Department:
Information Technology Services
Contact Information:
Nish Malik / Senior Associate Vice President (AVP) and Chief Information Officer (CIO) / (415) 405-4105 / nish@sfsu.edu
Effective Date:
Wednesday, August 1, 2018
Revised Date:
Tuesday, January 30, 2024
Authority:
Information Security Responsible Use Policy
Objective:
The purpose of this Policy is to provide guidance on separated employee data and the process for requesting access to a separated employee’s mailbox, calendar or system resources provided by SF State.
Definitions
Data Owner
The Data Owner defines and provides information about the rightful owner of data assets and the acquisition, use and distribution.
Data Custodian
A Data Custodian is an employee of the University who has administrative and/or operational responsibility over Institutional Data.
Statement:
SF State Human Resources is both the owner and custodian of separated employee data. This Business Policy defines service offering, policies, requirements and provisions governing the process for requesting, granting and retaining records for access to separated employee mailbox, calendar or system resources provided by SF State.
Scope
This Policy applies to the governing process for requesting access to a separated employee mailbox, calendar or system resources provided by SF State. SF State supports one enterprise e-mail system providing all faculty and staff with an @sfsu.edu e-mail account for official University communication. SF State also provide data sharing and file storage via Box and secure drives for official University business.
Security
Employee data and email content are owned by the University. To address any potential privacy concerns, consent from HR serves to ensure that there are no protected communications in the data or email to which access is requested.
Supplemental Populations
Other defined groups of employees also covered under this policy are defined below:
- Employees on an extended leave, including a sudden or unplanned leave. Such employees may have received communications that are time-sensitive and require action by a supervisor, manager or director. The best practice is for the employee who is on leave to set an Out of Office reply to recipients with direction to another source for assistance. However, as not all employees do this or recipients follow the instructions of the Out of Office reply, this Policy provides an avenue for a supervisor or Appropriate Administrator to request access.
Non-Compliance
Noncompliance with applicable policies and/or practices may result in suspension of access privileges. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.
Procedure
To request access to a separated employee’s data, please open a ticket through Service Now. Questions regarding this process can be referred to the Service Desk (service@sfsu.edu , (415)338-1420).