Requesting access to the email or files of a former employee

Purpose

While University employees do not have any expectation of privacy with respect to their use of the university’s computer resources, many privacy laws dictate the terms and conditions under which an employee may access the files, email messages and/or other electronic communications of a former employee or another current employee who is unavailable for an extended period.

The purpose of this procedure is to ensure that such access is granted in compliance with applicable privacy laws, and in a manner that protects the personal privacy of the individual whose data is being requested to the greatest extent.

Description

When an employee separates from university employment, the terminating employee should turn over all business-related files, email messages and/or other electronic communications to his or her supervisor or successor prior to his or her departure.  Occasionally, the aforementioned data transfer does not occur, e.g., immediate dismissal, departure without notice.  Additionally, a manager may need to access the business-related files, email messages and/or other electronic communications of a current employee who becomes incapacitated or is otherwise unavailable for an extended period.

In such cases, any university employee needing access to the business-related files, email messages and/or other electronic communications of a terminated or otherwise unavailable employee, must first justify the business need for such access, agree to handle any information received in a manner consistent with the university's policies and procedures, and obtain the appropriate authorizations.

This procedure and its associated form was created to facilitate the processing of such requests.  It should be noted that access will be granted only for legitimate and justified business purposes, and only with the approval of the Executive Director of Human Resources, the Information Security Officer and the University of Houston Systems’ General Counsel. 

Procedure

  1. Click the following link to download form-rm003b-file-email-access-request.
  2. Enter your name, signature and current date in the spaces provided.  Your signature indicates that you have read, understand and agree to abide by the terms of the access agreement on the form.
  3. Fill in the name of the individual whose email and/or files are being requested, his or her email address, department and title, and the business justification for the request.
  4. If you are requesting past email messages, check the appropriate box and provide a list of topics that will be used to screen the email messages that will be forwarded to your email storage.  You also must provide a date range that bounds the email extent.
  5. In the rare case where you need to receive future email messages destined for the former or unavailable employee, check the appropriate box and specify the email address to which the future email should be forwarded along with an expiration date.  Forwarding is strongly discouraged and will only be approved in cases where there is no reasonable alternative.
  6. If you need to access the former or unavailable employee’s electronic data files stored on his or her previously assigned computer or file share, check the appropriate box and provide the host name of the computer or the share that is storing the former or unavailable employee's files.
  7. Enter the name of the supervisor of the individual whose email, files and/or other communications are being requested, and have him or her sign and date the form in the spaces provided.
  8. Submit the form to the University’s Information Security Officer who will review the request with the Executive Director of Human Resources. 
  9. If either the Information Security Officer or the Executive Director of Human Resources does not believe the request is justified or appropriate, the Information Security Officer will inform the requestor that the request has been denied, and the procedure ends.
  10. If they both agree that the request is justified and appropriate, they will both sign and date the request.
  11. The Information Security Officer will forward the signed form to the UH System’s General Counsel for approval.
  12. If the request is not approved by General Counsel, the Information Security Officer will inform the requestor that the request has been denied, and the procedure ends.
  13. If the General Counsel approves, the Information Security Officer will enter the approval date onto the form and will send a copy of the completed request form to the appropriate University Computing and Telecommunications support team(s) that will provide the requestor with access to the requested email and files.
  14. The Information Security Officer will maintain a file of all request forms processed.