There are a number of aspects to this which must be considered:
(a) The Scottish and UK Freedom of Information Acts provide a statutory right of access to information held by public authorities (which include most colleges and universities) unless an exemption or exception to the right applies. This information may include that contained in emails held on the computers of the public authorities.
The Freedom of Information Acts provide a right of access unless an exception applies. The main likely exception would be if access would involve access to personal information both of the deceased and any third party.
However, The Data Protection Act 1998 applies to living individuals and provides no privacy protection to the deceased. The legislation at Part I s.1 states that 'personal data' means data that relates to a living individual. The Act can be accessed at - http://www.legislation.gov.uk/ukpga/1998/29/contents.
Thus it would appear from a data protection perspective with regard to the personal information relating to the deceased account holder that access to the account may be possible. However, the account may contain personal data of other individuals which would be subject to both data protection and FOI provisions. For information on this see the guidance on Personal Information at -http://www.ico.gov.uk/upload/documents/library/freedom_of_information/detailed_specialist_guides/informationaboutthedeceased.pdf (for UK requests)
(b) If there is no legislation specifically preventing release, are you then at liberty to access the information contained in the email account.
If there is no legislation specifically preventing release, it is worth considering whether there is any duty on the staff and/or the student/university relationship to treat the correspondence confidentially. If so, it is recognised in law that this duty continues after death and could theoretically be enforced by the deceased's representative.
If it is essential to access the account we suggest that access is restricted, a log/audit track is kept of what is accessed and access is made for clear specific purpose only. This is in accordance with the Data Protection Employment Practices Code which is available from the ICO website at: http://www.ico.gov.uk/Home/for_organisations/topic_specific_guides/employment.aspx.