In an ever-evolving landscape of privacy and security, ensuring the proper handling of sensitive information should be a top priority for anyone configuring notifications and communications on the platform. Each region and country has its own laws and regulations surrounding the management of student and staff information. This article provides general guidance on best practices for sending secure messages using Clevr's in-app notification system and email, while not covering all legal requirements.
Note: It is the responsibility of the user setting up the notification to understand and comply with all applicable local, regional, and national laws regarding the handling of personal data, especially when dealing with sensitive student and staff information.
The Importance of Secure Communication
Sending notifications to users—whether students, staff, or administrators—requires careful consideration of privacy and security, especially when dealing with Personally Identifiable Information (PII). While email remains a useful communication tool, it lacks the necessary security controls to safeguard sensitive information. In contrast, in-app messages within Clevr are designed to provide secure, controlled communication.
Information to Include in the Email Body
Emails are inherently less secure than in-app notifications. They can be intercepted, forwarded, or accidentally accessed by unauthorized individuals, increasing the risk of data breaches, identity theft, or unauthorized disclosures. For this reason, sensitive data should never be included in the body of an email. Here’s what to keep in mind:
- Avoid including Personally Identifiable Information (PII) such as full names, addresses, birthdates, academic records, or any data tied to a student or staff member’s identity.
- Emails should serve as an alert or reminder to prompt the recipient to check their in-app notifications for any sensitive or detailed information.
- Safe information to include in email:
- General notification or reminder (e.g., “You have a new message in your Clevr Notification Board.”)
- Reference to a subject’s Local or Proprietary ID to help recipients identify which notification is relevant without disclosing personal information.
- Brief, non-sensitive instructions (e.g., “Please log into your account to view the full message.”)
Clevr’s in-app notification system is built with security in mind, ensuring that sensitive information remains within a secure, controlled environment. Use the Notification Board for:
- Any communication containing PII: Student names, academic records, health information, or other sensitive data should always be contained within the platform.
- Detailed instructions or responses: If the message requires action, feedback, or contains specific information about students or staff, use the in-app message.
- Confidential documents: If documents need to be shared, upload them securely within the system and notify the recipient through an in-app message.
How to Best Use Notifications
In the past, emails were often used to transmit all kinds of details, including sensitive information. With the Notification Board, this has changed. The best practice is to use email as a simple notification mechanism, directing users to the in-app message for any specific details.
Example 1:
- Email Subject: “New Notification Available in Clevr”
- Email Body: “A new message has been posted to your Clevr Notification Board. Please log in to view the details.”
- In-App Notification: All relevant details, including any PII or specific actions required, should be outlined securely.
Example 2:
Let’s say you’re managing a notification for a Student Incident Form. You want to notify a staff member about an incident without disclosing sensitive details in the email.
- Email Subject: “Update: Action Required for Student Incident Form”
- Email Body: “An update has been made to a Student Incident Form (Reference #SI123456). Please log into your Clevr account and search for the form using the reference number provided to view and take appropriate action.”
- In-App Notification: “Student Incident Form SI123456 has been updated with new details regarding [Incident Details]. Please review the form for further action.”
In this scenario, the email alerts the staff member to the need for action without revealing any sensitive information, and the in-app notification contains the necessary details securely.