Email remains one of the biggest sources of accidental data breaches, especially in environments where staff handle sensitive information daily. In education, this risk is even sharper, with student records regularly shared across internal and external teams. This blog explores how we helped to cut high risk data breaches at scale. You will see how a structured rollout, targeted rules and measured outcomes turned a persistent issue into a controlled risk.
Using Purview to prevent high risk data breaches
Education settings regularly face unintentional disclosure events. The most common pattern involves medical information about multiple students sent to several external recipients at once. Working with Legal, who handled mandatory notifications, the organisation identified this recurring breach type and moved to address it with Microsoft Purview.
Using Purview’s built in sensitive information types, they created rules that detected:
- Personal data belonging to multiple individuals
- Medical information contained in emails or attachments
- Messages addressed to multiple external recipients
Once triggered, the rule stopped the outbound message so staff could reassess and resend information safely.
A pilot group including Legal, IT, HR, Finance, Payroll and a selection of schools tested the DLP settings for a month. Surveys showed consistent feedback with no meaningful concerns, false positives or true positives affecting workflow.
Before the wider rollout, the team ran information sessions and updated internal guidance to support staff. More detail on Flame Tree’s approach to uplift programs can be found in our Cyber Maturity Uplift services page.
For further context on Australian privacy rights, see the Office of the Australian Information Commissioner’s guidance at oaic.gov.au.
How staged deployment improved adoption
The Purview rule was deployed in phases which helped reduce friction and ensured stability across systems. The sequence was:
- Pilot group
- IT
- Head office
- A small number of pilot schools
- Entire organisation
After each stage, the same survey was repeated and results stayed consistent. Staff reported minimal disruption and an improved awareness of sensitive information handling. One small error did occur during testing, but it didn’t impact outcomes.
Measuring the impact
Six months after the initial pilot, we’d supported full implementation of the rule set. We used system logs to determine whether the controls made a measurable difference.
Data showed that in 37 percent of cases, emails that likely would have created a reportable breach were not sent. Staff instead broke the information into multiple emails, each sent only to the correct recipient. This provided a reliable indication that the Purview control reduced high risk data breaches.
This case shows that well structured DLP controls can significantly reduce breach risk, especially in environments where sensitive information is routinely shared. By combining Purview’s detection capabilities with user training, staged rollout and continuous measurement, the organisation built a safer communication process and created meaningful operational change.