Yes, some surveys are self-serving, but this one has some data of interest:
Cybersecurity firm, HALOCK Security Labs, found that this back-to-school season may be an ideal time for data thieves to steal the personal and financial information of students and parents. HALOCK found that over 50% of the colleges and universities investigated allow for the transmission of sensitive information over unencrypted (and therefore unprotected) email as an option without directly promoting it and 25% of the institutions investigated advised applicants to send personal information, including W2s, via unencrypted email to admissions and financial aid offices.
Read more of their press release on Virtual-Strategy Magazine.