You are here

Guidelines for Handling Former Employee Computing Resources

Effective Dates and Issuing Authority

Effective Date:  November 22, 2011
Date Last Reviewed: August 27, 2014
Date Scheduled for Review:  August 2016
Issuing Authority:   Chief Information Security Officer

Introduction

When an employee ends his/her employment relationship with the University, there is sometimes a need to access business-related information stored on the former employee’s University computing resources. While the University makes computer resources available to its employees for the primary use of education and research, and for administrative activities, it recognizes that former employees could be current students or alumni and using University computing resources, especially email accounts, for approved personal use. Thus, it is reasonable to expect the University will provide protection for the individual’s personal information as long as it does not violate any local, state or federal laws and regulations. According to University policies, access to a former employee's computing resources is strictly prohibited. Any exceptions to this policy must be approved by the Department Head, Chief Information Security Officer and VP for Computer and Information Services.

These guidelines supplement the termination process and guide the supervisor in determining what may be done with a former employee’s University computing resources. 
 

Department Heads

  1. Prior to termination, the department head should appoint another employee to review and assume access to the former employee’s University computing resources. When an employee gives notice of resignation, the department head should ask the employee to remove any personal files from his/her PC, network drives, departmental shares and email account, and should remind the employee that Temple University’s confidential, sensitive and proprietary data must remain with Temple and that all work-related material is the property of Temple University. 
  2. If the employee has already been terminated and has left the workplace, an Authorization Form (See Authorization Procedure below) will be required before the department head may access the employee’s business-related computer files or e-mail messages. Upon approval of the Authorization Form, the department head may schedule an appointment with Computer Services (call 1-8000) to assist in accessing the employee’s files and, if necessary, transfer relevant business-related folders, files and other data from flash drives, CD or DVD. Access to files of a personal nature, full access or all access to former employee’s data or emails will not be approved. See authorization form below on acceptable criteria for access to University business-related resources. 
  3. If the employee’s emails are needed, the department head should contact Computer Services to request access to the employee’s business-related email messages.
  4. Departmental access to a former employee’s data has time limitations.  A terminated employee’s email messages ordinarily may only be accessed for 30 days. 

Computer Services

  1. Computer services personnel should make sure that appropriate approvals have been obtained before accessing a current or former employee’s files or other data on University computing resources. Do not copy, send, or otherwise share the files or data with anyone unless you have received the appropriate approvals.
  2. If you determine that information is of a personal nature or is non-business related, you should cease looking at it and refrain from sharing it with others.
  3. While performing your duties, if you come across material that you reasonably believe to be of a criminal nature (e.g., child pornography, criminal conspiracy, etc.), stop your search, secure the PC or other resource, and immediately contact the Office of the CISO.
  4. All criminal investigations involving University computing resources must be coordinated with the Office of the CISO who will work with Campus Police and/or external law enforcement to ensure that chain of custody and rules for evidence are maintained.
  5. Personal Computers of former employees should be “wiped” and re-imaged prior to reissue.

Office of the CISO

  1. Maintain guidelines on the process of accessing a terminated employee’s personal computer and associated files.
  2. Ensure that Computer Services receives and files approvals prior to authorizing access to the former employee’s personal computer and associated files.
  3. Maintain the Authorization Procedure.
  4. Work with Campus Police and external law enforcement agencies on all investigations involving computing resources.

VP for Computer and Information Services, University Counsel and Office of the President

  1. Approval by the Department Head, Chief Information Security Officer and VP for Computer and Information Services is required for access to all University computing resources.  These approvals should be obtained through the Authorization Procedure.

Authorization Procedure

  1. An Authorization Form (see below) must be completed and approved before access may be obtained to a former employee’s University computing resources.
  2. The department head or managing supervisor of the former employee must complete an Authorization Form, and the department head must sign it.
  3. The Authorization Form must be sent to the Office of the CISO, 705 Conwell Hall or scanned and emailed to ciso@temple.edu.
  4. The CISO will review and make recommendations to the VP for Computer and Information Services.
  5. The VP for Computer and Information Services may seek additional advice and consent from University Counsel and the Office of the President.
  6. The Office of the CISO will oversee the process of accessing University computing resources of the former employee.

Authorization Procedure for Accessing a Former Employee's Computing Resources

Date of Request: _____________

Requestor Name: ______________________________________________________________

Former Employee’s Name: _______________________________________________________

Former Employee’s TUid: ________________________________________________________

Please list specific resources (for example, all files and emails related to admissions business):

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

DEPARTMENT APPROVAL:

Dean/Vice President Name: _________________________________   

Dean/Vice President Signature: _________________________________   Date: __________

Once you have obtained department approval, please scan this form and email it to ciso@temple.edu for the university approval.

UNIVERSITY APPROVAL:

Chief Information Security Officer: _________________________________   Date: __________

VP for Computer and Information Services: ____________________________________   Date: _________