In yet another example of how one accidental click can see an organization managing a major data incident, a school in Barton-under-Needwood in Staffordshire has hit the headlines recently for mistakenly sharing student data by email.

An email sharing not only pupil’s names and grades but individual marks was shared with parents by error. According to reports, the same email was sent to students but staff were able to recall it in time.

Approximately 40 minutes after the first email was sent, the head teacher circulated a second email titled ‘Urgent Year 13 Grade Boundaries’, in which she asked all recipients not to open the email. The school has confirmed that the leaked results were sent out in a 'human error' and apologized to students and their families for the mistake.

This is not the first time an educational institution has felt the fallout of a data leak due to similar circumstances.

Last year, a Warwickshire based secondary school and sixth-form college managed a similar incident when families received COVID-19 results for the wrong students. While the incident reportedly impacted only a small number of students, the nature of the incident meant the story was quickly picked up by the press.

Recalling emails relies largely on the recipient’s compliance with the follow up request. Standard email recall is often not foolproof and can, instead, draw the recipient to read the recalled email through curiosity. What can be done to avoid these errors?

Educating educators: How to avoid data leaks

From experience, we know that time-strapped staff don’t have time to perform a triple check of every email before pressing ‘send’. Tech must do the hard work for them.

Here are five boxes any educational institution must tick to avoid a data leak:

1. Enhancing M365: Traditional email, alone, is not enough to protect sensitive data. Improving it with intuitive security functionality which integrates seamlessly with existing email clients means your busy teams don’t need to learn how to use new platforms. Keep things easy, keep staff happy. Simple.
2. Big solutions to small mistakes: Why expect people to be security experts when you can make sending sensitive data safely effortless? If Zivver detects sensitive data in the body or attachments of emails, it automatically encrypts the email and sends it securely.
3. Secure large file transfer: When it comes to sharing large data sets, particularly when PII is in question, relying on third party platforms doesn’t guarantee security. Empower staff to share data directly from email, and manage access with multi-factor authentication and expiration controls after sending.
4. User-friendly for all: We don’t just mean for staff - we mean for recipients, too. Students, parents, external parties and stakeholders; Zivver makes accessing emails sent securely easy for everyone, without the need to create accounts. Non-Zivver users can even send secure emails into your organization too, with our Conversation Starter functionality.
5. Recall without limits: Email sent in error? No sweat. Our recall button actually works, with no time constraints. Plus, users can view when emails have been opened - so if an email is recalled in time, they can guarantee that no data incident has occurred. And breathe.

When handling young people’s data, it goes without saying - every effort must be taken to manage it safely. Learn how more than 1,700 staff at Curio are emailing securely across more than 30 primary and secondary school locations and why educational institutes are choosing Zivver to strengthen their email security and avoid human error.