While University employees do not have any expectation of privacy with respect to their use of the university’s computer resources, many privacy laws dictate the terms and conditions under which an employee may access the email messages and/or other electronic communications of a former employee or a current employee who is unavailable for an extended period.
The purpose of this procedure is to ensure that such access is granted in compliance with applicable privacy laws, and in a manner that protects the personal privacy of the individual whose data is being requested to the greatest extent.
When an employee separates from university employment, the terminating employee should turn over all business-related files, email messages and/or other electronic communications to his or her supervisor or successor prior to his or her departure. Occasionally, the aforementioned data transfer does not occur, e.g., immediate dismissal, departure without notice. Additionally, a manager may need to access the business-related files, email messages and/or other electronic communications of a current employee who becomes incapacitated or is otherwise unavailable for an extended period.
In such cases, any university employee needing access to the business-related email messages and/or other electronic communications of a terminated or otherwise unavailable employee, must first justify the business need for such access, agree to handle any information received in a manner consistent with the university's policies and procedures, and obtain the appropriate authorizations.
It should be noted that access will be granted only for legitimate and justified business purposes, and only with the approval of the Executive Director of Human Resources, the Information Security Officer, and the University of Houston Systems’ General Counsel.
- The supervisor of the employee whose files need to be accessed shall send an email to the Information Security Officer at firstname.lastname@example.org with details of the request.
- The information that needs to be provided is as follows:
- The name of the individual whose email and/or files are being requested, his or her email address, department and title, and the business justification for the request.
- If you are requesting email messages provide a date range that bounds the email you seek.
- The Information Security Officer will review the request with the Executive Director of Human Resources and UH System’s General Counsel for approval.
- If the request is not approved by General Counsel, HR, then the Information Security Officer will inform the requestor that the request has been denied, and the procedure ends.
- If the General Counsel and HR approve the request, the Information Security Officer will continue processing the request and notify the requestor when the files are available.