Account Separation and Account Retention Procedure
Version 2.0
For Students, Faculty, Staff, Guests, Alumni
Purpose
The purpose of this procedure is to protect University business units and constituents against the improper dissemination of or unauthorized access. Fordham University faculty, staff, students, and student organizations are provided with a Fordham username. In some situations, the University must retain control over accounts for continuity of business purposes and to protect Fordham Sensitive Data and Fordham Protected Data
Scope
This IT security document and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.
Procedure:
Roles determine account privileges. The roles described in this procedure are as follows:
- Administrator
- Faculty
- Student
- Alumni
Primary vs. Secondary Role-Based Accounts
- Fordham provides each person with a primary email account for the person’s primary role.
- Individuals with two roles (e.g., employee plus student or alumni) also receive a second role-based email account.
- Use each account only for communications tied to that account’s role.
- University systems that require sign-in must be accessed with the primary account. See “Set up your second role-based account” below.
Set up your Second Role-Based Account
- Go to claim.fordham.edu/update and sign in with your primary account.
- Under “Role Based Account,” select Update Password for the second account.
- In a new window, log in to my.fordham.edu with the second account and complete Duo setup.
- Use the second account only for communications tied to that role.
Upon Separation from the University:
- Employees (administrators and faculty):
- The employee account is disabled on the last day of employment.
- If the individual is also a student or alumnus, that student’s or alumnus’s account remains active per University policy.
- Students:
- Upon graduation or completion of at least one course, the student/alumni account remains active.
- Individuals with two roles:
- The active role determines the primary account; the other role is maintained as the second account while that role persists.
- Forwarding is optional and at the University’s discretion; the employee account may be configured with a forwarding message for up to 120 days.
- Forwarding may be denied or terminated for risk, policy, or legal hold reasons.
- Forwarding must not be set from the student or alumni account to personal addresses.
Data Custodianship and Access after Separation
- Business records in the employee account (i.e., mail, Drive, calendar) are University property.
- Upon manager or department request and with HR approval, Information Security and Assurance can preserve, delegate, or transfer access to business content.
- Personal content is not retained except as required to satisfy legal or regulatory obligations.
Legal Hold and eDiscovery
- When legal hold or investigative preservation is in effect, mailbox changes, deletion, and forwarding options are suspended.
- Information Security and Assurance will coordinate with the Office of Legal Counsel.
Sponsored or Guest Accounts
- Sponsored and guest accounts are time-bound, must identify a responsible sponsor, and are disabled automatically at the end of the sponsorship unless renewed.
Definitions
Fordham username is an identifier used to access University systems. A username may have multiple role-based email accounts associated with it; access to services depends on role.
IT Resources include computing, networking, communications, applications, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and related materials and services.
Legal hold is a directive to preserve records due to litigation, investigation, or regulatory requirements.
Primary account: Email account for the individual’s primary role; used for system sign-in when required.
Second role-based account: Additional account issued when an individual has two roles (for example, employee and student or employee and alumni); used only for communications tied to that role.
Related Policies and Procedures
- Acceptable Use of IT Infrastructure and Resources Policy
- Provisioning and Deprovisioning Policy
- Role based Email Account (Employee-Student/Alumni)
Implementation Information
| Review Frequency: | Triennial |
|---|---|
| Responsible Person: | CIO |
| Approved By: | CIO |
| Approval Date: | March 3, 2020 |
Revision History
| Version: | Date: | Description: |
|---|---|---|
| 1.0 | 03/09/2020 | Initial document |
| 1.1 | 09/14/2022 | Updated policy statement with Fordham Username |
| 1.2 | 10/14/2022 | Updated policy statement |
| 2.0 | 10/23/2025 | Procedure updates role-based email addresses that specifically correspond to their role at the university as student/alumni or employee. |