University at Buffalo Crest.

Policy Information

Date Established: 3/8/2018
Date Last Updated:
Category:
Human Resources, Information Technology
Responsible Office:
Office of General Counsel
Responsible Executive:
President

Policy Contents

Accessing Accounts of Deceased or Incapacitated Individuals Policy

Summary

This policy provides guidance when a legally authorized individual requests access to a deceased or incapacitated individual’s electronic data in a UB account.

Policy Statement

The University at Buffalo (UB, university) is committed to the protection and confidentiality of electronic information. However, the university recognizes that it may be necessary to allow access to electronic data contained within a deceased or incapacitated individual’s UB account.

A request to access electronic data must originate from a legally authorized individual (e.g., executor, holder of power of attorney) supported by a legal document demonstrating authorization.

Electronic data will be released as permitted by law, including the Family Educational Rights and Privacy Act (FERPA), Freedom of Information Law (FOIL), the Personal Privacy Protection Law (PPPL), and Health Insurance Portability and Accountability Act (HIPAA). In the event of a dispute over the ownership and release of electronic data, the legally authorized individual may make an appeal to the Office of General Counsel.

Background

In accordance with the Computing and Network Use Policy, permission is required to view another individual’s electronic data. This policy:

  • Requires proper authorization to access the electronic files of a deceased or incapacitated employee or student
  • Allows for the release of electronic data as permitted by federal and state laws, and university policy
  • Allows for the release of information outside of subpoena, FOIL, or other legal requests

Applicability

This policy applies to the electronic data associated with an individual’s UBITName.

Definitions

Account

Electronic data associated with an individual’s UBITName.

Responsibility

Legally Authorized Individual

  • Submit a request to access a deceased or incapacitated individual’s UB account to the Information Security Officer (ISO).

Information Security Office (ISO)

  • Receive and track requests for access to electronic data.
  • Work with UB Information Technology (UBIT) to grant access after approval of General Counsel.

Office of General Counsel

  • Review legal documents (e.g., court orders, power of attorney letters) to ensure the request is legitimate.
  • Approve access to electronic data of deceased or incapacitated individuals.
  • Review appeals and make a determination on the release of electronic data.

Department Supervisory Personnel

  • Authorize the release of electronic data to a legally authorized individual after initial approval from Office of General Counsel.

Department Information Technology (IT) Personnel

  • Facilitate the collection of electronic data from individual’s account.
  • Maintain documentation of electronic data released.
  • Provide a summary report of electronic data released to the ISO. 

Department Personnel

  • Review records maintained by the deceased or incapacitated individual and determine if the records are of a personal nature.
  • Recommend the release of electronic data, as appropriate.

Contact Information

Contact An Expert
Contact Phone Email
Information Security Office 716-645-3670 sec-office@buffalo.edu
Office of General Counsel 716-645-4468 jljarvis@buffalo.edu

Related Information

University Links

Related Links

Presidential Approval

Signed by President Satish K. Tripathi

Satish K. Tripathi, President

3/8/2018

Date