Procedure for Accessing Accounts of Deceased or Incapacitated Individuals

Category: Information Technology

Responsible Office: Information Security Office

Responsible Executive: Vice President and Chief Information Officer (VPCIO)

Date Established: March 8, 2018

Date Last Updated: February 1, 2023

On this page:


This document supplements the Accessing Accounts of Deceased or Incapacitated Individuals Policy. It describes the steps in requesting and processing access, as well as the roles and responsibilities.

Policy Statement

The University at Buffalo (UB, University) is committed to providing a professional and caring response in the event of the death or incapacitation of a student or employee. Those responsible for implementing this policy shall be guided by the essential communication needs required to respond effectively while maintaining sensitivity for the bereaved.

Requesting Account Access

Due to the sensitive nature of account access requests, all requests must be submitted by email to: The email will establish a documentation trail.

The email request should include the following:

  • Name of person whose account access is being requested
  • Contact information of the person requesting the access (i.e., requesting party)

To speed approval of the request, evidence (e.g., a physical legal document such as a notarized will) that the person requesting account access (i.e., requesting party) has either power of attorney or is the executor of the deceased individual’s estate will be required.

The UBIT Help Center will route the email request to the Information Security Office (ISO) for processing.

Processing Access Request

The university’s Office of General Counsel reviews documents (court orders, powers of attorney letters, etc.) to ensure the request is legal. Office of General Counsel approves requests for account access.

Upon General Counsel’s approval, certain information may be released. Typically, records of a personal nature are eligible for release. Please note due to various state and federal restrictions, certain records are not eligible for release. Access to account information is managed on a case-by-case basis.

An individual with a supervisory role within the department/unit/school is responsible for authorizing the release of electronic data to the legally authorized individual.


The employee’s department of primary affiliation designates personnel to review account information. Department personnel will:

  • Identify the records that can be released.
  • Work with the requesting party to release the applicable records.
  • Document the records released.
  • Provide a summary report to the Information Security Office for tracking purposes.


If the decedent is a student, FERPA no longer applies, and records can be released to the executor of the individual’s estate. If there is no executor of the estate, the Office of General Counsel will consult with appropriate university executives to determine if an exception will be granted. The Information Security Office coordinates with the executor(s) of the estate to release the applicable records. 

Contact Information

Office of the Vice President and Chief Information Officer
Phone: 716-645-7979

Information Security Office
Phone: 716-645-6997

Related Information

University Links

Related Links