F&M Account Content Access by Non-Account Holder Policy
I.  Justification and Statement of Policy

This policy defines the parameters and requirements for access to an account’s contents by someone other than the account holder.  Commonly, this is for access to account contents of individuals that have separated from the College, to carry out an investigation or for decedent accounts.  However this may also be necessary in other circumstances.  ‘Account contents’ generally refers to, but is not limited to, data such as email, calendar and electronic files from cloud services, college-owned computer hard drives and at times other external media or sources.  Information will be provided in digital form.  Credentials for any account will not be provided.

II. Scope

Applies to current employees; or any individual or legal entity requesting access to a person's information stored within F&M information systems or to any entity the College may engage to carry out an investigation.

III. Definitions

FERPA does not apply to deceased student’s records.

IV. Policy

Requests for access to account contents may be granted to:

A.  Accounts assigned to employees (current, voluntarily or involuntarily separated, retirees), alumni or students:

  1. Employees demonstrating a business need for access.

  2. In response to a subpoena or court order.

  3. Outside 3rd parties who have been engaged by F&M to carry out an investigation or other research on behalf of the College. 

  4. For student conduct issues or for students identified with a life-safety concern, access to a student account may be granted for investigative purposes or information gathering.

B.  For decedent accounts:

  1. The decedent’s next of kin. The request must be accompanied by official documentation.

  2. The individual designated as the personal representative of the decedent’s estate. The request must be accompanied by official documentation.

  3. Members of the family or other persons with written approval from the decedent’s next of kin or the personal representative of the decedent’s estate. Absent written approval from the family or representative of the estate, only directory information will be disclosed.

  4. In response to a subpoena or court order.

  5. Outside 3rd parties who have been engaged by F&M to carry out an investigation or other research on behalf of the College. 

  6. For a deceased student, if the student previously submitted a signed Authorization to Release Educational Records form which designated the person(s) eligible to request and/or receive educational records, the information may be released to the individual on that form.

  7. To any other individual, if determined by the College to be in the best interest of the decedent or the College.

Request Review Process

  1. Requestors should contact the Vice President of ITS and CIO to make an initial inquiry and be properly directed through the request review process.​​

  2. Requests must be submitted in writing and approved by the relevant senior officer and the Office of General Counsel, as listed below and referred to as “approvers” in this policy. 

    a.  Initial Request VP of ITS and CIO
    b.  Students Vice President for Student Affairs
    c.  Current Staff AVP for Human Resources and relevant senior officer for division
    d.  Faculty Provost and chair of department
    e.  Alumni/Donors Vice President for Advancement
    f.  Others (including, but not limited to employees voluntarily or involuntarily separated from the College, retirees) Office of the General Counsel


  3. Subpoena or court orders must be reviewed by the Office of General Counsel before being acted upon.

  4. Requests must be specific and include parameters such as email messages sent and received in the past 90 days, or files related to a specific project, etc.  

  5. It may not be possible to satisfy requests for “everything” or “all information” due to technical limitations, voluminous space requirements, or other complications.

Alternative Review Approval Process

There may be circumstances when the standard request review process outlined above needs to be altered.  This is most typically, though not limited to, circumstances where an individual that might normally have a role in the approval process is the subject of the request (i.e. the “account holder”), or if there is some reason to believe an “approver” may become subject to or materially involved in some matter related to a given request now or possibly in the future. In these circumstances, an alternative review approval process will be followed which elevates responsibility for granting a necessary approval to the next higher level in the administration.  

Meant only as illustrating examples:

Example #1: If the request concerned accessing emails held by a current staff member reporting directly to the VP for Student Affairs, it may be appropriate in certain circumstances for the approval to be given by the President or the Office of the General Counsel rather than the VP for Student Affairs.

Example #2: If the request concerned accessing emails, files, etc. held by a member of the senior staff, general counsel or the president, it may be appropriate that the approval be granted by the Chair of the Board of Trustees or the Chair of the Trustees Committee on Staffing and Compensation.

Declined Requests

  1. Requests for confidential or sensitive information as defined in the College’s Data Classification Policy or for information subject to litigation may be declined.

  2. Incomplete or non-specific requests may be declined.

  3. Requests for intellectual property of F&M faculty, such as developed course content, research, writing and other scholarship and any other content generally considered intellectual property may be declined. 

  4. The College reserves the right to decline any request for access to information.

Information Access

  1. Access to the account (i.e. obtaining a password to login as the individual) will not be granted.  Rather, an archive of the requested information will be provided in digital form. 

  2. If the digital archive is made available electronically through file sharing technology, the digital archive will be available for no longer than 30 days.  Longer terms must be approved by the Office of the General Counsel.

  3. It is the sole responsibility of the requestor to access the contents of the digital archive.  The College is not responsible for problems with access, including, but not limited to, connectivity, compatibility, technical complications, etc.

V.  Related Documents and Forms

    Data Classification Policy


Policy Maintained by: Information Technology Services, Vice President and Chief Information Officer

Original Effective Date:  September 1, 2019
Revision Dates:  September 14, 2022