Department:
Information Technology Services
Contact Information:
Nish Malik / Associate Vice President and Chief Information Officer, Information Technology Services / (415) 405-4105 / nish@sfsu.edu
Effective Date:
Wednesday, August 1, 2018
Revised Date:
Tuesday, October 14, 2025
Authority:
Information Security Responsible Use Policy
Objective:
This policy defines requirements governing separated employee data as well as the process for requesting access to a separated employee’s mailbox, calendar or system resources provided by SF State.
Definitions:
Data Owner
The Data Owner is a campus official who, among other duties, is responsible for classifying the information assets they are responsible for and granting authorization to those assets based on their classification.
Data Custodian
A Data Custodian is an employee of the University who has administrative and/or operational responsibility over campus information assets.
Statement:
SF State Human Resources is both the owner and custodian of separated employee data. This policy defines high-level requirements governing the process for requesting, granting and retaining records for access to separated employee mailbox, calendar or system resources provided by SF State.
Scope
This Policy applies to separated employee mailboxes, calendars or system resources provided by SF State. SF State supports one enterprise e-mail system providing all faculty and staff with an @sfsu.edu e-mail account for official University communication. SF State also provide data sharing and file storage via Box and secure drives for official University business.
Security
Employee data and email content are owned by the University. To address any potential privacy concerns, consent from HR serves to ensure that there are no protected communications in the data or email to which access is requested.
Supplemental Populations
Other defined groups of employees also covered under this policy are defined below:
- Employees on an extended leave, including a sudden or unplanned leave. Such employees may have received communications that are time-sensitive and require action by a supervisor, manager or director. The best practice is for the employee who is on leave to set an Out of Office reply to recipients with direction to another source for assistance. However, as not all employees do this or recipients follow the instructions of the Out of Office reply, this Policy provides an avenue for a supervisor or Appropriate Administrator to request access.
Non-Compliance
Noncompliance with applicable policies and/or practices may result in suspension of access privileges. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.
Procedure
To request access to a separated employee’s data, please open a ticket through Service Now. Questions regarding this process can be referred to the Service Desk (service@sfsu.edu, (415)338-1420).