RE: Former Employee Email - Exchange

["Lee Bottone" <fusedlee () eanalysis net>]

This is actually a pretty good time to bring up security and the legal
issues:

1. Can your employees use company mail for personal use? If they are using
it for personal use, giving all their messages to the next employee could be
a violation of their privacy rights, as there will be personal information
that could be misused in there. Ideally you don't want them to use company
mail for personal use. 

The college I work allows personal use, so they simply disable the account
and edit the name to include the phrase no longer employed (so that Helpdesk
does not re-enable the account accidentally). Then if there is a message
that someone needs from the account, the system administrator recovers the
message. This limits our exposure to someone who can craft the query to not
look at mail that does not pertain to the company, and limits the liability
of violating privacy issues down to one person (as opposed to whoever
replaces the old employee, the system technicians who port the mail over,
and possibly others).


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of patricekemoe () gmail com
Sent: Friday, January 18, 2008 4:35 PM
To: nextdrewsaid () gmail com
Cc: security-basics () securityfocus com
Subject: Re: Former Employee Email - Exchange

In my comnpany we do the following when an employee leaves:

1- an auto response is put stating the the user is no longer with the
company
2- forward his message to an employee that was choose by administration
3- after two or tree months according to his responsibility, the email
account his delete from the mail system

On 18 Jan 2008 19:26:46 -0000, nextdrewsaid () gmail com
<nextdrewsaid () gmail com> wrote:
> The situation I have on my hands is something that I am sure many of you
> deal with on a somewhat regular basis; however, I am sure in each case it
is
> handled differently.
>
>
> When an employee leaves the company, how do you handle their email?
> Initially, in our case, an auto response is put up stating that the user
is
> no longer with the company, and that you should contact "this person" for
> assistance etc.
>
>
> Several times we have created a PST of the former employees email, and
then
> import that PST into the persons email box who has replaced them or we
have
> passed it off to their former manager, of course we place it in a separate
> folder so as not mingle with their own email.
>
>
> So how do you handle old email, specifically containers in an Exchange
2003
> environment?
>
>
> I would be interested in all thoughts, from security, regulatory and
> logistical point of view.


-- 
Patrice KEMOE
Senior Analyst
--IT Consultant
----------------------------------------------------------------------------
-
--MCP, MCAD.NET, MCSD.NET, MCT, Linux+ Certified  Professional