Information Governance

Creating an Effective Terminated Employee Email Policy

Almost all employees become former employees at some point. Whenever an employee leaves their job, employers must ...

Almost all employees become former employees at some point. Whenever an employee leaves their job, employers must secure their information systems, protect their data, and comply with various privacy and data retention laws. A terminated employee email policy helps employers avoid potential issues involving the email accounts of former employees.


Defining a Terminated Employee Email Policy

A terminated employee email policy is a written document that explains the policies and procedures employers and employees must follow when handling the email accounts of terminated employees. This policy should:

  • Protect the employer's sensitive information.
  • Prevent important information from becoming lost.
  • Ensure compliance with regulations.
  • Make the employee exit process smoother.

Cloud Migration CTA

Why You Need a Terminated Employee Email Policy

A policy for terminated employee emails is important for several reasons.


Leaving a former employee's email account active puts companies at risk. A terminated employee could:

  • Use their company email address in ways that harm their former employer's reputation or endanger the company
  • Delete or copy important or confidential files
  • Expose the employer to a data breach
  • Share or steal confidential company information

Even when employees part on good terms, allowing continued access to email accounts is a security risk.


Access to computer software and mailboxes costs money. Failing to disable the accounts of former employees unnecessarily increases your operating costs because you are paying for resources or services that you aren't using.


State, federal, and international laws govern how organizations manage data and employee privacy. A terminated employee email policy ensures you remain compliant when handling a former employee's email account.

Professional Relationships

Your email policy should address what happens to communications from customers, vendors, and others that may continue to come to your former employee's mailbox. Handling these emails correctly protects your reputation and helps you maintain these relationships after the employee leaves.

Potential Lawsuits

Mismanaging the emails of terminated employees may result in breaches of privacy or employment law that could lead to lawsuits. A well-crafted terminated employee email policy protects you and your employees.


Steps To Take When Disabling a Terminated Employee’s Email Account

Whether an employee is leaving their job voluntarily or for some other reason, it's important to follow the same procedures when handling their email account.

Keep Communication Open and Respectful

Ideally, you will have already gone over your email policies with every employee during the onboarding process, so your employee will know what to expect. Plan what to say to employees before terminating them.

If the employee is not leaving their job voluntarily, provide a brief and direct explanation for the termination. Schedule a meeting with the employee that balances the need to give the employee notice with the needs of your workplace.

Don't make the conversation personal. Focus on work-related reasons for the termination and explain specific policies the employee violated.

Reiterate the terminated employee email policy to your employee. Advise them about anything they should or should not do with their email account before leaving.

Conduct an Exit Interview

If your employee is leaving voluntarily, an exit interview will help you understand why the employee is quitting. It will also give you a better idea of what the employee was working on and any particular aspects of their job you need to address. This helps prevent important communications or information from getting lost or forgotten.

Restrict Access

Depending on the circumstances, you may not want to immediately disable the employee's account. However, you should restrict access.

This allows employees leaving on good terms to tie up loose ends and make a smoother transition to the person replacing them. Keep this period as short as possible before moving to the next step.

Disable the Email Account

If the employee is leaving on bad terms or there is no need to give them additional time to access their emails, disable the account immediately. Consider changing the account password. If the employee had access to any other company accounts, change the passwords for those accounts as well.

Turn On an Autoresponder

Many companies choose to leave former employees' email accounts active for a few months as part of their terminated employee email policy. This allows companies to transition communications from outside parties to other employees. During this time, turn on an autoresponder that informs the sender that the employee left the company and tells them who to contact instead.

Forward Incoming Emails To a Current Employee

In addition to using the autoresponder, forward incoming emails to the employee's manager or a member of the information technology department. This person can then ensure the communication gets to the appropriate person to handle it.

Audit Account Activities

Monitor the former employee's account for any suspicious activity, such as attempts to access company systems, copy or delete files, or install unauthorized software. These may be signs of a data breach that your IT department should address.

Archive Emails

You may need to access data in your former employee's mailbox for regulatory or eDiscovery reasons. Archiving the mailbox prevents you from accidentally deleting information you need to retain and simplifies the process of responding to requests for information.

Delete the Mailbox

Your terminated employee email policy should specify when you will delete the mailbox of a former employee. Make sure you have followed all the previous steps first.

Manage Mobile Devices

Many employees have access to company emails and other data on their mobile devices. You may want to implement a mobile device management solution that allows you to remotely wipe company data from mobile devices and revoke access to company resources.

Update Your Policy

Changes in technology, business practices, company policies, and regulations make it necessary to update your email policy regularly. It's a good idea to review and update your policy after terminating an employee.

Employee Email Regulatory Questions

State, federal, and international law impacts what you can do with employee emails. These are some common regulatory questions employers have about their terminated employee email policy.

Cloud Migration CTA

Should You Delete an Employee's Emails Immediately?

Do not immediately delete emails. You may need them for regulatory compliance, business purposes, or eDiscovery.

Which Laws Impact Email Retention?

Multiple laws play a role in which emails you should retain and for how long. Examples include the:

  • Freedom of Information Act
  • Family Educational Rights and Privacy Act
  • Sarbanes-Oxley Act
  • Health Insurance Portability and Accountability Act
  • Gramm-Leach-Bliley Act

The specific laws you must follow depend on your geographic location, where you do business, and your industry. Failing to comply with these laws can result in severe penalties, including fines and prison time.

How Long Do You Have To Keep Former Employee Emails?

Most laws require a retention period between three to seven years; however, the length of time you need to keep a former employee's emails depends on the type of record, applicable regulations, and your industry. A good starting point is to review the applicable regulations with your legal, IT, and compliance teams.

State laws further complicate retention policies, because each state has different statutes of limitations for civil claims. This can impact how long you need to keep emails for eDiscovery purposes. Your terminated employee email policy should specify the specific retention period for various types of emails based on your company's needs and the applicable regulations.

Do You Need To Retain Former Employee’s Emails for eDiscovery?

Next to regulations, eDiscovery is the most important reason you need to establish a strong retention policy for the emails of former employees. If you need to respond to a lawsuit, you may have as little as 14 days to produce information stored in a former employee's emails.

You may also need a former employee's email if you must conduct or respond to an employee misconduct proceeding. In addition to retaining these emails, it is important to store and organize them such that you can efficiently access the information you need when you need it.

Can Employers Access the Email of Terminated Employees?

Whether you can access a terminated employee's email depends on your geographic location, industry, and the applicable regulations. As an example, the General Data Protection Regulation that applies to citizens of the European Union and greater European Economic Area gives employees some control over an employer's use of their personal emails.

You can protect yourself by documenting your employee privacy policy and internal processes for disabling work email accounts. It's also a good practice to create departmental email accounts, such as, for external parties to use as a contact after specific employees leave.


Why Not Keep All Emails Just To Be Safe?

It may seem prudent to retain all emails in case you ever need them, but this isn't practical. The financial burden of securely storing all emails forever is too great for most organizations. Additionally, retaining emails for too long may violate data retention regulations.

Technology To Help You Implement Your Terminated Employee Email Policy

One of the most challenging aspects of any terminated employee email policy is properly handling data retention. Cloudficient offers state-of-the-art streamlined solutions that simplify data retention policies for emails and other company data. Contact us today to learn more.

With unmatched next generation migration technology, Cloudficient is revolutionizing the way businesses retire legacy systems and transform their organization into the cloud. Our business constantly remains focused on client needs and creating product offerings that match them. We provide affordable services that are scalable, fast and seamless.

If you would like to learn more about how to bring Cloudficiency to your migration project, visit our website, or contact us.
Cloud Migration CTA

Similar posts