Decommissioning an Employees Outlook Mailbox

When a staff member leaves your business, he or she may* leave behind some potentially useful assets in terms of data. This article discusses one part of that asset – his or her Outlook data. This applies whether you run Outlook with locally stored PST data files – or a proper Microsoft Exchange Mailbox.

* I have known disgruntled ex-employees to steal all of their contact data and then delete the entire contents of their mailbox. Are you protected against this kind of activity?

During the period of time that a now-departed member of staff has been at your business, he or she may have sent or received many important emails, made appointments that may no longer be kept or built up a database of contacts – be they clients or suppliers. It is often important to look at this data and properly migrate it so that other users can access that data. Here are the three main options for decommissioning:

Move The Data to Public Folders

If you run Microsoft Exchange then one of the best ways to decommission a mailbox is to have the data moved to Public folders. The data can then be viewed by named Outlook users on the network. This process requires creating of a suitable set of Public Folders, appropriate permissions being assigned, moving the users data to the Public Folders, and
then educating users on how to access the data. After a period of time the data can be deleted if necessary.

Move The Data to Another User

If you do not run Microsoft Exchange then the ex-employees data will probably be stored in a PST file on their computer(s). In this situation the PST file can be moved to a different
computer and the data can then be viewed by another user. Note that because newer versions of Outlook do not support PST files being stored on the network, this has implications for backup.

Delete The Data

There are a few other ways we can give you access to ex-employees Outlook Data, but they all achieve similar results. Fundamentally you have to make a decision – do you want the data or not? If you do want the data then the steps above are your best bet – but if you do not then it is best to delete the data entirely. There’s no point keeping it if you do not want to make it accessible.

Closing The Email Account – Forward Or Bounce?

Once the migration process is complete, you’ll need to make a decision about what to do with that users email address. The two most common scenarios are as follows: 

Configure Email Forwarding

The ex-employees email account is closed, but emails that are sent to that person are instead forwarded to another location. That location could be to another person, or (if you have Exchange) to a Public Folder.

Bounce Email

It may be better to just bounce email back to the sender when an email to this old address has been received. This makes it clear to the sender that the email address to which they are sending an email is no longer valid and if it is important then they’ll contact your company a different way.

We actually recommend a mixture of both these approaches – configure email forwarding to another person for a given period (e.g. three months) and then delete the email address from the system.

 A Note on Email Privacy

My own personal view* is that employees should use their work-provided email accounts for business only. Work email accounts should never be used for any personal reason whatsoever.

If you have such a policy in place then you arguably have a right to view and access that data at your leisure, because it contains information that is pertinent to your business only.

If you do not have a proper usage policy in place, then users can theoretically use their email accounts for personal reasons and you may therefore be flouting privacy laws by looking at their mailbox data.

* This is my opinion and is not legal advice – you should take legal advice if you are not aware.