While University employees do not have any expectation of privacy with respect to their use of the university’s computer resources, many privacy laws dictate the terms and conditions under which an employee may access the email messages and/or other electronic communications of a former employee or a current employee who is unavailable for an extended period.
The purpose of this procedure is to ensure that such access is granted in compliance with applicable privacy laws, and in a manner that protects the personal privacy of the individual whose data is being requested to the greatest extent.
When an employee separates from university employment, the terminating employee should turn over all business-related files, email messages and/or other electronic communications to his or her supervisor or successor prior to his or her departure. Occasionally, the aforementioned data transfer does not occur, e.g., immediate dismissal, departure without notice. Additionally, a manager may need to access the business-related files, email messages and/or other electronic communications of a current employee who becomes incapacitated or is otherwise unavailable for an extended period.
In such cases, any university employee needing access to the business-related email messages and/or other electronic communications of a terminated or otherwise unavailable employee, must first justify the business need for such access, agree to handle any information received in a manner consistent with the university's policies and procedures, and obtain the appropriate authorizations.
This procedure and its associated form were created to facilitate the processing of such requests. It should be noted that access will be granted only for legitimate and justified business purposes, and only with the approval of the Executive Director of Human Resources, the Information Security Officer and the University of Houston Systems’ General Counsel.
- Click the following link to download form-rm003c-email-access-request.
- Fill in the name of the individual whose email and/or files are being requested, his or her email address, department and title, and the business justification for the request.
- If you are requesting past email messages, check the appropriate box and provide a list of topics that will be used to screen the email messages that will be forwarded to your email storage. You also must provide a date range that bounds the email extent.
- If you wish to enter an "out of the office" message for the account, check the associated check box, and enter the content of the message that should be returned to anyone who sends an email to the former employee.
- Enter your name, signature and current date in the spaces provided. Your signature indicates that you have read, understand and agree to abide by the terms of the access agreement on the form.
- Enter the name of the supervisor of the individual whose email and/or other communications are being requested, and have him or her sign and date the form in the spaces provided.
- Submit the form to the University’s Information Security Officer who will review the request with the Executive Director of Human Resources.
- If either the Information Security Officer or the Executive Director of Human Resources does not believe the request is justified or appropriate, the Information Security Officer will inform the requestor that the request has been denied, and the procedure ends.
- If they both agree that the request is justified and appropriate, they will both sign and date the request.
- The Information Security Officer will forward the signed form to the UH System’s General Counsel for approval.
- If the request is not approved by General Counsel, the Information Security Officer will inform the requestor that the request has been denied, and the procedure ends.
- If the General Counsel approves, the Information Security Officer will enter the approval date onto the form and will send a copy of the completed request form to the appropriate University Computing and Telecommunications support team(s) that will provide the requestor with an email archive containing the requested email messages, and will update the "out of the office" message as requested.
- The Information Security Officer will maintain a file of all request forms processed.