11

Approval from Employees to Access their Emails/Folders

We have a very clear IT policy which states that all data at work belongs to the company and therefore we have the right to access this. However, we know that employers do have personal emails and folders held on their computers. As a practice we have a process in place which prevents people/managers from gaining access to employees systems without following an approval process. I would like to know what process you have in place to manage access to employees once they have left. Many managers don't think to get the outgoing employee to transfer over info prior to their leaving date and our IT dept will close down the mailbox, etc. HR do not want to be seen as the gate keeper to every access to mailbox/folder request due to managers forgetfulness, etc and would prefer the employee prior to leaving to grant access. However, the question asked is 'what if the employee refuses to give permission - when the data is the Company's anyway'? Do we need to do this? 

Really would appreciate any info on what other companies do to manage this process, especially now that we have GDPR.

1536 views
  • I get our IT guys to add the leaving employees mailbox to their managers outlook as a shared inbox. they have access and can monitor anything new coming in. No permission requested but to be honest the leaver will delete anything not relevant before they leave anyway.
  • When I conduct exit interviews I tell the employee that their email file will be saved with access granted to their Manager when its needed, and I advise (elbow nudge) them to clear it up!! So I dont really give them the option to refuse, but its also in our handbook that emails can be accessed by the company at any time if there is a business justification for it.

    Our IT department then hold the emails on the server for 12 months, and if a situation arises where their emails need to be checked IT will give permission for the Manager to access it for an hour to look for what they need. Permission is then removed until if/when the emails are needed again.

    It creates a few minutes work for IT but I find exiting (and existing!) employees are more comfortable with this. I think there is a perception (and its a reality in some places where Ive worked sadly) that when employees leave their emails are scrutinised so this helps to counter that.

    Regarding new emails I simply log a call with IT to divert new emails to a nominated colleague - I know its done then!
  • We just automatically delete personal files and folders on termination. We don't check what's in them at all. In previous roles, we've flagged such folders up for review by the leaver's LM but, in practice, most such folders then sat untouched and unchecked for months or, in some cases, years because managers didn't have the time or inclination to go through their former employee's trivia.

    Hence at my current workplace, I decided to take a more decisive position.
  • In reply to Robey:

    We do something similar to Robey except automatic deletion is normally within a month - unless the line manager requests a longer period or that certain folders are moved for specific access (we still have some folk who save stuff on their own drive or Outlook folder when really it should be saved in a shared drive or restricted intranet library). This is made clear in our leaving processes and comms to both manager and individual. However, the leaving employee's log-in credentials are "blocked" or "removed" immediately after actual termination date.
  • In reply to Helen :

    Thanks Helen.
  • In reply to Samantha:

    Thanks Samantha. What about the employees that you dont get a chance to have an exit interview. The ones who are instantly let go. How do you manage them.
  • In reply to Robey:

    thanks Robey
  • In reply to Helen:

    Thanks Helen
  • In reply to Robey:

    Quick question. If there are personal items (mail/documents) saved in the normal business folders as opposed to being held on a separate drive, etc how does your process manage this?

    We had a situation where by a manager wanted access to a empee's mailbox who was leaving. The request came to HR for approval but because we were aware of a potential grievance of bullying by the empee against their manager, we did not grant access. Obviously this was a rare one but we are now concerned about giving general access.

    Do you have all employees sign acknowledgement of your acceptable use/IT policy?
  • Steve Bridger

    | 0 Posts

    Community Manager

    13 Jun, 2017 08:49

    In reply to Robey:

    "We just automatically delete personal files and folders on termination. We don't check what's in them at all."

    Like Robey, this is my experience, too. Having said that, this would be in the context of an employee giving notice, allowing at least a month for a full handover of active clients / projects.

    I guess the circumstance of a dismissal might be a little different[?]

  • In reply to Sonia:

    I'm extremely sceptical of the value in getting employees to sign policies. At best, the only thing it "proves" is that the employee and the policy were in the same place at the same time, briefly.

    Better is to encourage an atmosphere of learning in which employees are motivated to educate themselves on how we do things. Good example, here: recently I've been conducting an exercise, first, to understand how people are using our (somewhat chaotic) electronic file system; then to understand how they think it's *supposed* to be used; then to communicate how we think it *ought* to be used; and finally to blend people's intuitive approach with our intended approach to come up with something that imposes some much-needed structure whilst leaving people some leeway to adapt it to their needs.

    An outcome of this has been to clearly pass on the message: there is no "personal" space on our system. Whilst we provide sequestered sections for teams and for individuals, the content of the system belongs to the business and we can look at anything on it, at any time, if we so choose.

    Naturally, this comes with an element of discretion such that a manager cannot simply access the work of a team member at any time if the team member hasn't chosen to share that. There are myriad reasons why people should be entitled to work with a reasonable sense of privacy, not least being exactly this situation: that an employee may want to record incidents of bullying or corruption, for example, or have a confidential exchange of messages with HR. So there needs to be a clear difference between "the business" and "your manager" - which is exactly what you've done here.

    However, once someone leaves the organization, all bets are off. So if an employee is on their way out but hasn't yet actually left, I would feel very comfortable saying to a manager "no, if you want stuff handed over, you have to talk to [employee]", but when the employee is no longer an employee, anything left over can be left to managers to sift through. This gives employees the opportunity to expunge anything they'd rather not leave exposed to public scrutiny before they make their exit.