Access to Employee-Held Data for U-M Units

While it is preferable that U-M employees transfer ownership of work-related files and other digital information to others before leaving the university or moving from one job or role to another within the university, there may be times when university units need access to university information contained in an employee's U-M-provided accounts and online services for business reasons.

That access is governed by Privacy and the Need to Monitor and Access Records (SPG 601.11), which balances respect for the individual's privacy with the university's need for access to work-related information for university business reasons.

Transfer Files Before the Person Leaves U-M

  • Units/supervisors should review and follow the U-M Termination Checklist, available for download at UHR Procedure: 201.40 Termination of Employment, when an employee leaves the university, retires, or changes jobs within the university. The checklist includes recommendations for transfer of work-related files and electronic records.
  • Individuals should review and follow the guidance at Managing Your Digital Files and Information When You Leave U-M. Individuals are asked to transfer ownership of files and other digital information used for university business before leaving the university or moving from one job or role to another within the university.

If the Person has Left U-M

Contact the Account Holder

Where appropriate and reasonable, units/supervisors should contact the individual holding the university information to request the needed files and/or other digital resources.

Contact the ITS Service Center If Needed

If necessary, units can contact the ITS Service Center for help. The Service Center will involve the IT User Advocate as needed. Be aware that for access to email, files, or other digital assets without the account holder's consent, there must be a legal requirement or a compelling business reason that is supported by Human Resources and in accordance with Privacy and the Need to Monitor and Access Records (SPG 601.11).

The following is required for access requests:

  • Unit Human Resources must be in agreement with the requestor's written business proposal to search for and release records to the unit.
  • The unit must provide search criteria and date ranges to narrow the search for records. The supervisor or unit should try to name specific records they seek access to whenever possible.
  • Folders labeled "personal," "private," or "personal and private" will be excluded, unless there is a compelling business reason agreed to by the U-M Privacy Officer, who may consult with other university offices. (See Use "Personal and Private" Folders to Protect Privacy.)
  • The individual whose content will be searched is to be notified by a unit administrator or Human Resources unless there is a compelling business reason not to do so that is agreed to by the U-M Privacy Officer, who may consult with other university offices.
  • The supervisor or unit designee examining content to find U-M data is required to review and adhere to Privacy and the Need to Monitor and Access Records (SPG 601.11).

All parties should take the least invasive means to accomplish the goal.