Is it possible to snag the domain name [yourschool].COM (rather than .EDU) and assign alumni and/or retirees to those 
> e-mail addresses? (or maybe [yourschoolalumni].COM and [yourschoolretirees].com)
>
> Advantages:  You still own it.  It doesn't give the false impression that the individual is still a student/faculty 
> at your institution. It still gives them a recognizable e-mail that highlights their previous affiliation with your 
> place. You can decide that it won't be datamined with info sold to every marketer & political group around just for 
> the asking, which your alumni & retirees probably would appreciate.
>
> Disadvantages: Probably not free. You still need to manage it. Doesn't solve the problem of former 
> students/classmates using old .EDU address to try to reestablish contact after some number of years.
>
> Ruth Ginzberg
> Sr. I.T. Procurement Specialist
> 780 Regent St.
> Madison, WI 53715
> 608-890-3961 | wisconsin.edu
>
>
>
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Valdis Kletnieks
> Sent: Wednesday, October 30, 2019 1:21 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] [Ext] Re: [SECURITY] Alumni and Retiree Email Question
>
> On Wed, 30 Oct 2019 15:13:50 -0000, Mark Reboli said:
> > 3.   Retirees have the potential to store information that may be sought for
> > by eDiscovery litigation or via new privacy laws does that present an 
> > issue to you?
> There's two different cases to worry about here, and neither one interacts perfectly with either retirees or email 
> addresses..
>
> First, there's the possibility that somebody departed the university, and had data they had previously stored on a 
> personal machine.  The fact they're a retiree or still have an email address isn't really relevant - if they were 
> somebody who worked there for 5 years and departed for another job across town, you're still in exactly the same boat.
>
> Second, you have somebody still employed at the university who sent email to a departed ex-employee after they had 
> already left the organization.  Again, the fact they're a retiree isn't relevant, a non-retired ex-employee is the 
> same exact problem.  And the real question becomes "why were they sent mail that might be subject to ediscovery?".  
> Was there a failure to notify remaining staff that the person had departed and business email shouldn't be sent to 
> them anymore?  Does the organization need to do a better job of removing the departed from internal mailing lists and 
> other outboarding activities?
>
> In a *very* large organization, it's possible that the departed may have some straggler emails about day-to-day 
> business - for instance, somebody in the Physics department mailing to their usual contact in the Registrar's office, 
> unaware they've departed in the past few days. The proper solution here is probably policies and systems that ensure 
> that all that sort of stuff goes through role addresses - which it should be doing *anyhow*, because if the Physics 
> department sends a grade correction to samanta () registrar your edu and Samantha is on maternity leave or extended 
> sick leave, you have a problem.  So it should have gone to grade-corrections () registrar your edu or something like 
> that...
>
> A slightly stickier situation is where a current employee sends a departed staffer a private email regarding a 
> situation that may end up in litigation - I could see how things could get ugly and an email that contained the 
> phrase "Hey Bob - really weird here, I saw Jeff and the new hire Cynthia being *way* too chummy in the break room" 
> might become important.  But again, Bob would probably get the email on their Gmail  account if they didn't have a 
> retiree address.....
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
> person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
> and subscription information can be found at https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
> person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
> and subscription information can be found at https://www.educause.edu/community

-- 
- Ken
=================================================================
Ken Connelly                       Director, Information Security
Information Security Officer          University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-3010

Any request to divulge your UNI password via e-mail is fraudulent!

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community