Access to Separated Employee Data

Department: 

Information Technology Services

Contact Information: 

Nish Malik / Associate Vice President and Chief Information Officer, Information Technology Services / (415) 405-4105 / nish@sfsu.edu

Effective Date: 

Wednesday, August 1, 2018

Authority: 

ICSUAM 8105 Responsible Use

ICSUAM 8025 Privacy of Personal Information

ICSUAM 8065 Information Asset Management

 


Objective: 

The purpose of this Practice Directive is to provide guidance on separated employee data and the process for requesting access to a separated employee’s mailbox, calendar or system resources provided by SF State.

 

Definitions

Data Owner

The Data Owner defines and provides information about the rightful owner of data assets and the acquisition, use and distribution.

Data Custodian

A Data Custodian is an employee of the University who has administrative and/or operational responsibility over Institutional Data.  

 


Statement: 

SF State Human Resources is both the owner and custodian of separated employee data. This Business Practice Directive defines service offering, policies, requirements and provisions governing the process for requesting, granting and retaining records for access to separated employee mailbox, calendar or system resources provided by SF State. 

 

Scope

This Practice Directive applies to the governing process for requesting access to a separated employee mailbox, calendar or system resources provided by SF State. SF State supports one enterprise e-mail system providing all faculty and staff with an @sfsu.edu e-mail account for official University communication.  SF State also provide data sharing and file storage via Box and secure drives for official University business.

 

Security

Employee data and email content are owned by the University. To address any potential privacy concerns, consent from HR serves to ensure that there are no protected communications in the data or email to which access is requested. 

 

Supplemental Populations

Other defined groups of employees also covered under this practice directive are defined below:

  • Employees on an extended leave, including a sudden or unplanned leave. Such employees may have received communications that are time-sensitive and require action by a supervisor, manager or director.  The best practice is for the employee who is on leave to set an Out of Office reply to recipients with direction to another source for assistance. However, as not all employees do this or recipients follow the instructions of the Out of Office reply, this Practice Directive provides an avenue for a supervisor or Appropriate Administrator to request access.

 

Non-Compliance

Noncompliance with applicable policies and/or practices may result in suspension of access privileges. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.

 

Procedure

How to Request Access to a Separated Employee's Data