F&M Account Content Access by Non-Account Holder Policy

Purpose

This policy defines the parameters and requirements for access to an account’s contents by someone other than the account holder.  Commonly, this is for access to account contents of individuals that have separated from the College or for decedent accounts. ‘Account contents’ generally refers to data such as email, calendar and electronic files.  Information will be provided in digital form. Credentials for any account will not be provided.

Scope

Applies to current employees; or any individual or legal entity requesting access to a person's information stored within F&M information systems.

Definitions

FERPA does not apply to deceased student’s records.

Policy Statement

Requests for access to account contents may be granted to:
A. Employee, alumni or student accounts:

     1.  Employees demonstrating a business need for access.

     2.  In response to a subpoena or court order.

B. For decedent accounts:
  1. The decedent’s next of kin. The request must be accompanied by official documentation.

  2. The individual designated as the personal representative of the decedent’s estate. The request must be accompanied by official documentation.

  3. Members of the family or other persons with written approval from the decedent’s next of kin or the personal representative of the decedent’s estate. Absent written approval from the family or representative of the estate, only directory information will be disclosed.

  4. In response to a subpoena or court order.

  5. For a deceased student, if the student previously submitted a signed Authorization to Release Educational Records form which designated the person(s) eligible to request and/or receive educational records, the information may be released to the individual on that form.

  6. To any other individual, if determined by the College to be in the best interest of the decedent or the College.

Request Review Process
  1. Requestors should contact the Vice President and CIO to make an initial inquiry and be properly directed through the request review process.
  2. Requests must be submitted in writing and approved by the relevant senior officer as well as the Office of General Counsel.
            i. Students – Office of Student Affairs
          ii. Staff – Human Resources and relevant senior officer for division
        iii. Faculty – Office of the Provost and chair of department
         iv. Alumni / Donors – Office of College Advancement 
           v. Others – Office of the General Counsel
  3. Subpoena or court orders must be reviewed by the Office of General Counsel before being acted upon.
  4. Requests must be specific and include parameters such as email messages sent and received in the past 90 days, or files related to a specific project, etc.  
  5. It may not be possible to satisfy requests for “everything” or “all information” due to technical limitations, voluminous space requirements, or other complications.
Declined Requests
  1. Requests for confidential or sensitive information as defined in the College’s Data Classification Policy or for information subject to litigation may be declined.

  2. Incomplete or non-specific requests may be declined.

  3. Requests for intellectual property of F&M faculty, such as developed course content, research, writing and other scholarship and any other content generally considered intellectual property may be declined.

  4. The College reserves the right to decline any request for access to information.

Information Access
  1. Access to the account (i.e. obtaining a password to login as the individual) will not be granted.  Rather, an archive of the requested information will be provided in digital form.

  2. If the digital archive is made available electronically through file sharing technology, the digital archive will be available for no longer than 30 days.  Longer terms must be approved by the CIO.

  3. It is the sole responsibility of the requestor to access the contents of the digital archive.  The College is not responsible for problems with access, including, but not limited to, connectivity, compatibility, technical complications, etc.BL 

--------

Policy Maintained by: Information Technology Services, Vice President and Chief Information Officer

Last Reviewed: 18 February 2018