Re: Access and the Terminated Employee

[Roderick Cook <rcook () PACIFIC EDU>]

We do have a documented process but no formal policy.  At Pacific, typically
HR will notify the OIT group through email that we need to term X employee
by Y date/time.  Accounts are then manually disabled by system
administration at the specified time.

More often than not there seem to be cases where an individual (usually
faculty) is leaving the University on graceful terms and HR requests that
departing employee retain email for a short period of time.  Each of these
requests are handled on a case by case basis and require supervisory
approval as well as HR before continued access is granted.

If it were solely up to me, I'd terminate all access on or slightly before
term date/time for all departing employees, no exceptions.  Still working
through the termination process with HR on that one.

Roderick Cook, CISSP
IT Security Officer
University of the Pacific


On 3/2/11 9:57 AM, "Feehan, Patrick" <Patrick.Feehan () MONTGOMERYCOLLEGE EDU>
wrote:

> Good Afternoon All:
>
> We are having a discussion about the amount of access a terminated employee
> can have to (arguably) their information on (clearly) our systems.  This came
> up in context of employees who had terminated, either voluntarily or
> involuntarily, and then found that they did not have access to their
> electronic W-2 information they had requested while in the employ of the
> College.
>
> In general, do you have policies or processes which dictate what access (if
> any) a terminated employee may have to wage or benefit information?  Does it
> make a difference if they were fired versus left on their own (moved on) or
> even retired?
>
> Thanks.
>
>
> Patrick J. Feehan JD, CIPP
> Director of IT Privacy & Cybersecurity Compliance
> Montgomery College
> (240) 567-3087
> patrick.feehan () montgomerycollege edu