Editor’s note: Online health and safety training is a booming industry, but how can trainees be assured that private information that they must share is protected? In the second part of a series, Troy Media investigates the complex world of online proctoring, and what it might mean to people who take online courses and exams.
There has been a massive shift to e-learning over the past decade – for everything from worker health and safety training to post-secondary student exams, and that has led to increasing use of remote monitoring. When not managed well, the use of tools to monitor trainees and students has raised a host of privacy concerns.
To ensure learners are actually taking the training and are engaged, industry leaders are using processes or technology that can verify identity and monitor their participation.
In a typical remote monitoring process, the learner accepts a privacy agreement, authorizing use of the camera and/or microphone on their computer. The learner is asked to accept the privacy agreement to ensure they understand what data is being collected and why.
Test-takers hold government-issued ID up to their computer camera and allow their face to be photographed. Then the entire time a person is taking a course or test, the camera is used to ensure, among other things, that it’s still the same person in the same location, and that they’re not being coached by someone else.
This helps confirm training/testing standards are met, but critics fear there’s potential for abuse. Insecurely stored data could be shared, stolen and monetized.
“How does a person know their information is being protected?” asks Edmonton-based lawyer Samantha Kernahan, who points to federal privacy legislation.
“Any exposure of that data to a third party outside of the person who collected it engages our privacy statutes in Canada,” Kernahan said.
But Canada’s standard of privacy protection is well below that of the European Union, experts say. The EU has taken world leadership in the protection of personal privacy, says Ann Cavoukian, expert-in-residence at Ryerson University’s Privacy By Design Centre of Excellence. Cavoukian created the concept of “privacy of design” (PbD) at her kitchen table 20 years ago and she’s pleased to see the idea incorporated into EU regulations.
The EU’s General Data Protection Regulation (GDPR), which came into effect in 2018, “raised the bar so high, countries around the world are scrambling to catch up,” she said. It’s far ahead of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), which came into effect in 2000 and is in serious need of an overhaul.
One of the GDPR requirements that’s challenging organizations is the concept of “privacy as a default setting.” This concept posits that an individual should not need to take measures on their own to protect their privacy – the privacy protection is built into the system, as the default.
Here are two examples of training organizations using different approaches to address these privacy concerns:
Smart Serve Ontario is a not-for-profit organization that provides training and certification for anyone serving alcohol in a business.
It validates online training participants by using a third-party service provider. This third party doesn’t provide Smart Serve access to the government-issued ID of learners that’s used to validate learner identity, nor any video or images of learners, so long as the learners comply with participation standards.
The third party keeps the limited data it has on Canadian servers. It immediately deletes the ID image and all video/imagery of compliant learners after the training or testing is complete. The approach is very much line with the concept of “privacy as a default setting.”
Energy Safety Canada (ESC), a non-profit safety organization for the oil and gas industry in Canada, offers a variety of online courses for workers. Much of the training ESC provides is a job requirement.
The third-party technology provider that ESC uses also captures ID and participation of online learners. But – unlike Smart Serve’s provider – it then shares this information with ESC through server transfers. The problem is that servers they use are in the United States and thus could be accessed legally by the U.S. government under authority of the Patriot Act.
Users seeking to protect their privacy would need to make a formal demand to ESC to have their data deleted from ESC servers. They would also need to make a similar demand to the third-party technology provider.
Like a number of other companies, ESC relies on learner verification/monitoring companies that operate in countries with privacy standards well below the EU’s. Those countries range from the United States to Asia and even Eastern Europe.
ESC CEO Murray Elliott confirmed that Proctorio is the third-party firm that monitors the organization’s online courses where monitoring is required. Proctorio has offices in the U.S., Germany and Serbia.
Elliott says the test-taker’s personal information stays with ESC and Proctorio “doesn’t store any information.”
Yet Proctorio’s privacy policy advises users that the company collects the user’s personal information and may provide it “to the institution, university, college, school, or organization.” In the same privacy policy statement, Proctorio advises that it collects information from the learners’ “webcam, microphone, browser, desktop, or any other means necessary to uphold integrity.”
“At the discretion of the exam administrator, this may include a scan of your surroundings and computer display,” it states.” The company advises, “To use the Services, however, we may be required to collect personally identifiable information, such as your name, email address, phone number, and institution.”
Proctorio advises learners who are taking training for employment purposes: “If you do not wish for your Personally Identifiable Information to be used as described in this Section, you should not use the Services.”
Cavoukian could not comment on a specific company and was unaware of Energy Safety Canada’s practices. But she said any circumstance in which a trainee is required to take training to retain or gain employment should not force a learner to give up privacy rights.
“That’s appalling,” says Cavoukain. “They shouldn’t have to forego their privacy to take an exam.”
Elliott says that if an employee opts out of a proctored ESC course or test, they can go to one of their provincial locations and take the course in class. In some cases, however, such travel is costly or logistically difficult to arrange.
Dan MacDonald is head of BIS Training Solutions, a company that provides online and in-class learning and compliance health and training courses for dozens of major companies. He says BIS uses Integrity Advocate, a third-party technology provider that verifies learner identity and participation while ensuring learning privacy is protected.
Integrity Advocate uses a process similar to that used by PayPal and states: “We only get the information we absolutely require and for the majority of learners that comply with participation standards that is only one image of the user’s face,” said MacDonald.
Integrity Advocate’s system was built on the privacy by design principles and complies with GDPR standards. The company stores data in Canada and immediately destroys all data collected during a compliant learner’s session, except one image.
To Cavoukian, anyone who submits to online monitoring that doesn’t meet or exceed the EU’s GDPR standards won’t be protected. She says upgrades to Canadian privacy laws are needed and were promised by the Liberal government. But the initiative has been sidelined with an imminent federal election.
Until those changes come about, the onus is on individual training providers to show they’re taking the necessary steps to protect the privacy of learners.
This content is a joint venture between our publication and our partner. We do not endorse any product or service in the article.
To the Author:
It’s unfortunate that Proctorio was not contacted for comments. We jump at every opportunity to discuss student & test-taker privacy and have started to form a coalition around the subject—since we are very much “privacy by design.” Last year we attended SXSW EDU to join a panel discussion around GDPR with members from the Future of Privacy Forum.
Proctorio is fully GDPR and PIPEDA compliant and most of our privacy practices exceeded the GDPR guidelines prior to its mainstream debut.
We’d like to address a few of the points and mischaracterizations mentioned here. Regarding: “The problem is that servers they use are in the United States and thus could be accessed legally by the U.S. government under authority of the Patriot Act.”
It’s important to realize that despite using U.S.based servers, the exam information is encrypted—therefore it cannot be meaningfully deciphered by any agent who might gain access to the data—legally or otherwise. The decryption keys lie solely with authorized individuals at the client organization and only for the exams issued by the specific institution.
Regarding our privacy policy: we’re consistently working to improve the ambiguous language—but the only time Proctorio would require personally identifiable information is in a situation where a user voluntarily asks for a follow up when seeking technical support (i.e. an email address)—though most support tasks are handled anonymously via chat inside the UI.
Some institutions enable features that use the test-taker’s webcam and microphone to capture and record the exam environment. This data is stored using a zero-knowledge encryption scheme meaning it is only accessible by the authorized institution via encryption key. We, ourselves, cannot access the information and if a data breach were to occur, it would be virtually useless to the bad actor since the data is decrypted exclusively within the learning management system used by the client institution.
We’d be happy to elaborate further with any questions or concerns and hope that you will consider reaching out to us next time.
Kindly,
Proctorio
To the Author:
It’s unfortunate that Proctorio was not contacted for comments. We jump at every opportunity to discuss student & test-taker privacy and have started to form a coalition around the subject—since we are very much “privacy by design.” Last year we attended SXSW EDU to join a panel discussion around GDPR with members from the Future of Privacy Forum.
Proctorio is fully GDPR and PIPEDA compliant and most of our privacy practices exceeded the GDPR guidelines prior to its mainstream debut.
We’d like to address a few of the points and mischaracterizations mentioned here. Regarding: “The problem is that servers they use are in the United States and thus could be accessed legally by the U.S. government under authority of the Patriot Act.”
It’s important to realize that despite using U.S.based servers, the exam information is encrypted—therefore it cannot be meaningfully deciphered by any agent who might gain access to the data—legally or otherwise. The decryption keys lie solely with authorized individuals at the client organization and only for the exams issued by the specific institution.
Regarding our privacy policy: we’re consistently working to improve the ambiguous language—but the only time Proctorio would require personally identifiable information is in a situation where a user voluntarily asks for a follow up when seeking technical support (i.e. an email address)—though most support tasks are handled anonymously via chat inside the UI.
Some institutions enable features that use the test-taker’s webcam and microphone to capture and record the exam environment. This data is stored using a zero-knowledge encryption scheme meaning it is only accessible by the authorized institution via encryption key. We, ourselves, cannot access the information and if a data breach were to occur, it would be virtually useless to the bad actor since the data is decrypted exclusively within the learning management system used by the client institution.
We’d be happy to elaborate further with any questions or concerns and hope that you will consider reaching out to us next time.
Kindly,
Proctorio
To the Author:
It’s unfortunate that Proctorio was not contacted for comments. We jump at every opportunity to discuss student & test-taker privacy and have started to form a coalition around the subject—since we are very much “privacy by design.” Last year we attended SXSW EDU to join a panel discussion around GDPR with members from the Future of Privacy Forum.
Proctorio is fully GDPR and PIPEDA compliant and most of our privacy practices exceeded the GDPR guidelines prior to its mainstream debut.
We’d like to address a few of the points and mischaracterizations mentioned here. Regarding: “The problem is that servers they use are in the United States and thus could be accessed legally by the U.S. government under authority of the Patriot Act.”
It’s important to realize that despite using U.S.based servers, the exam information is encrypted—therefore it cannot be meaningfully deciphered by any agent who might gain access to the data—legally or otherwise. The decryption keys lie solely with authorized individuals at the client organization and only for the exams issued by the specific institution.
Regarding our privacy policy: we’re consistently working to improve the ambiguous language—but the only time Proctorio would require personally identifiable information is in a situation where a user voluntarily asks for a follow up when seeking technical support (i.e. an email address)—though most support tasks are handled anonymously via chat inside the UI.
Some institutions enable features that use the test-taker’s webcam and microphone to capture and record the exam environment. This data is stored using a zero-knowledge encryption scheme meaning it is only accessible by the authorized institution via encryption key. We, ourselves, cannot access the information and if a data breach were to occur, it would be virtually useless to the bad actor since the data is decrypted exclusively within the learning management system used by the client institution.
We’d be happy to elaborate further with any questions or concerns and hope that you will consider reaching out to us next time.
Kindly,
Proctorio
To the Author:
It’s unfortunate that Proctorio was not contacted for comments. We jump at every opportunity to discuss student & test-taker privacy and have started to form a coalition around the subject—since we are very much “privacy by design.” Last year we attended SXSW EDU to join a panel discussion around GDPR with members from the Future of Privacy Forum.
Proctorio is fully GDPR and PIPEDA compliant and most of our privacy practices exceeded the GDPR guidelines prior to its mainstream debut.
We’d like to address a few of the points and mischaracterizations mentioned here. Regarding: “The problem is that servers they use are in the United States and thus could be accessed legally by the U.S. government under authority of the Patriot Act.”
It’s important to realize that despite using U.S.based servers, the exam information is encrypted—therefore it cannot be meaningfully deciphered by any agent who might gain access to the data—legally or otherwise. The decryption keys lie solely with authorized individuals at the client organization and only for the exams issued by the specific institution.
Regarding our privacy policy: we’re consistently working to improve the ambiguous language—but the only time Proctorio would require personally identifiable information is in a situation where a user voluntarily asks for a follow up when seeking technical support (i.e. an email address)—though most support tasks are handled anonymously via chat inside the UI.
Some institutions enable features that use the test-taker’s webcam and microphone to capture and record the exam environment. This data is stored using a zero-knowledge encryption scheme meaning it is only accessible by the authorized institution via encryption key. We, ourselves, cannot access the information and if a data breach were to occur, it would be virtually useless to the bad actor since the data is decrypted exclusively within the learning management system used by the client institution.
We’d be happy to elaborate further with any questions or concerns and hope that you will consider reaching out to us next time.
Kindly,
Proctorio