People leave and lose jobs. But what are you supposed to do with their company email account and what does that have to do with email compliance?
Some companies will have a terminated employee email policy, others will deal with the situation when it happens, but one thing’s for sure — at least some of that information will need to be accessed at a future time.
Accessing work email after termination will happen for business information, unforeseen data requirements, compliance reasons or as part of a response to an ediscovery request or an HR investigation.
So how do you handle emails when an employee leaves?
What Should You Do with Old Employee Emails?
You may choose to simply delete the account, and the data that goes with it. Short-term, this is a fine solution, as you no longer need to worry about any new emails, or servers to keep the data on, but it may be a catalyst to a host of new problems.
Currently there are data retention laws in effect that require you to keep your email for a number of years (based on your industry and geolocation).
In addition to that, the employee’s old communications may be subject to ediscovery in the event of a legal case. If the required data has been deleted, your organization could be subject to fines or other severe penalties.
Here’s a better process for handling email when an employee leaves or is dismissed:
Restrict access to their mailbox
In certain cases, you may want to give them some time before their final date of departure to go through their mailbox, respond to emails, and do the handover.
This, of course, depends on the circumstances under which they left and your organization’s own policy about IP and confidentiality of records.
For companies to protect themselves, especially if the employee was terminated due to bad performance, communication skills, or even layoffs, it’s best to terminate all email privileges immediately. The longer you wait, the bigger the chance that the employee may act from resentment and do something malicious.
Of course, you can be more relaxed if someone is leaving by agreement, has a notice period, and you have no reason to question their integrity.
Once the employee leaves, it’s essential to reset their email password and restrict access to their email account. If this offboarding procedure is not followed, there could be data loss or date leak, with serious consequences.
Forward their email to an appropriate employee / manager
You can leave the mailbox status as active, but make sure you forward their email to a manager or IT. You can also include an auto-responder message explaining that the employee is no longer with the company and who would be the best point of contact onwards.
Remember that having an active mailbox incurs a monthly mailbox cost, which can be quite expensive depending on your email client and plan (e.g. Office365 E5 subscriptions are 35$ a month).
In theory, if you’re not in a regulated industry, you could delete the mailbox after one to three months, but we generally advise against complete wiping in order to preserve business information and be ready for compliance audits and litigation.
This depends on the employee’s position and responsibilities in the company, but it’s good to have an established terminated employee email policy on this to avoid any missteps.
Remember that, based on which laws apply to you and where you operate, there could be data privacy concerns if you decide to keep former employee mailboxes active.
Email correspondence contains vast amounts of valuable information, but data retention laws are also in conflict with data protection laws, so it’s important to carefully weigh in for how long you’re going to keep records in order to have them at hand but avoid breaking any data privacy laws like the GDPR.
This recently happened in Belgium, where the local Data Protection Authority fined an SME EUR 15,000 for keeping the employee data for over 2 years and failing to abide by the foundational principles of the GDPR (data minimization and lawfulness).
Archive and delete the mailbox
Alternatively, you can archive the employee’s mailbox and back it up on a local server, after which the original email can be safely deleted.
After a set period of time you could get the IT department to create a backup of the existing emails and keep it on the company servers for as long as you need it.
The past employee may (or may not) have access to their work email address in the meantime, and you can erase it once it has been copied. You could have a permanent, indefinite or a set timeframe on keeping the mail, making it accessible when required.
Use third-party email archiving to keep things simple and compliant
If you are in a highly regulated industry like education or financial services, you will need to preserve electronic records, including those of former employees, not only for business continuity purposes, but also to meet compliance requirements.
Third-party email archiving software relies on email journaling and creates a copy of all email in near real-time. The email is instantly indexed and stored, allowing you to delete everything from the mailbox and still have an archive (in the cloud or on-premises).
Such archives are fully searchable, which makes them:
- The easiest way for accessing work email after termination,
- Good to avoid paying for an account’s full price and
- The perfect solution to stay compliant with all relevant email retention laws.
Most third-party email archiving solutions allow you to set retention policies, so (based on the employee’s role and relevant regulations), you could retain all the legacy data indefinitely or schedule retention rules for the records to be automatically deleted once the specified or mandated retention periods expire (for example, FINRA firms will need to retain all email for at least 6 years).
What happens to an employee’s email account when they leave?
- This varies based on the organization’s policies and the employee’s role.
- It’s best to have an email retention policy with detailed guidelines on how the company handles terminated employees’ email accounts.
- Access to the work email account should be terminated as soon as possible.
- The account may be deactivated, and all the incoming emails will bounce back.
- More often, the account will be forwarded or redirected to a colleague or supervisor.
- The emails could be archived for legal and compliance purposes.
- If the company has a data retention policy, your email account and its contents will be retained for some time before they get permanently deleted.
Jatheon is a tech company specializing in the secure archiving of business communications like email, social media, text messages and chat apps for compliance, business continuity and legal discovery. See how our AWS-based cloud archiving software can help you to reduce the cost and complexity of managing former employee email.
Can my employer read my email after I quit?
This depends on the company policies, the type of email account you had, and the laws and regulations in your industry, country, or state. If you had a company-provided email account, the employer likely has the right to access and review your email communications. Many companies have policies that allow them to monitor and retain employee emails for business purposes, security, and compliance, even after an employee leaves the company. Various countries and regions have data protection and privacy laws that govern how personal information, including emails, should be handled. Depending on where you live, your employer may be subject to legal restrictions on accessing your email after you leave the company.
Should you delete all your emails when you leave a company?
It depends on company policies, as well as legal and contractual obligations you may have. Before taking any action, it’s good to review the company’s email retention policy. If the company has an email archiving or backup system, deleting your emails from your inbox may not remove them from the company’s records. Deleting all your emails might be seen as an attempt to hide something, so it’s best to be transparent in your actions and consult with HR or relevant supervisors before you delete your emails.
What does a manager do when an employee resigns?
When an employee leaves, the manager will announce the departure to the person’s team, and other relevant departments, staff and contacts (vendors, contractors, customers). The next steps are to transfer the responsibilities, comply with final pay laws, and conduct the exit interview. The employee’s access to company email and workspace will be canceled, and they may be asked to hand back some of the company-issued equipment and devices.
What to do with email account when leaving a job?
Before taking any action, you should review your company’s email retention policy because some companies have specific guidelines for departing employees. You should back up any essential work-related emails you may need in the future. If you used your company email account for personal purposes, you should delete any personal emails, attachments, and photos unrelated to work to protect your privacy.
Can my employer find deleted emails?
If your employer has established a backup or email archiving solution, then yes. No matter what actions you take to delete your personal or work-related emails from your primary mailbox (e.g. Gmail or Outlook), the solution would automatically be making a copy and storing it elsewhere for search and retrieval for compliance, HR, or ediscovery purposes. It’s best to read your email retention policy to learn more. It’s generally not advised to delete any emails, as the employer may believe you want to hide something.
What is a terminated employee email policy?
A terminated employee policy outlines the procedures for handling the email accounts of employees who leave the company due to termination, retirement, resignation, layoffs, or any other reason. This policy helps ensure that the company’s sensitive information remains secure, that important communications are not lost, and that a smooth transition takes place when employees leave the organization.
What are the rules for accessing work email after termination?
Your access to company email after termination depends on company policies, legal considerations, the circumstances of the termination, the local laws, and the industry. In most cases, your email access will be revoked immediately, and you will not be able to access it without explicit authorization. It’s the company’s responsibility to handle your personal data in compliance with data privacy and protection laws.