I am afraid there is no good answer for this. There are no best practices here as everything will eventually come down to each organizations own security policy. In my personal opinion, a leaver's record can be retained for a set duration, but as a good housekeeping practice, it is also good to clean the inactive and stale objects after this set duration has passed.

The thing that must drive your decisions must be based on your data retention policies. Those will drive all decisions regarding accounts, data governance/retention, etc. And consequently, it will also drive how you handle accounts: Everything from immediate deletion of logins/credentials & remote wipe of devices all the way to just "changing passwords" and disabling remote access are on the table. Good question, but @rahuljindal-MVP is completely correct, there's not "best practice" because every case, every company, and every industry is different. It even changes over time as technology changes and evolves, as laws change. 15 years ago Fax machines were considered the cat's meow for HIPAA compliance, until one day a doctor's office sent his patient's positive HIV test results to an office Fax, where all the colleagues and management saw the results. $2 million later, Fax is no longer considered "HIPAA Compliant". Weird how that works.