ֱ

Skip to main content

Policy 7:13 - IT Security Policy for Employees Leaving the University


Policy Contact: Division of Technology and Security


  1. Purpose

    This policy sets forth the protocols for managing an employee’s electronic information upon that employee’s resignation, retirement, or termination from the University in conjunction with SDBOR Policy 7.2.

  2. Policy
     
    1. For the purposes of this policy, the term “employee” refers to University employees, including student employees, as well as University volunteers.
       
    2. Upon an employee’s resignation, retirement, or termination from the University, all information technology services, support, and equipment will be rescinded and recovered at the time the employee’s status changes.
      1. In cases where an employee has been using personal equipment for their employment duties, the University reserves the right to inspect and review the contents of any such devices to ensure that all protected information or state-provided software has been removed.
         
    3. When an employee gives notice they will be voluntarily leaving the University due to resignation or retirement, that employee’s department head, dean, or director will instruct the employee to organize their electronic information, including all files and email communications, and deleting those that do not directly relate to the function of their job in conformity with SDBOR and University Record Retention protocols. This process should be completed prior to the employee’s last working day.
      1. In situations where there is a need to preserve the employee’s records (e.g. legal hold), electronic information shall not be deleted.
      2. Unless the Vice President for Technology and Security, successor, or designee, grants a waiver, an exiting employee’s email account will be disabled from sending email messages immediately upon the person’s employment change of status. The Division of Technology and Security will process requests to disable email accounts.
      3. It is a violation of security protocols to allow remaining employees to use the email account of someone else under that person’s name or to allow use of an employee’s password by another employee. The employee’s supervisor must make arrangements to handle the relaying of important emails to remaining staff members.
         
    4. If an employee leaves the University due to termination, or as the result of a mutual agreement in less than favorable circumstances, or if the employee’s supervisor has due cause to review the electronic information of a current employee because of suspected misconduct, the employee’s supervisor may be granted temporary access to the employee’s electronic information.
      1. The supervisor will make such a request by submitting a completed Request to Access Electronic Information Form to the Vice President for Technology and Security, or designee. If the request is approved, the supervisor is still prohibited from sending messages from the former employee’s email account.
      2. If a supervisor is seeking specific information or email content regarding an employee, the supervisor must indicate this on the Request to Access Electronic Information Form. If the request is approved in accordance with SDBOR and University policies and applicable law, the Vice President for Technology and Security, or designee, in conjunction with the Office of Human Resources, will then filter and review the electronic information for the relevant content, which will be provided to the supervisor.
         
    5. To the extent that the University and the SDBOR recognize employee intellectual property rights in works of authorship or data stored on the information technology equipment, employees will be accorded a reasonable opportunity to make copies, at their expense, of such property.
       
    6. When an individual will have a continuing relationship after employment ends, security access and technology use may be afforded on a limited basis as determined by the Vice President for Technology and Security, or designee.
  3. Responsible Administrator

    The Vice President for Technology and Security, or designee, is responsible for the annual and ad hoc review of this policy. The University President is responsible for approval of modifications to this policy.


Approved by President on 10/02/2017. Revised, Approved by President 01/30/2019. Revised 01/31/2024 (clerical).

Sources:  and

Associated Forms: