How to request access to another user's email mailbox

Summary

Article explains how to request access to another user's email mailbox.

Body

Issue/Symptom: 

  • User is requesting access to another user's email mailbox

Environment:  

  • Purdue email 

Resolution:  

1. To approve a request for access to another user's email mailbox, Purdue IT requires explicit approval from Purdue Human Resources - such as an email from an HR representative - to grant access. Once permission has been granted from HR, that email can be forwarded to ediscovery@lists.purdue.edu or you can ask HR to submit it to ediscovery@lists.purdue.edu.

2. Approval for any requests requires that one of the justifications for access found in Purdue's Acceptable Use of IT Resources and Information Assets (VII.A.4) be met, as described in the 'Privacy, Operations and Monitoring'  section. Justifications listed are: 

  1. A reasonable belief that a process active in the account or Device is causing or may cause significant damage to University IT Resources or could cause loss/damage to user, University or third-party Data;
  2. A need to comply with a written request from federal, state or local law enforcement agencies and compliance with applicable University policies relating to the handling of such a request;
  3. A reasonable belief that an individual has violated or is violating University policies, standards, regulations or procedures using the accounts or Devices in question;
  4. A determination that a staff member, faculty member or student is deceased, has been terminated or is otherwise unavailable for the purposes of retrieving information that is critical to the operation of the unit in question;
  5. Receipt of a written request from the Office of the Dean of Students on behalf of the parents, guardian or personal representative of the estate of a deceased student;
  6. Receipt of a written Internal Audit request;
  7. Authorization by an appropriate order of a court of competent jurisdiction and compliance with applicable University policies related to the handling of such orders;
  8. Receipt of a written authorization from an authorized representative of the Institutional Review Board (IRB) after concluding that access is needed in support of an institutionally-approved research project and such access complies with applicable laws and University policies, including rules governing protection of human research subjects;
  9. A requirement to take action to comply with applicable law; and/or
  10. A determination that access is necessary to preserve, protect or promote University Interests.

 

Still need help?  Click the 'Purdue IT Request' button to start a ticket.

Details

Details

Article ID: 602
Created
Wed 2/28/24 4:38 PM
Modified
Wed 10/2/24 11:41 AM

Related Services / Offerings

Related Services / Offerings (2)

Conducting vendor security reviews to ensure vendors are compliant with appropriate regulations for the safe handling of Purdue data and answering questions about regulatory compliance.
Compliance Assurance Request