Almost all employees become former employees at some point. Whenever an employee leaves their job, employers must ...
Almost all employees become former employees at some point. Whenever an employee leaves their job, employers must secure their information systems, protect their data, and comply with various privacy and data retention laws. A terminated employee email policy helps employers avoid potential issues involving the email accounts of former employees.
A terminated employee email policy is a written document that explains the policies and procedures employers and employees must follow when handling the email accounts of terminated employees. This policy should:
A policy for terminated employee emails is important for several reasons.
Leaving a former employee's email account active puts companies at risk. A terminated employee could:
Even when employees part on good terms, allowing continued access to email accounts is a security risk.
Access to computer software and mailboxes costs money. Failing to disable the accounts of former employees unnecessarily increases your operating costs because you are paying for resources or services that you aren't using.
State, federal, and international laws govern how organizations manage data and employee privacy. A terminated employee email policy ensures you remain compliant when handling a former employee's email account.
Your email policy should address what happens to communications from customers, vendors, and others that may continue to come to your former employee's mailbox. Handling these emails correctly protects your reputation and helps you maintain these relationships after the employee leaves.
Mismanaging the emails of terminated employees may result in breaches of privacy or employment law that could lead to lawsuits. A well-crafted terminated employee email policy protects you and your employees.
Whether an employee is leaving their job voluntarily or for some other reason, it's important to follow the same procedures when handling their email account.
Ideally, you will have already gone over your email policies with every employee during the onboarding process, so your employee will know what to expect. Plan what to say to employees before terminating them.
If the employee is not leaving their job voluntarily, provide a brief and direct explanation for the termination. Schedule a meeting with the employee that balances the need to give the employee notice with the needs of your workplace.
Don't make the conversation personal. Focus on work-related reasons for the termination and explain specific policies the employee violated.
Reiterate the terminated employee email policy to your employee. Advise them about anything they should or should not do with their email account before leaving.
If your employee is leaving voluntarily, an exit interview will help you understand why the employee is quitting. It will also give you a better idea of what the employee was working on and any particular aspects of their job you need to address. This helps prevent important communications or information from getting lost or forgotten.
Depending on the circumstances, you may not want to immediately disable the employee's account. However, you should restrict access.
This allows employees leaving on good terms to tie up loose ends and make a smoother transition to the person replacing them. Keep this period as short as possible before moving to the next step.
If the employee is leaving on bad terms or there is no need to give them additional time to access their emails, disable the account immediately. Consider changing the account password. If the employee had access to any other company accounts, change the passwords for those accounts as well.
Many companies choose to leave former employees' email accounts active for a few months as part of their terminated employee email policy. This allows companies to transition communications from outside parties to other employees. During this time, turn on an autoresponder that informs the sender that the employee left the company and tells them who to contact instead.
In addition to using the autoresponder, forward incoming emails to the employee's manager or a member of the information technology department. This person can then ensure the communication gets to the appropriate person to handle it.
Monitor the former employee's account for any suspicious activity, such as attempts to access company systems, copy or delete files, or install unauthorized software. These may be signs of a data breach that your IT department should address.
You may need to access data in your former employee's mailbox for regulatory or eDiscovery reasons. Archiving the mailbox prevents you from accidentally deleting information you need to retain and simplifies the process of responding to requests for information.
Your terminated employee email policy should specify when you will delete the mailbox of a former employee. Make sure you have followed all the previous steps first.
Many employees have access to company emails and other data on their mobile devices. You may want to implement a mobile device management solution that allows you to remotely wipe company data from mobile devices and revoke access to company resources.
Changes in technology, business practices, company policies, and regulations make it necessary to update your email policy regularly. It's a good idea to review and update your policy after terminating an employee.
State, federal, and international law impacts what you can do with employee emails. These are some common regulatory questions employers have about their terminated employee email policy.
Do not immediately delete emails. You may need them for regulatory compliance, business purposes, or eDiscovery.
Multiple laws play a role in which emails you should retain and for how long. Examples include the:
The specific laws you must follow depend on your geographic location, where you do business, and your industry. Failing to comply with these laws can result in severe penalties, including fines and prison time.
Most laws require a retention period between three to seven years; however, the length of time you need to keep a former employee's emails depends on the type of record, applicable regulations, and your industry. A good starting point is to review the applicable regulations with your legal, IT, and compliance teams.
State laws further complicate retention policies, because each state has different statutes of limitations for civil claims. This can impact how long you need to keep emails for eDiscovery purposes. Your terminated employee email policy should specify the specific retention period for various types of emails based on your company's needs and the applicable regulations.
Next to regulations, eDiscovery is the most important reason you need to establish a strong retention policy for the emails of former employees. If you need to respond to a lawsuit, you may have as little as 14 days to produce information stored in a former employee's emails.
You may also need a former employee's email if you must conduct or respond to an employee misconduct proceeding. In addition to retaining these emails, it is important to store and organize them such that you can efficiently access the information you need when you need it.
Whether you can access a terminated employee's email depends on your geographic location, industry, and the applicable regulations. As an example, the General Data Protection Regulation that applies to citizens of the European Union and greater European Economic Area gives employees some control over an employer's use of their personal emails.
You can protect yourself by documenting your employee privacy policy and internal processes for disabling work email accounts. It's also a good practice to create departmental email accounts, such as customerservice@yourcorp.com, for external parties to use as a contact after specific employees leave.
It may seem prudent to retain all emails in case you ever need them, but this isn't practical. The financial burden of securely storing all emails forever is too great for most organizations. Additionally, retaining emails for too long may violate data retention regulations.
One of the most challenging aspects of any terminated employee email policy is properly handling data retention. Cloudficient offers state-of-the-art streamlined solutions that simplify data retention policies for emails and other company data. Contact us today to learn more.
With unmatched next generation migration technology, Cloudficient is revolutionizing the way businesses retire legacy systems and transform their organization into the cloud. Our business constantly remains focused on client needs and creating product offerings that match them. We provide affordable services that are scalable, fast and seamless.
If you would like to learn more about how to bring Cloudficiency to your migration project, visit our website, or contact us.
Learn how to craft an effective email usage policy for employees. Discover essential tips and best practices with this guide from Cloudficient.
Is an email legally binding for businesses? Learn what language to avoid and what to say to reduce your company's liability with email communications.
Archiving is critical to accurate email eDiscovery. Organizations must understand the basic principles of email archiving to get the most out of it.
