Guidelines for Handling Former Employee Computing Resources

Effective Date: November 22, 2011
Date Last Reviewed: June 25, 2018
Date Scheduled for Review: June 2023
Issuing Authority: Chief Information Security Officer

When an employee ends his/her employment relationship with the University, there is sometimes a need to access business-related information stored on the former employee’s University computing resources. While the University makes computer resources available to its employees for the primary use of education and research, and for administrative activities, it recognizes that former employees could be current students or alumni and using University computing resources, especially email accounts, for approved personal use. Thus, it is reasonable to expect the University will provide protection for the individual’s personal information as long as it does not violate any local, state or federal laws and regulations. According to University policies, access to a former employee's computing resources is strictly prohibited. Any exceptions to this policy must be approved by the Cognizant Vice President/Dean, Chief Information Security Officer and VP for Information Technology Services.

These guidelines supplement the termination process and guide the supervisor in determining what may be done with a former employee’s University computing resources.

1. Prior to termination, the department head should appoint another employee to review and assume access to the former employee’s shared University computing resources. When an employee gives notice of resignation, the department head should ask the employee to remove any personal files from his/her PC, network drives, departmental shares and email account, and should remind the employee that Temple University’s confidential, sensitive and proprietary data must remain with Temple and that all work-related material is the property of Temple University.
2. If the employee has already been terminated and has left the workplace, an Authorization Form (See Authorization Procedure below) will be required before an appointee of the department may access the employee’s business-related computer files or e-mail messages. Upon approval of the Authorization Form, the appointee of the department may schedule an appointment with Information Technology Services (call 1-8000) to assist in accessing the employee’s files and, if necessary, transfer relevant business-related folders, files and other data from flash drives, CD or DVD. Access to files of a personal nature, full access or all access to former employee’s data or emails will not be approved. See authorization form below on acceptable criteria for access to University business-related resources.
3. If the employee’s emails are needed, the appointee of the department should contact Information Technology Services to request access to the employee’s business-related email messages.
4. Access to a former employee’s data has time limitations.  A terminated employee’s email messages ordinarily may only be accessed for 30 days.

1. Information Technology Services personnel should make sure that appropriate approvals have been obtained before accessing a current or former employee’s files or other data on University computing resources. Do not copy, send, or otherwise share the files or data with anyone unless you have received the appropriate approvals.
2. If you determine that information is of a personal nature or is non-business related, you should cease looking at it and refrain from sharing it with others.
3. While performing your duties, if you come across material that you reasonably believe to be of a criminal nature (e.g., child pornography, criminal conspiracy, etc.), stop your search, secure the PC or other resource, and immediately contact the Office of the CISO.
4. All criminal investigations involving University computing resources must be coordinated with the Office of the CISO who will work with Campus Police and/or external law enforcement to ensure that chain of custody and rules for evidence are maintained.
5. Devices/Computers of former employees must be “wiped” and re-imaged prior to reissue.

1. Maintain guidelines on the process of accessing a terminated employee’s personal computer and associated files.
2. Ensure that Information Technology Services receives and files approvals prior to authorizing access to the former employee’s personal computer and associated files.
3. Maintain the Authorization Procedure.
4. Work with Campus Police and external law enforcement agencies on all investigations involving computing resources.

1. VP for Information Technology Services will provide final approval after the review and recommendation by the Chief Information Security Officer is completed and approval by the Cognizant Vice President/Dean is given.

1. An Authorization Form (see below) must be completed and approved before access may be obtained to a former employee’s University computing resources.
2. The department head or managing supervisor of the former employee must complete an Authorization Form, and the Vice President/Dean must sign it.
3. The Authorization Form must be sent to the Office of the CISO, 705 Conwell Hall or scanned and emailed to ciso@temple.edu .
4. The Chief Information Security Officer may seek additional advice and consult University Counsel’s Office.
5. The CISO will review and make recommendations to the VP for Information Technology Services.
6. The Office of the CISO will oversee the process of accessing University computing resources of the former employee.

Date of Request: _____________

Requestor Name: ______________________________________________________________

Former Employee’s Name: _______________________________________________________

Former Employee’s TUid: ________________________________________________________

Please list specific resources (for example, all files and emails related to admissions business):

_______________________________________________________________________________________________________________________________________________________

_______________________________________________________________________________________________________________________________________________________

_______________________________________________________________________________________________________________________________________________________

_______________________________________________________________________________________________________________________________________________________

_________________________________________________________________________________________________________________________________

DEPARTMENT APPROVAL:

Dean/Vice President Name: _________________________________

Dean/Vice President Signature: _________________________________   Date: __________

Once you have obtained department approval, please scan this form and email it to ciso@temple.edu for the university approval.

UNIVERSITY APPROVAL:

Chief Information Security Officer: _________________________________   Date: __________

VP for Information Technology Services: ____________________________________   Date: _________