Accessing Another Staff Member's Mailbox

Accessing Another Staff Member's Mailbox

This article outlines the protocol for accessing a staff member's email account. In alignment with our commitment to privacy and the Privacy and Personal Information Protection Act 1998 (NSW),  access to email accounts is controlled to ensure access is only granted to ensure business continuity or to address legitimate operational requirements.

1. Primary Method: Self-Delegation (Preferred)

The most efficient way to grant access is for the staff member to action it themselves before their absence. This requires no IT intervention or executive approval.

2. Secondary Method: Managed Access (UAM Request)

If a staff member is unavailable (e.g., unexpected leave or emergency) and has not delegated access, a member of the Management Team must request access through the formal approval process. This form should be completed to seek approval from the executive

Step-by-Step Submission via UAM

  1. Access UAM: Open the User Access Manager from your Google Dashboard
  2. Navigate to Approvals: Select 'Approvals' from the left-hand menu
  3. Create New Request: Click the 'Add' button in the top right corner
  4. Assign Request: Assign the request to the relevant person, normally the Privacy Officer (CEO) and/or their delegate
  5. Select Request Type: Choose 'User Specific'
  6. Related User: Select the staff member whose mailbox needs to be accessed (the user to which the change will apply)
  7. Request Category: Select 'Access to Another Users Mailbox' from the dropdown menu
  8. Provide Rationale: Enter a detailed explanation as to the changes required and the reasons why to enable the Executive team enough information to make an informed decision. Include:
    1. The specific reason for the staff member's unavailability.
    2. The business tasks or information required from the inbox
  9. Save: Select 'Save' in the top right-hand corner

3. Approval and Implementation

Once the request is submitted, it follows a strict security and notification workflow:

  • Executive Assessment: The Privacy Officer (CEO) or their delegate will review the rationale against privacy standards

  • IT Action: If approved, the IT Department is automatically notified and the access will be updated

Alert

Security & Notification: To facilitate this access, the IT Helpdesk must change the user's password. The account owner will be aware that their account has been accessed because their existing password will no longer work. 

4. Approver's Checklist (UAM Guide)

The Privacy Officer (CEO) or delegate should verify the following before approving:

  • Legitimacy: Is there a documented business need that cannot wait until the staff member returns?

  • Permission: Has an attempt been made to contact the staff member for voluntary delegation?

  • Accountability: Does the UAM record clearly show who is requesting the access and why? 

    • Related Articles

    • Set Out of Office and Delegate Access to Your Mailbox

      Video Demonstration Use Case You are a staff member and you are going on a period of leave. You wish to: Set an 'out of office' auto-responder so people who send you an email are not expecting a timely reply Delegate access to your mailbox so that ...

    • How to Create and Send an Email

      Create and Send an Email On your device, open Gmail by clicking on the Gmail logo on your Dashboard. At the top left of your page click Compose. An email draft pop-up will appear in the bottom right of your Gmail page. In the To field, type the name ...

    • Gmail and Emails [Webinar]

      In this video, our trainer Philip Fox introduces you to everything email related! Watch this video for: Accessing emails Getting to know your inbox Filling and labelling emails Searching your emails Introduction to Gmail settings

    • How to Manage Email Attachments and Documents

      Filing Procedures When downloading attachments from relevant applications such as Gmail, there are certain procedures for how to save these documents. These procedures relate to our Cybersecurity Policy and are in place to keep our data safe. Example ...

    • Retrieving YubiKeys from Former Staff Members

      Overview Columbia Aged Care Services uses YubiKeys as a physical form of secondary authentication for systems access. All staff who are onboarded with a Google Workspace identity are issued with a YubiKey. When a staff member leaves the employ of ...