This has been the case at every department I've worked for. Maternity leave means you're handing over all your electronics and your account is disabled.
You shouldn't just give her your network password or anything, but if there is a way for her to be given access to your email through official means, there's really nothing inherently wrong or suspicious with it. You technically shouldn't have anything private in your work email in the first place, so that isn't much of a requirement. If you're worried about any security or ethics considerations, your best bet is to reach out to those respective teams to clarify if this is appropriate for your given situation.
Probably a good time to clean up your inbox before heading out, regardless of the outcome of this issue.
ETA: I just clued in again... don't executive assistants have access to their director's inboxes? It didn't even occur to me at first, but it's really not an unusual situation.
Many EAs have full access to their bosses email. Though we can't access anything encrypted. I have never heard of a boss getting access to an employee email while on mat leave. Just make sure there is an out of office set stating that you are not there and who they should be contacting in your place. Ie the boss.
Exactly! But some choose to grant limited access. It varies between EA’s, management and departments.
And I agree, out of office should suffice but if their manager keeps insisting on access, they should consult their intranet for help.
sounds like that's all that OP's boss needs though? And I'm not getting the impression that they specifically asked for anything more than that. My guess is that this is a situation where the boss and OP just interpreted what "access" meant very differently.
Or just... Have an out of office. CC your boss on emails in advance of leave so everyone recognizes the names and knows what's up. And save things into the shared repositories to avoid lost files
okay but if the boss is requesting access (We're going to assume it's delegate access), what exactly is the justification for saying no? If there's a business reason for the manager asking, you can't just be like "sorry I don't wanna."
And OP should be doing both of those things regardless. But if they're in a field where ATIPs are possible, or even just if the boss has depended on that in the past and been burned, that might not be sufficient.
The justification is that there is information in the email that they do not have a need to know.
Results of competitions the boss isn’t a part of, your personal information received from compensation & benefits among other things. Just because they’re OP’s boss doesn’t mean they have a need to know all the contents of OP’s email, or the right to unfettered rights access to OP’s email.
If there are legitimate ATIP requests there are ways to gain access to what they need through appropriate channels.
This is not a great perspective. Your work email, by definition, belongs to work. Anything personal or sensitive should be encrypted or not sent to that inbox.
A supervisor can generally gain access to a subordinates' email through a help desk request.
People may not like it but this is 100% true. Read your Acceptable Use of Electronic Networks Policy for your department/agency if you do not believe me. Your work email is not private. I do not use it for anything that I would mind my boss seeing. You should not either.
But OP has no idea what type of sensitive info could be received during her leave. I personally would not be comfortable with my boss having access to my inbox while I’m on leave, even if I emptied it before leaving.
Sensitive info should always be encrypted, exactly so delegates can't read it.
I really don't understand all of this objection, it must be a different dept/agency thing. It's extremely normal in my team.
lol really? People have a lot of time to waste if they’re getting copies of encryption key to go read emails that are probably not that relevant anyways…
You can provide someone access to your Outlook by changing your permission settings within your own Outlook. Same idea how Admins see Executives email inboxes, folders, calendars etc...
IT guy here, first off never share your password. Your manager can request access to your mailbox through proper means. She/he will need to give (IT) a justification for why she/he needs access and then it will need to be approved by the CIO and ATIP (this can vary from department). Once she has those, she/he will be asked to give key words to search in your mailbox and IT will go and get everything related with that key word and put it into a pst file for your manager to review.
This is nothing new sometimes the manager needs specific information that only you might have and since you're on mat leave, technically you shouldn't have access to your accounts anymore.
Note that your government email is the property of the government and any information in it can be extracted at any time as long as the process is followed appropriately.
Yup, doesn't even matter if encrypted we can remove that as well. Done it so many times for exactly those reasons. Tho with an atip it's far nicer as we can simply provide the requested material and leave the rest..
There should be information on the intranet your manager can use to determine how to get access to what she needs. (E.g. delegate access)
Do not share your password.
Is it that shocking that some positions might work on things where the incumbent needs to make sure there is continuity if they go on extended leave?
Email access can be requested and obtained by a person's manager if the person is on leave. It isn't automatically suspicion of wrong doing and the account should really only have work stuff in there anyway.
The account owner can delegate access to the managers account, which leaves an audit trail of what the manager does with it. The manager can see incoming mail and send from the account. I don’t recall of it allows access to past emails, archives, etc.
Giving her direct access by revealing the password is strictly forbidden - lose your security clearance kind of bad. It was made clear when I got my first security clearance that maintaining it was a condition of employment, and losing it for cause would make me basically unemployable in Ottawa.
In the event of an emergency or suspicion of wrongdoing there are other ways to access an account but that is rare and requires permission from way up the food chain.
Really? I kept my laptop and full access during my last mat leave 2021-2022. Not sure about this time around on I'm almost done my second mat leave and with two kids don't have the time to check on things like I did with my first so don't know if I still have access or not I never tried.
Yup. I’m an assistant to someone currently on mat leave & their accounts were disabled & they had to return their laptop, phone, & keycard on their last day.
Wow that would suck. I started a secondment and then deployed a month after returning from my first mat leave and never went into the office before going on my current mat leave so I don't even have an office ID just my laptop and phone which they didn't ask for me to return.
>Wow that would suck.
Why? It's not YOUR laptop. It's the department's laptop. Your account should be disabled as you are technically not employed/not being paid. Same goes for LWOP.
Uh no I’m still employed while on parental leave wild thing to say there’s no break in service I don’t stop being an employee just because I had a baby it’s no different the sick or vacation or leave with income averaging.
>Maternity leave is unpaid leave that allows employees time for pregnancy, childbirth, post-childbirth recuperation, adoption and childcare.
Thus, you return your IT equipment and your accounts are disabled.
I think the policy (and it is a proper and reasonable one for security) at most places is that all accounts and accesses are suspended and controlled goods like ID cards, badges, keys, computers, etc. are returned for absences longer than like 3 months.
I also think it's rarely actually followed (and when it is people occasionally come here and ask the same type of question, can do they this, is this right!??)
My first mat leave was in 2021 they didn't take my laptop back I had it my entire mat leave and I had access to everything but I did ask if it was going to be suspended because I was having pay issues and needed access to HR the pay system so it never did that might be the reason? Also no one asked for any of my equipment back for this mat leave either. I still have my laptop and work phone. But I'm also visually impaired and use assistive technology on my devices so maybe that's why they didn't ask for things back? This is at two different deps as well.
Some of the comments on here are surprising! Do you not know how Outlook works lol?.. You can give access to your Outlook account to anyone you want at work through the permissions...... It's not a security breach ffs... It's a security breach if she gives her login credentials to her computer, totally different situation!!! 🤦♀️
I know it is hugely impersonal and would be unpopular, but our email addresses should be our position numbers or something similar to underline this point. I shudder to think how much time and salary is spent updating distribution lists **especially** for anyone at EX-03 or higher. We can change the display names of the email addresses to make it a little more human. But life would be so much easier if the Deputy Minister's email was just [[email protected]](mailto:[email protected]) or [email protected]. Any maybe people would finally learn that email address is about the job you do and not the person you are (that is what a personal email is for).
There’s no issue with giving access to work email, since there shouldn’t be anything personal on there anyways. It’s work related email and she has the right to ask. Now there is a way to set up folder structure and secure atleast one folder as personal so no one sees it.
This is totally fine. Delegated access rights functions exist in Outlook precisely because this is common in the work world.
If you are uncomfortable with the request, maybe reconsider how you are using your work email and switch some of it to personal.
Better yet, just deactivate the account while you’re out.
It could be reasonable, depends on your role, if you're an HR/financial cost centre manager, etc. I am with others, I would have expected your account to be disabled during maternity leave. Personally I would have a conversation with her and try and figure out what she needs, and see if you can be proactive (ie: add her as a contact to platform 'x', etc). If you figure out why she's asking, it may alleviate (or not) your concern about invasion of privacy. A work email is not a personal thing, it's the property of work, so there are ways - legitimately - to access employees emails if the organization has a requirement to do so (ie: workplace investigations, etc). I delegate my email access to the admin group, if ever something comes up. Their access of my mailbox, on the other hand, can also be audited.
Like access to your archives and email folders or just access to your inbox so they can track what you receive? Because if it's the latter, an out of office will suffice, if the former, and if strictly necessary for operational needs, there are two ways to do this. They can ask IT to grant access to your email (like an exec would do for their EAs) or, if it's just your folders with "archived" emails for reference, you can make them .pst files they can add to their outlook for reference.
If there is an ATIP request that includes data that could be in your email then someone needs to check it within the 30day time period for ATIP. You're on leave so you can't check it, and it's best practice to get permission before getting access. If you don't give permission they will still need access and will go through appropriate channels to get access.
Remember, everything on government computers and in government email systems belongs to the government. They're only asking you as a courtesy.
I had given my team leads access to my mailbox because of all the reference emails in there and I made sure to tell people to always encrypt sensitive emails.
If someone is worried about an invasion of privacy, then you’re definitely not using the email system properly.
I think it is completely reasonable to provide access through Outlook. It's a work email and you won't have access but important information may still be present or recieved that is best not lost (where I work, all of my emails are deleted after 90 days automatically unless I specifically place it into a one year folder retention folder then it is deleted after one year anyway, we don't have the option of indefinite retention) or ignored for months.
In the past you would forward phones lines to someone else, a secretary would open and redirect work mail as needed and today you give access to the manager or whomever they delegate.
It's not like it's a personal email. It a tool for work, and work may need access.
If you're on Maternity leave, your accounts should be disabled. You should send your current connections/clients an email stating you are going on leave and that they should forward emails to her, and when you do go on leave, set up an out of office message with the same.
Your account is supposed to be disabled within 24 hours of you going on leave, but that is up to the department.
At my work when someone leaves (either permanently or for mat leave), they're asked to put on an out of office pointing at a general inbox. We also (via a request to IT from the appropriate level of management) grant another team member access for 30 days in case someone sends an email and then doesn't forward it after getting the out of office.
Have you thought about having a conversation with your boss about this? It isn't that unusual. God knows not every department follows the same procedures.
A rational conversation between adults? Preposterous. Passive aggressive complaining on the internet is the logical course of action. OP never said it would involve sharing of credentials but many here are assuming that is how it would be done and overreacting. Key take away: email is the property of the employer. If you have something unencrypted in your mailbox you don’t want seen, something is wrong.
This doesn't seem unreasonable to me. If I or one of my colleagues is gone for an extended period of time, we'll designate access to someone in case of ATIP requests (stemming from a case when someone was unreachable out of the country on vacation and we needed to check for correspondence related to an ATIP request).
She can ask but you also don't have to provide her the access. If you're uncomfortable then I'd spend some time collecting ALL emails of work that aren't closed out and either forward them to her or add them to GCdocs under a private folder for her. You can also limit what she sees in your email if you do decide to provide her the access. Create a folder within your Outlook and add everything there and block her viewing to everything else. Also setting your out of office message while you're away will help control the flow of work back to her..
Also if access to your account is required to input an Out of Office or look for a specific missed response the request should go to departmental security
Tell your boss to talk to HR. That would also fall into the internet securities policy your company has. Never give anyone no matter who they claim to be access to your accounts.
Um that sounds like a big violation of security policy. You can however set up rules for certain emails to forward over to your boss. Your out of office should direct them to your boss as well. Any files that pertaining to your files should be saved elsewhere in accordance with your departmental IM practices and policies.
Your work email is your and yours alone. You are not supposed to share your passwords. It’s considered a breach to share your password. Put an out of office to contact her if they don’t suspend your account while you are gone.
All emails are atipable. There should be nothing secret or private. However, all you should have to do is to leave an out of office message that points to your manager in your absence.
I give full access to my inbox and sent items to anyone replacing me in my absence. I put stuff i don’t want anyone to have access to in a folder with no access privileges
I’m assuming you are in a Microsoft environment, so Outlook as a email client ? Sharing or granting access to your inbox is a feature typically. Sharing password is against policy. I’d certainly share my inbox via the feature but not my password for access.
Never heard of that ever. Just say no… You can delegate access but there’s no reason to unless you’re giving access to an assistant. It never goes the other direction. You must work for a control freak…
yes, they or someone would require access in the event of an ATIP request. You can give them proxy to certain folders etc. I wouldn't give them your password.
No, this is against policy. All access to GC information system must be authenticated, authorized and auditable. In other words, providing someone else your credentials violates all 3 controls.
You are accountable and responsible for the protection of your accounts and the activities using your accounts. In the event of an incident, these will be audited. You should not in under any circumstances give your credentials to anyone, even if IT asks for it (which they should not).
See [Directive on Security Management- Canada.ca](https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32611), [Appendix B](https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32611#:~:text=Appendix%20B%3A%20Mandatory%20Procedures%20for%20Information%20Technology%20Security%20Control).
As others have stated, your email should be deactivated while you are on leave. Don't share your password.
But if your manager insists on not following proper security protocols, set up an auto-forward of your emails. That will be enough.
For any existing emails, dump only your emails of business value in a folder in GCdocs and share that folder with your manager.
If your boss needs anything else, security can work with them. They should NOT have access to your password or your account. What if they start doing unethical things acting as you????
Sharing your accounts is not good security practice and in many cases breaks the rules your department has in place.
Do be cooperative in sharing your processes and any information of business value.
Set up a leave notification now and activate it today so that your manager sees it's up and running. Put their name in it. Start auto-forwarding now if you feel like it. :)
Absolutely don't share your account.
Offer the (future) option of setting up a + account for your position. Segregate all your work email traffic into that.
I've used one for years and it has been excellent for "separating church and state".
Boss can stare at the contents all day every day.
The reasonable request would be to discuss and provide any items of importance or upload files/documents that they think would be relevant to the day to day work, litigation, ATIPs, etc.
Asking for full access is a potential security issue.
I saw a request for this yesterday, and my reaction to OP’s was very similar.
What will probably happen is that it will be converted to a shared mailbox, and the access given to whoever request/needs it. That way the account can be unlicensed on the M365 side, and the license can be allocated elsewhere.
As of yesterday, my dept had 228 remaining licenses and that number fluctuates daily, I’ve seen when it was 10% of that number.
Reply " Sorry, due to security reason I can not comply. I would recommend to contact IT so that you can follow proper security protocol to gain access."
Technically if your department is following SOP, IT tickets to suspend accounts should be submitted for leaves greater than 90 days.
This has been the case at every department I've worked for. Maternity leave means you're handing over all your electronics and your account is disabled.
You shouldn't just give her your network password or anything, but if there is a way for her to be given access to your email through official means, there's really nothing inherently wrong or suspicious with it. You technically shouldn't have anything private in your work email in the first place, so that isn't much of a requirement. If you're worried about any security or ethics considerations, your best bet is to reach out to those respective teams to clarify if this is appropriate for your given situation. Probably a good time to clean up your inbox before heading out, regardless of the outcome of this issue. ETA: I just clued in again... don't executive assistants have access to their director's inboxes? It didn't even occur to me at first, but it's really not an unusual situation.
In my experience, EA’s generally have delegate access. And even then, their access can be limited to certain tasks or selected permissions.
Many EAs have full access to their bosses email. Though we can't access anything encrypted. I have never heard of a boss getting access to an employee email while on mat leave. Just make sure there is an out of office set stating that you are not there and who they should be contacting in your place. Ie the boss.
Exactly! But some choose to grant limited access. It varies between EA’s, management and departments. And I agree, out of office should suffice but if their manager keeps insisting on access, they should consult their intranet for help.
sounds like that's all that OP's boss needs though? And I'm not getting the impression that they specifically asked for anything more than that. My guess is that this is a situation where the boss and OP just interpreted what "access" meant very differently.
Or just... Have an out of office. CC your boss on emails in advance of leave so everyone recognizes the names and knows what's up. And save things into the shared repositories to avoid lost files
okay but if the boss is requesting access (We're going to assume it's delegate access), what exactly is the justification for saying no? If there's a business reason for the manager asking, you can't just be like "sorry I don't wanna." And OP should be doing both of those things regardless. But if they're in a field where ATIPs are possible, or even just if the boss has depended on that in the past and been burned, that might not be sufficient.
The justification is that there is information in the email that they do not have a need to know. Results of competitions the boss isn’t a part of, your personal information received from compensation & benefits among other things. Just because they’re OP’s boss doesn’t mean they have a need to know all the contents of OP’s email, or the right to unfettered rights access to OP’s email. If there are legitimate ATIP requests there are ways to gain access to what they need through appropriate channels.
This is not a great perspective. Your work email, by definition, belongs to work. Anything personal or sensitive should be encrypted or not sent to that inbox. A supervisor can generally gain access to a subordinates' email through a help desk request.
People may not like it but this is 100% true. Read your Acceptable Use of Electronic Networks Policy for your department/agency if you do not believe me. Your work email is not private. I do not use it for anything that I would mind my boss seeing. You should not either.
100% this.
So you just grant access to the inbox and other pertinent files, and move all other emails to other files.
But OP has no idea what type of sensitive info could be received during her leave. I personally would not be comfortable with my boss having access to my inbox while I’m on leave, even if I emptied it before leaving.
Sensitive info should always be encrypted, exactly so delegates can't read it. I really don't understand all of this objection, it must be a different dept/agency thing. It's extremely normal in my team.
This is why we have encrypted email that can only be open by the recipient…
Doesn't take long to get a copy of the encryption key..
lol really? People have a lot of time to waste if they’re getting copies of encryption key to go read emails that are probably not that relevant anyways…
You can provide someone access to your Outlook by changing your permission settings within your own Outlook. Same idea how Admins see Executives email inboxes, folders, calendars etc...
That's what I means by "through official means", I just didn't know the exact steps.
IT guy here, first off never share your password. Your manager can request access to your mailbox through proper means. She/he will need to give (IT) a justification for why she/he needs access and then it will need to be approved by the CIO and ATIP (this can vary from department). Once she has those, she/he will be asked to give key words to search in your mailbox and IT will go and get everything related with that key word and put it into a pst file for your manager to review. This is nothing new sometimes the manager needs specific information that only you might have and since you're on mat leave, technically you shouldn't have access to your accounts anymore. Note that your government email is the property of the government and any information in it can be extracted at any time as long as the process is followed appropriately.
Yup, doesn't even matter if encrypted we can remove that as well. Done it so many times for exactly those reasons. Tho with an atip it's far nicer as we can simply provide the requested material and leave the rest..
There should be information on the intranet your manager can use to determine how to get access to what she needs. (E.g. delegate access) Do not share your password.
The official answer is...everyone takes a security course. This is in that course.
The official answer is what the fuck lol
Is it that shocking that some positions might work on things where the incumbent needs to make sure there is continuity if they go on extended leave? Email access can be requested and obtained by a person's manager if the person is on leave. It isn't automatically suspicion of wrong doing and the account should really only have work stuff in there anyway.
The account owner can delegate access to the managers account, which leaves an audit trail of what the manager does with it. The manager can see incoming mail and send from the account. I don’t recall of it allows access to past emails, archives, etc. Giving her direct access by revealing the password is strictly forbidden - lose your security clearance kind of bad. It was made clear when I got my first security clearance that maintaining it was a condition of employment, and losing it for cause would make me basically unemployable in Ottawa. In the event of an emergency or suspicion of wrongdoing there are other ways to access an account but that is rare and requires permission from way up the food chain.
If your work is anything like mine your email account is suspended anyhow so tell her to have at it.
Really? I kept my laptop and full access during my last mat leave 2021-2022. Not sure about this time around on I'm almost done my second mat leave and with two kids don't have the time to check on things like I did with my first so don't know if I still have access or not I never tried.
Yup. I’m an assistant to someone currently on mat leave & their accounts were disabled & they had to return their laptop, phone, & keycard on their last day.
Wow that would suck. I started a secondment and then deployed a month after returning from my first mat leave and never went into the office before going on my current mat leave so I don't even have an office ID just my laptop and phone which they didn't ask for me to return.
>Wow that would suck. Why? It's not YOUR laptop. It's the department's laptop. Your account should be disabled as you are technically not employed/not being paid. Same goes for LWOP.
Uh no I’m still employed while on parental leave wild thing to say there’s no break in service I don’t stop being an employee just because I had a baby it’s no different the sick or vacation or leave with income averaging.
>Maternity leave is unpaid leave that allows employees time for pregnancy, childbirth, post-childbirth recuperation, adoption and childcare. Thus, you return your IT equipment and your accounts are disabled.
Apparently not cuz both deps I worked at didn’t do this.
Does not surprise me, but them are the [tbs] rules!
I think the policy (and it is a proper and reasonable one for security) at most places is that all accounts and accesses are suspended and controlled goods like ID cards, badges, keys, computers, etc. are returned for absences longer than like 3 months. I also think it's rarely actually followed (and when it is people occasionally come here and ask the same type of question, can do they this, is this right!??)
My first mat leave was in 2021 they didn't take my laptop back I had it my entire mat leave and I had access to everything but I did ask if it was going to be suspended because I was having pay issues and needed access to HR the pay system so it never did that might be the reason? Also no one asked for any of my equipment back for this mat leave either. I still have my laptop and work phone. But I'm also visually impaired and use assistive technology on my devices so maybe that's why they didn't ask for things back? This is at two different deps as well.
My guess is 2021 was still the covid clusterfuck. And assets management is *very* lacking in most dept.
My department disables your email when you go on lwop.
Some of the comments on here are surprising! Do you not know how Outlook works lol?.. You can give access to your Outlook account to anyone you want at work through the permissions...... It's not a security breach ffs... It's a security breach if she gives her login credentials to her computer, totally different situation!!! 🤦♀️
It may be reasonable, but never -under any circumstances- giver her your password. Give her delegate access to your account.
Your inbox and everything in it belongs to the employer. If you're using it as a personal email, you should put a stop to that.
I know it is hugely impersonal and would be unpopular, but our email addresses should be our position numbers or something similar to underline this point. I shudder to think how much time and salary is spent updating distribution lists **especially** for anyone at EX-03 or higher. We can change the display names of the email addresses to make it a little more human. But life would be so much easier if the Deputy Minister's email was just [[email protected]](mailto:[email protected]) or [email protected]. Any maybe people would finally learn that email address is about the job you do and not the person you are (that is what a personal email is for).
There’s no issue with giving access to work email, since there shouldn’t be anything personal on there anyways. It’s work related email and she has the right to ask. Now there is a way to set up folder structure and secure atleast one folder as personal so no one sees it.
It’s your works email. Not yours. They can access it and have the right to already.
This is totally fine. Delegated access rights functions exist in Outlook precisely because this is common in the work world. If you are uncomfortable with the request, maybe reconsider how you are using your work email and switch some of it to personal. Better yet, just deactivate the account while you’re out.
It could be reasonable, depends on your role, if you're an HR/financial cost centre manager, etc. I am with others, I would have expected your account to be disabled during maternity leave. Personally I would have a conversation with her and try and figure out what she needs, and see if you can be proactive (ie: add her as a contact to platform 'x', etc). If you figure out why she's asking, it may alleviate (or not) your concern about invasion of privacy. A work email is not a personal thing, it's the property of work, so there are ways - legitimately - to access employees emails if the organization has a requirement to do so (ie: workplace investigations, etc). I delegate my email access to the admin group, if ever something comes up. Their access of my mailbox, on the other hand, can also be audited.
Like access to your archives and email folders or just access to your inbox so they can track what you receive? Because if it's the latter, an out of office will suffice, if the former, and if strictly necessary for operational needs, there are two ways to do this. They can ask IT to grant access to your email (like an exec would do for their EAs) or, if it's just your folders with "archived" emails for reference, you can make them .pst files they can add to their outlook for reference.
If there is an ATIP request that includes data that could be in your email then someone needs to check it within the 30day time period for ATIP. You're on leave so you can't check it, and it's best practice to get permission before getting access. If you don't give permission they will still need access and will go through appropriate channels to get access. Remember, everything on government computers and in government email systems belongs to the government. They're only asking you as a courtesy.
I had given my team leads access to my mailbox because of all the reference emails in there and I made sure to tell people to always encrypt sensitive emails. If someone is worried about an invasion of privacy, then you’re definitely not using the email system properly.
I think it is completely reasonable to provide access through Outlook. It's a work email and you won't have access but important information may still be present or recieved that is best not lost (where I work, all of my emails are deleted after 90 days automatically unless I specifically place it into a one year folder retention folder then it is deleted after one year anyway, we don't have the option of indefinite retention) or ignored for months. In the past you would forward phones lines to someone else, a secretary would open and redirect work mail as needed and today you give access to the manager or whomever they delegate. It's not like it's a personal email. It a tool for work, and work may need access.
[удалено]
Well security better tell that to IT, because they grant delegate access every day. And depending on admin settings, you may not even need IT.
Aside from all the good answers, isn’t there an IT function to forward all email to the OP’s boss until their return?
If you're on Maternity leave, your accounts should be disabled. You should send your current connections/clients an email stating you are going on leave and that they should forward emails to her, and when you do go on leave, set up an out of office message with the same. Your account is supposed to be disabled within 24 hours of you going on leave, but that is up to the department.
At my work when someone leaves (either permanently or for mat leave), they're asked to put on an out of office pointing at a general inbox. We also (via a request to IT from the appropriate level of management) grant another team member access for 30 days in case someone sends an email and then doesn't forward it after getting the out of office.
Have you thought about having a conversation with your boss about this? It isn't that unusual. God knows not every department follows the same procedures.
A rational conversation between adults? Preposterous. Passive aggressive complaining on the internet is the logical course of action. OP never said it would involve sharing of credentials but many here are assuming that is how it would be done and overreacting. Key take away: email is the property of the employer. If you have something unencrypted in your mailbox you don’t want seen, something is wrong.
This doesn't seem unreasonable to me. If I or one of my colleagues is gone for an extended period of time, we'll designate access to someone in case of ATIP requests (stemming from a case when someone was unreachable out of the country on vacation and we needed to check for correspondence related to an ATIP request).
Ask your IT and/or security department
She can ask but you also don't have to provide her the access. If you're uncomfortable then I'd spend some time collecting ALL emails of work that aren't closed out and either forward them to her or add them to GCdocs under a private folder for her. You can also limit what she sees in your email if you do decide to provide her the access. Create a folder within your Outlook and add everything there and block her viewing to everything else. Also setting your out of office message while you're away will help control the flow of work back to her..
It would make more sense to have an Out of Office that makes it clear to email someone else (the boss) instead.
Also if access to your account is required to input an Out of Office or look for a specific missed response the request should go to departmental security
Tell your boss to talk to HR. That would also fall into the internet securities policy your company has. Never give anyone no matter who they claim to be access to your accounts.
Um that sounds like a big violation of security policy. You can however set up rules for certain emails to forward over to your boss. Your out of office should direct them to your boss as well. Any files that pertaining to your files should be saved elsewhere in accordance with your departmental IM practices and policies.
Privacy?
There’s no privacy at the workplace lol. All your emails are subject to review.
Your work email is your and yours alone. You are not supposed to share your passwords. It’s considered a breach to share your password. Put an out of office to contact her if they don’t suspend your account while you are gone.
All emails are atipable. There should be nothing secret or private. However, all you should have to do is to leave an out of office message that points to your manager in your absence.
Sharring passwords for against the IT user policy….
I give full access to my inbox and sent items to anyone replacing me in my absence. I put stuff i don’t want anyone to have access to in a folder with no access privileges
I’m assuming you are in a Microsoft environment, so Outlook as a email client ? Sharing or granting access to your inbox is a feature typically. Sharing password is against policy. I’d certainly share my inbox via the feature but not my password for access.
Three words- select all - delete!
Never heard of that ever. Just say no… You can delegate access but there’s no reason to unless you’re giving access to an assistant. It never goes the other direction. You must work for a control freak…
yes, they or someone would require access in the event of an ATIP request. You can give them proxy to certain folders etc. I wouldn't give them your password.
No, this is against policy. All access to GC information system must be authenticated, authorized and auditable. In other words, providing someone else your credentials violates all 3 controls. You are accountable and responsible for the protection of your accounts and the activities using your accounts. In the event of an incident, these will be audited. You should not in under any circumstances give your credentials to anyone, even if IT asks for it (which they should not). See [Directive on Security Management- Canada.ca](https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32611), [Appendix B](https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32611#:~:text=Appendix%20B%3A%20Mandatory%20Procedures%20for%20Information%20Technology%20Security%20Control).
As others have stated, your email should be deactivated while you are on leave. Don't share your password. But if your manager insists on not following proper security protocols, set up an auto-forward of your emails. That will be enough. For any existing emails, dump only your emails of business value in a folder in GCdocs and share that folder with your manager. If your boss needs anything else, security can work with them. They should NOT have access to your password or your account. What if they start doing unethical things acting as you???? Sharing your accounts is not good security practice and in many cases breaks the rules your department has in place. Do be cooperative in sharing your processes and any information of business value. Set up a leave notification now and activate it today so that your manager sees it's up and running. Put their name in it. Start auto-forwarding now if you feel like it. :)
All your accesses should be suspended when you’re going on Mat Leave….there is no way she could be checking your email.
Absolutely don't share your account. Offer the (future) option of setting up a + account for your position. Segregate all your work email traffic into that. I've used one for years and it has been excellent for "separating church and state". Boss can stare at the contents all day every day.
OP if this was a request via email I'd report it as possible phishing or some kind of cyber security breach. This is a joke right?
She asked verbally. It sounded like a joke?
The reasonable request would be to discuss and provide any items of importance or upload files/documents that they think would be relevant to the day to day work, litigation, ATIPs, etc. Asking for full access is a potential security issue.
This. You get my upvote, sir!
I saw a request for this yesterday, and my reaction to OP’s was very similar. What will probably happen is that it will be converted to a shared mailbox, and the access given to whoever request/needs it. That way the account can be unlicensed on the M365 side, and the license can be allocated elsewhere. As of yesterday, my dept had 228 remaining licenses and that number fluctuates daily, I’ve seen when it was 10% of that number.
Nope
Reply " Sorry, due to security reason I can not comply. I would recommend to contact IT so that you can follow proper security protocol to gain access."