Leaving the University
This webpage sets out the Information Management actions required prior to a staff member leaving the University. It applies to all staff1 of the University.
If you are a staff member that is shortly to leave the University, or a line manager with a staff member in your team that is due to leave, please read the below carefully. The following actions are necessary to ensure the following:
That personal data is not taken outside of the control of the University without prior authorisation; this may amount to a breach of data protection laws or the University code of practice concerning intellectual property.
That staff do not accidently compromise the data protection non-disclosure assurances made to staff, students, research participants and others that provide data to the University.
That commercial information or information that amounts to the intellectual property of the University is not removed from the University without prior authorisation.
That business critical information is suitably handed over prior to departure.
That all necessary redirects and alternative contacts are in place to ensure business continuity prior to departure.
To avoid the need for requests to reopen or access the accounts of past employees
To ensure services to students are not disrupted.
To ensure records do not become inaccessible or difficult to locate.
Your own University Account including email / drives / desktops
This includes all University issued accounts and personal drives.
1. Ensure you have added an out of office reply to your email account. This should explain that you are leaving/have left the University and provide details of an alternative contact for enquiries. If possible add this prior to your departure in order for any queries to be dealt with before you leave.
2. Ensure that you have transferred any business critical information to another suitable team member or department contact. For example:
- If you are the sole contact for a third party who works with the University, have you provided them with an alternative contact in plenty of time to ensure their communications with the University will still be picked up?
- If you hold any staff, student, business contacts data within your University personal accounts ensure that these are moved to an alternative location where they can be accessed by the University. This would include staff PDR records, student ECF documentation, and marketing lists. If in doubt as to where these should be stored speak to your line manager in the first instance.
- If you hold the master copy of committee minutes, project documentation, invoices, financial records or any contracts ensure that these are moved to an alternative location where they can be accessed.
Personal (non University issued) Email Accounts
If you have used a personal email account for any University Business (which is not recommended by the University) you are required to ensure that all of the above are also met.
In addition to the above all information (whether business critical or not) held as part of University business must be securely deleted from any personal accounts once the above is completed.
This applies to all IT equipment that holds information or data connected with University business, whether University-owned2 IT equipment or personally owned. This includes but is not limited to computers, servers, laptops, notebooks, iPads, tablets, mobile phones, printers, photocopiers, monitors and scanners with internal data storage facilities and any external hard drives, memory sticks and any other electronic data storing device not listed above.
- All University issued IT equipment, including but not limited to, those listed above must be returned to the University prior to departure.
- All personally owned (not purchased through the University) IT equipment that has been used for University Business must be securely wiped of University data prior to departure day, in line with the requirements of the Bring Your Own Device (BYOD) Policy (PDF-359KB)
- The University does do not permit the purchasing of University owned IT equipment for personal use.
- University IT equipment and devices must be securely destroyed if no longer required by the user or department. Requirements for secure disposal are set out in the IT Equipment Disposal Policy (PDF-87KB)
Peripheral equipment for University issued IT devices, such as chargers, adapters and laptop bags should also be returned to the University before departure.
General Administration, Hard Copy Data and Software
This applies to University information held within externally hosted accounts including, but not limited to, collaborative spaces e.g. Dropbox, software tools or programmes
- If you hold data or information connected with University business within personally managed accounts or on personally managed software you must ensure this is either securely and permanently deleted OR transferred to the University/department prior to departure.
- If you are the administrator for any shared or collaborative spaces ensure that you have reassigned this role to a current member of staff before departure.
- If you are the sole University contact in respect of any software you or your team have procured, ensure that you update your department, the supplier and procurement of the new alternative contact prior to departure.
- Information held in hard copy or paper form that is connected with University business must be either handed over prior to departure or securely disposed of on site if no longer needed.
Please be advised that failure to adhere to the above may be in breach of University Policy, in breach of data protection laws, and in some case, may constitute a criminal offence under data protection law. If in doubt please contact your line manager in the first instance or seek advice from firstname.lastname@example.org
 For a definition of 'Staff' please refer to the Data Protection Policy
 For devices purchased as part of research funding please refer to the Intellectual Property Code of Practice