Policy 7:13 - IT Security Policy for Employees Leaving the University

Policy Contact: Division of Technology and Security

  1. Purpose

    This policy sets forth the protocols for managing an employee鈥檚 electronic information upon that employee鈥檚 resignation, retirement, or termination from the University in conjunction with SDBOR Policy 7.2.

  2. Policy
     
    1. For the purposes of this policy, the term 鈥渆mployee鈥 refers to University employees, including student employees, as well as University volunteers.
       
    2. Upon an employee鈥檚 resignation, retirement, or termination from the University, all information technology services, support, and equipment will be rescinded and recovered at the time the employee鈥檚 status changes.
      1. In cases where an employee has been using personal equipment for their employment duties, the University reserves the right to inspect and review the contents of any such devices to ensure that all protected information or state-provided software has been removed.
         
    3. When an employee gives notice they will be voluntarily leaving the University due to resignation or retirement, that employee鈥檚 department head, dean, or director will instruct the employee to organize their electronic information, including all files and email communications, and deleting those that do not directly relate to the function of their job in conformity with SDBOR and University Record Retention protocols. This process should be completed prior to the employee鈥檚 last working day.
      1. In situations where there is a need to preserve the employee鈥檚 records (e.g. legal hold), electronic information shall not be deleted.
      2. Unless the Vice President for Technology and Security, successor, or designee, grants a waiver, an exiting employee鈥檚 email account will be disabled from sending email messages immediately upon the person鈥檚 employment change of status. The Division of Technology and Security will process requests to disable email accounts.
      3. It is a violation of security protocols to allow remaining employees to use the email account of someone else under that person鈥檚 name or to allow use of an employee鈥檚 password by another employee. The employee鈥檚 supervisor must make arrangements to handle the relaying of important emails to remaining staff members.
         
    4. If an employee leaves the University due to termination, or as the result of a mutual agreement in less than favorable circumstances, or if the employee鈥檚 supervisor has due cause to review the electronic information of a current employee because of suspected misconduct, the employee鈥檚 supervisor may be granted temporary access to the employee鈥檚 electronic information.
      1. The supervisor will make such a request by submitting a completed Request to Access Electronic Information Form to the Vice President for Technology and Security, or designee. If the request is approved, the supervisor is still prohibited from sending messages from the former employee鈥檚 email account.
      2. If a supervisor is seeking specific information or email content regarding an employee, the supervisor must indicate this on the Request to Access Electronic Information Form. If the request is approved in accordance with SDBOR and University policies and applicable law, the Vice President for Technology and Security, or designee, in conjunction with the Office of Human Resources, will then filter and review the electronic information for the relevant content, which will be provided to the supervisor.
         
    5. To the extent that the University and the SDBOR recognize employee intellectual property rights in works of authorship or data stored on the information technology equipment, employees will be accorded a reasonable opportunity to make copies, at their expense, of such property.
       
    6. When an individual will have a continuing relationship after employment ends, security access and technology use may be afforded on a limited basis as determined by the Vice President for Technology and Security, or designee.

  3. Responsible Administrator

    The Vice President for Technology and Security, or designee, is responsible for the annual and ad hoc review of this policy. The University President is responsible for approval of modifications to this policy.

Approved by President on 10/02/2017. Revised, Approved by President 01/30/2019. Revised 01/31/2024 (clerical).

Sources:  and

Associated Forms: