Access to Separated Employee Data

Department: 

Information Technology Services

Contact Information: 

Nish Malik / Associate Vice President and Chief Information Officer, Information Technology Services / (415) 405-4105 / nish@sfsu.edu

Effective Date: 

Wednesday, August 1, 2018

Revised Date:

Tuesday, January 30, 2024

Authority: 

Information Security Responsible Use Policy

Information Security Privacy of Personal Information

ISO Domain 8: Asset Management Policy

Objective: 

The purpose of this Policy is to provide guidance on separated employee data and the process for requesting access to a separated employee’s mailbox, calendar or system resources provided by SF State.

Definitions

Data Owner

The Data Owner defines and provides information about the rightful owner of data assets and the acquisition, use and distribution.

Data Custodian

A Data Custodian is an employee of the University who has administrative and/or operational responsibility over Institutional Data. 

Statement: 

SF State Human Resources is both the owner and custodian of separated employee data. This Business Policy defines service offering, policies, requirements and provisions governing the process for requesting, granting and retaining records for access to separated employee mailbox, calendar or system resources provided by SF State.

Scope

This Policy applies to the governing process for requesting access to a separated employee mailbox, calendar or system resources provided by SF State. SF State supports one enterprise e-mail system providing all faculty and staff with an @sfsu.edu e-mail account for official University communication.  SF State also provide data sharing and file storage via Box and secure drives for official University business.

Security

Employee data and email content are owned by the University. To address any potential privacy concerns, consent from HR serves to ensure that there are no protected communications in the data or email to which access is requested.

Supplemental Populations

Other defined groups of employees also covered under this policy are defined below:

  • Employees on an extended leave, including a sudden or unplanned leave. Such employees may have received communications that are time-sensitive and require action by a supervisor, manager or director.  The best practice is for the employee who is on leave to set an Out of Office reply to recipients with direction to another source for assistance. However, as not all employees do this or recipients follow the instructions of the Out of Office reply, this Policy provides an avenue for a supervisor or Appropriate Administrator to request access.

Non-Compliance

Noncompliance with applicable policies and/or practices may result in suspension of access privileges. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.

Procedure

To request access to a separated employee’s data, please open a ticket through Service Now.  Questions regarding this process can be referred to the Service Desk (service@sfsu.edu , (415)338-1420).