Table of Contents
Effective Date: November 22, 2011
Date Last Reviewed: August 27, 2014
Date Scheduled for Review: August 2016
Issuing Authority: Chief Information Security Officer
When an employee ends his/her employment relationship with the University, there is sometimes a need to access business-related information stored on the former employee’s University computing resources. While the University makes computer resources available to its employees for the primary use of education and research, and for administrative activities, it recognizes that former employees could be current students or alumni and using University computing resources, especially email accounts, for approved personal use. Thus, it is reasonable to expect the University will provide protection for the individual’s personal information as long as it does not violate any local, state or federal laws and regulations. According to University policies, access to a former employee's computing resources is strictly prohibited. Any exceptions to this policy must be approved by the Department Head, Chief Information Security Officer and VP for Computer and Information Services.
These guidelines supplement the termination process and guide the supervisor in determining what may be done with a former employee’s University computing resources.
- Prior to termination, the department head should appoint another employee to review and assume access to the former employee’s University computing resources. When an employee gives notice of resignation, the department head should ask the employee to remove any personal files from his/her PC, network drives, departmental shares and email account, and should remind the employee that Temple University’s confidential, sensitive and proprietary data must remain with Temple and that all work-related material is the property of Temple University.
- If the employee has already been terminated and has left the workplace, an Authorization Form (See Authorization Procedure below) will be required before the department head may access the employee’s business-related computer files or e-mail messages. Upon approval of the Authorization Form, the department head may schedule an appointment with Computer Services (call 1-8000) to assist in accessing the employee’s files and, if necessary, transfer relevant business-related folders, files and other data from flash drives, CD or DVD. Access to files of a personal nature, full access or all access to former employee’s data or emails will not be approved. See authorization form below on acceptable criteria for access to University business-related resources.
- If the employee’s emails are needed, the department head should contact Computer Services to request access to the employee’s business-related email messages.
- Departmental access to a former employee’s data has time limitations. A terminated employee’s email messages ordinarily may only be accessed for 30 days.
- Computer services personnel should make sure that appropriate approvals have been obtained before accessing a current or former employee’s files or other data on University computing resources. Do not copy, send, or otherwise share the files or data with anyone unless you have received the appropriate approvals.
- If you determine that information is of a personal nature or is non-business related, you should cease looking at it and refrain from sharing it with others.
- While performing your duties, if you come across material that you reasonably believe to be of a criminal nature (e.g., child pornography, criminal conspiracy, etc.), stop your search, secure the PC or other resource, and immediately contact the Office of the CISO.
- All criminal investigations involving University computing resources must be coordinated with the Office of the CISO who will work with Campus Police and/or external law enforcement to ensure that chain of custody and rules for evidence are maintained.
- Personal Computers of former employees should be “wiped” and re-imaged prior to reissue.
- Maintain guidelines on the process of accessing a terminated employee’s personal computer and associated files.
- Ensure that Computer Services receives and files approvals prior to authorizing access to the former employee’s personal computer and associated files.
- Maintain the Authorization Procedure.
- Work with Campus Police and external law enforcement agencies on all investigations involving computing resources.
- Approval by the Department Head, Chief Information Security Officer and VP for Computer and Information Services is required for access to all University computing resources. These approvals should be obtained through the Authorization Procedure.
- An Authorization Form (see below) must be completed and approved before access may be obtained to a former employee’s University computing resources.
- The department head or managing supervisor of the former employee must complete an Authorization Form, and the department head must sign it.
- The Authorization Form must be sent to the Office of the CISO, 705 Conwell Hall or scanned and emailed to email@example.com.
- The CISO will review and make recommendations to the VP for Computer and Information Services.
- The VP for Computer and Information Services may seek additional advice and consent from University Counsel and the Office of the President.
- The Office of the CISO will oversee the process of accessing University computing resources of the former employee.
Date of Request: _____________
Requestor Name: ______________________________________________________________
Former Employee’s Name: _______________________________________________________
Former Employee’s TUid: ________________________________________________________
Please list specific resources (for example, all files and emails related to admissions business):
Dean/Vice President Name: _________________________________
Dean/Vice President Signature: _________________________________ Date: __________
Once you have obtained department approval, please scan this form and email it to firstname.lastname@example.org for the university approval.
Chief Information Security Officer: _________________________________ Date: __________
VP for Computer and Information Services: ____________________________________ Date: _________