Security protocol for a new user with the same email address as old user

Use Case:

1. Jim Smith(1) is assigned the email address jim.smith@acme.com and creates an account at app.coolapp.com.
2. Jim Smith(1) leaves Acme company.
3. A new Jim Smith(2) starts working for Acme company and gets assigned the same email address.
4. Jim Smith(2) tries to create an account at app.coolapp.com and receive the message, "This email address is already in use. Click here to reset your password."
5. Jim Smith(2) resets the password and now has access to all Jim Smith(1)'s info on app.coolapp.com.

Anyone have any helpful hints or protocols for how this is handled?