We're running a handful of osTicket installs internally for some teams that deal with sensitive employee information (Human Resources, compliance, etc.) and overall osTicket has worked fairly well for them, however those of us in Information Systems that are managing the server are getting email notifications for new requests, and these requests often contain sensitive information that we don't want to see. I created a new department on one of the installs, something to the effect of "Information Systems Server Admins" and disabled all of the notification bits, and moved those in question to the new department, however email notifications continue to be sent. The obvious solution is to create a rule in our mailboxes to just delete them, however I feel like there has to be a better option that I'm just missing.
