Why You Need a Terminated Employee Email Policy

People leave and lose jobs.

But what are you supposed to do with their company email account, and what does that have to do with email compliance?

The best way to manage this transition smoothly is to create a terminated employee email policy. Some of the information from their email accounts will need to be accessed in the future for business purposes, unforeseen data requirements, compliance reasons, or in response to an ediscovery request or HR investigation.

So, it’s essential that you establish clear guidelines for email retention, access permissions, and compliance measures to ensure data security and legal adherence.

In this guide, we’ll cover:

• What is a terminated employee email policy
• Why it is important
• Key elements of a comprehensive terminated employee email policy
• What you should do with former employees’ email accounts
• How email archiving can help

What Is a Terminated Employee Email Policy?

A terminated employee email policy outlines how a company handles an employee’s email account once their employment ends. It defines how to redirect important emails to a supervisor or a colleague to prevent messages from being lost during and after the employee’s departure.

The main goals of the terminated employee email policy include:

• Protecting the company’s sensitive information by minimizing the risk of unauthorized access, data breaches, and miscommunication.
• Maintaining business continuity by ensuring important emails are not lost and remain accessible to relevant parties within the organization.
• Complying with legal and regulatory requirements to ensure compliance with industry-specific standards and government regulations, avoiding potential fines and legal issues.
• Protecting the company’s reputation through preventing the misuse of company email addresses and safeguarding against potential legal disputes.
• Respecting employee privacy by clearly defining how personal information within emails will be handled after termination.

Key Elements of a Terminated Employee Email Policy

A well-thought-out terminated employee email policy should address several key areas, including:

• Deactivation timeline — First, it’s crucial to establish a clear and precise deactivation timeline for the departing employee’s email account. This involves specifying when and how the account will be disabled, ideally aligning with their last day. Depending on the circumstances, the timeline may allow a defined grace period for the employee to wrap up personal communication.
• Data retention — Next, determine the duration for which emails will be archived or retained, considering legal requirements, regulatory obligations, and business needs. This ensures compliance with laws like GDPR and industry-specific regulations.
• Email forwarding — After that, make sure to set up email forwarding to direct incoming messages to a designated manager, team lead, or shared mailbox, maintaining business continuity. Also, ensure that senders are notified of the employee’s departure with alternate contact information.
• Auto-reply — Create an automated message to inform senders that the employee is no longer available and to provide appropriate contact details, ensuring timely communication.
• Access revocation — Immediate access revocation is implemented to secure company data. This involves changing passwords and disabling accounts to prevent unauthorized access, particularly in cases of termination for cause.
• Archiving protocols — Establish archiving protocols to securely preserve important emails for future reference, audits, or legal reasons. This involves backing up the mailbox and storing it securely, using archiving solutions as needed.
• Legal and regulatory compliance — Throughout the process, strict adherence to legal and regulatory requirements, including data privacy laws and ediscovery obligations, should be ensured while also regularly reviewing and updating the policy.
• Roles and responsibilities — Finally, define clear roles and responsibilities for HR, IT, legal, and other relevant departments, ensuring consistent policy application through clear assignments and proper training.

What Should You Do with Former Employees’ Emails?

You may choose to simply delete the account, and the data that goes with it. In the short term, this might seem like a fine solution, as you no longer need to worry about any new emails or servers to keep the data on, but it may be a catalyst for a host of new problems.

Currently there are data retention laws in effect that require you to keep your email for a number of years (based on your industry and geolocation).

In addition to that, the employee’s old communications may be subject to ediscovery in the event of a legal case. If the required data has been deleted, your organization could be subject to fines or other severe penalties.

Here’s a better process for handling email when an employee leaves or is dismissed:

Restrict access to their mailbox

In certain cases, you may want to give them some time before their final departure date to go through their mailbox, respond to emails, and do the handover.

This, of course, depends on the circumstances under which they left and your organization’s own policy about IP and confidentiality of records.

For companies to protect themselves, especially if the employee was terminated due to bad performance, communication skills, or layoffs, it’s best to terminate all email privileges immediately. The longer you wait, the more likely the employee will act out of resentment and do something malicious.

Of course, you can be more relaxed if someone is leaving by agreement, has a notice period, and you have no reason to question their integrity.

Once the employee leaves, it’s essential to reset their email password and restrict access to their email account. If this offboarding procedure is not followed, there could be data loss or data leak.

A powerful advanced search to filter millions of records.

Find exactly what you’re looking for in seconds.

Learn More

Forward their email to an appropriate employee or manager

You can leave the mailbox status as active, but make sure you forward their email to a manager or IT. You can also include an auto-responder message explaining that the employee is no longer with the company and who would be the best point of contact onwards.

Remember that having an active mailbox incurs a monthly mailbox fee, which can be quite expensive depending on your email client and plan (e.g., Office365 E5 subscriptions are 35.75$ a month).

In theory, if you’re not in a regulated industry, you could delete the mailbox after one to three months. Still, we generally advise against complete wiping to preserve business information and prepare for compliance audits and litigation.

This depends on the employee’s position and responsibilities in the company, but it’s good to have an established terminated employee email policy to avoid missteps.

Remember that, based on which laws apply to you and where you operate, there could be data privacy concerns if you decide to keep former employee mailboxes active.

Email correspondence contains vast amounts of valuable information, but data retention laws are also in conflict with data protection laws, so it’s important to carefully weigh in for how long you’re going to keep records in order to have them at hand but avoid breaking any data privacy laws like the GDPR.

Such a situation happened in Belgium, where the local Data Protection Authority fined an SME EUR 15,000 for keeping the employee data for over two years and failing to abide by the foundational principles of the GDPR (data minimization and lawfulness).

Need to locate and present electronic records for a legal case?

Jatheon’s data archiving solutions come with the complete ediscovery feature set.

Learn More

Archive and delete the mailbox

Alternatively, you can archive the employee’s mailbox and back it up on a local server, after which the original email can be safely deleted.

After a set period of time, you could get the IT department to create a backup of the existing emails and keep them on the company servers for as long as you need them.

In the meantime, the former employee may (or may not) have access to their work email address, and you can erase it once it has been copied. You could have a permanent, indefinite, or set timeframe for keeping the mail, making it accessible when required.

Use third-party email archiving to keep things simple and compliant

If you are in a highly regulated industry like education or financial services, you will need to preserve electronic records, including those of former employees, not only for business continuity purposes, but also to meet compliance requirements.

Third-party email archiving software relies on email journaling and creates a copy of all emails in near real-time. The email is instantly indexed and stored, allowing you to delete everything from the mailbox and still have an archive (in the cloud or on-premises).

Such archives are fully searchable, which makes them:

If you are in a highly regulated industry like education or financial services, you will need to preserve electronic records, including those of former employees, not only for business continuity purposes, but also to meet compliance requirements.

Third-party email archiving software relies on email journaling and creates a copy of all emails in near real-time. The email is instantly indexed and stored, allowing you to delete everything from the mailbox and still have an archive (in the cloud or on-premises).

Such archives are fully searchable, which makes them:

• The easiest way to access work email after termination,
• Good to avoid paying for an account’s full price and
• The perfect solution to stay compliant with all relevant email retention laws.

Most third-party email archiving solutions allow you to set retention policies. So, based on the employee’s role and relevant regulations, you could retain all the legacy data indefinitely or schedule retention rules for the records to be automatically deleted once the specified or mandated retention periods expire. For example, FINRA firms will need to retain all email for at least six years).

Summary

What happens to an employee’s email account when they leave?

• This varies based on the organization’s policies and the employee’s role.
• It’s best to have a terminated employee email policy as well as an email retention policy with detailed guidelines on how the company handles terminated employees’ email accounts.
• Access to the work email account should be terminated as soon as possible.
• The account may be deactivated, and all the incoming emails will bounce back.
• More often, the account will be forwarded or redirected to a colleague or supervisor.
• The emails could be archived for legal and compliance purposes.
• If the company has a data retention policy, your email account and its contents will be retained for some time before they get permanently deleted.

Jatheon is a tech company specializing in the secure archiving of business communications like email, social media, text messages, and chat apps for compliance, business continuity, and legal discovery. See how our AWS-based cloud archiving software can help you reduce the cost and complexity of managing former employee email.

FAQ

Can my employer read my email after I quit?

This depends on the company policy, the type of email account, and applicable laws. Employers often retain rights to company-provided emails for business, security, and compliance purposes, but data protection laws may restrict access depending on your location.

Should you delete all your emails when you leave a company?

It depends on company policies, as well as your legal and contractual obligations. Before taking any action, it’s best to review the company’s email retention policy. If the company has an email archiving or backup system, deleting your emails from your inbox may not remove them from the company’s records. Deleting all your emails might be seen as an attempt to hide something, so it’s best to be transparent and consult with HR or relevant supervisors.

What does a manager do when an employee resigns?

When an employee leaves, the manager will announce the departure to the person’s team and other relevant departments, staff, and contacts (vendors, contractors, customers). The next steps are to transfer the responsibilities, comply with final pay laws, and conduct the exit interview. The employee’s access to company email and workspace will be canceled, and they may be asked to hand back some of the company-issued equipment and devices.

What to do with an email account when leaving a job?

Before taking any action, you should review your company’s email retention policy because some companies have specific guidelines for departing employees. You should back up any essential work-related emails you may need in the future. If you used your company email account for personal purposes, you should delete any personal emails, attachments, and photos unrelated to work to protect your privacy.

Can my employer find deleted emails?

If your employer has established a backup or email archiving solution, then yes. No matter what actions you take to delete your personal or work-related emails from your primary company-provided mailbox (e.g., Gmail or Outlook), the solution automatically makes a copy and stores it elsewhere for search and retrieval for compliance, HR, or ediscovery purposes. It’s best to read your email retention policy to learn more. Deleting any emails is generally not advised, as the employer may believe you want to hide something.

What are the rules for accessing work email after termination?

Your access to company email after termination depends on company policies, legal considerations, termination circumstances, local laws, and the industry. In most cases, your email access will be revoked immediately, and you will not be able to access it without explicit authorization. It’s the company’s responsibility to handle your personal data in compliance with data privacy and protection laws.

About the Author

Bojana Krstic

Bojana Krstic is the Marketing Director at Jatheon, where she leads strategic initiatives and creates content on data archiving, ediscovery, and compliance. When AFK, you’ll find her in the forest, discovering new music, or exploring the Adriatic.