The Windsor Forest College Group comprises two sixth form colleges and two specialist technical, vocational and land-based training colleges. Committed to providing first class education and training for young people, adults and employers, the Group sought a consistent encryption and file sharing solution for use across all sites.

We spoke to Yee Har Miller, Data Protection Officer and Compliance Co-ordinator at the group, to find out how Zivver is supporting the team to achieve compliance by managing sensitive data securely:

“We use Zivver in the Microsoft environment and have recently rolled Zivver out across our approximately 1,200 members of staff. The implementation was smooth. Any niggles were quickly turned around by the Zivver team and they were fast to answer our questions. The Support team is very responsive and we were happy with the implementation.”

“The reason Windsor Forest sought an encryption solution is mainly down to compliance. We were in the process of reviewing our data protection processes. It’s fair to say that all educational organisations are being pushed to review data protection, and it is increasingly becoming a focus in inspections and audits. So, we were asking ourselves, how good are our data protection policies and processes?”

“I also understand that, at some point in the near future, the government will enforce the ISO 27001 accreditation for educational establishments, which will see information security leaders prioritising the improvement of data processing. Naturally, this includes reducing data breaches. Given the nature of data breaches being recorded, email tends to be the most common vector; sending data to the wrong person, not using bcc in group emails - common mistakes for any organisation. We want to help our staff to avoid these incidents without complicating processes, with one centralised, consistent, user-friendly system. That’s why we chose Zivver.”

“Day to day, we expect maybe around half of our staff to use Zivver to encrypt sensitive information. These are mainly staff who deal with external agencies, those handling sensitive student data. These might be teachers, when they have cause to liaise with external agencies but, more likely, they will be staff in safeguarding roles who support teaching staff. These individuals handle a lot of data which needs to be shared externally.”

“In addition to student data, operational and administrative teams handle data which also needs handling with care. For example, our Finance and HR teams. On occasion, they may have a need to encrypt data, particularly if it needs to be sent externally.”

“So, while not every member of staff at the Group will have cause to encrypt emails very often, we have provided Zivver licenses to all staff. Everyone has an obligation to be mindful of data protection, so we are providing the tools they need to encrypt sensitive emails.”

“Our Safeguarding team frequently uses the Secure File Transfer capabilities to share sensitive information externally. This might be data relating to medical history, education reports and attendance data. This information must also be protected with multi-factor authentication controls. Often, the sensitive data is sent to shared mailboxes, and Zivver enables us to share passwords by email to enable access.”

“Zivver’s out-of-the-box business rules support people in avoiding mistakes. Zivver notifies users to the presence of sensitive data in the body and attachments of emails. They make me stop and think so I’m sure they must be doing the same for our staff! Now we’ve had some time to use Zivver, we’re in the process of building our own business rules, tailored to our needs.”

“I’ve found that Zivver has raised awareness of GDPR. People are considering encryption because Zivver is there in front of them every time they send an email, ready to be activated. Human error has long been a concern, as I’m sure it is for data protection leaders at every educational organisation. You can systemise as much as you like, but mistakes find a way; you can circulate staff bulletins, reminding staff to be careful when sending data, but you can’t make people read them. But Zivver is right there in real-time when people are about to send sensitive data, alerting people to encrypt and reminding them to check basic things like their recipient fields. I feel that’s the key benefit of Zivver, it makes people more conscious of security.”

“There has been positive feedback . A colleague that has previously used a popular encryption system said they prefer Zivver as they find it easier to use. The fact that Zivver checks the content of large files for sensitive data is very helpful.”

“I would recommend Zivver to other educational institutions. As an encryption system, it is incredibly easy to use. It is intuitive, uncomplicated, and it integrates well with Outlook.”