Ensuring student privacy is a critical consideration of any online proctoring solution. Much of the proctoring technology in the market today requires students to install extensions or plug-ins with real malware risks or program installs with no limitations on the data they can collect. Privacy regulations are often ignored or selectively interpreted, resulting in students being forced to submit if they want to pursue their education.
A key component of legislated privacy protection is to not collect, store, or share more information than is necessary for the communicated purpose. The “communicated purpose” that students are expected to accept is “limited online monitoring conducted for the purpose of identifying any individuals not complying with the established academic standard”.
An organization’s desire for academic integrity is not absolute and needs to make considerations for the protection of student privacy. Take screen recording, for example. Proctoring services that consistently record the student’s screen can see personal email, texts, programs, shortcuts, browsing activity, and more. There is no need to capture that much sensitive personal information, when the requirement for integrity may be only that the student does not leave the designated exam screen.
This same principle of only collecting what is necessary can be seen in how organizations use PayPal; they need to ensure that the payment details (i.e., credit card number) are valid without the need to see the actual credit card details. Consumers have developed a significant level of trust in PayPal knowing that the sharing of their financial information is highly restricted and only under situations of non-payment or fraud would all relevant financial details be shared.
Integrity Advocate mirrors the PayPal model by limiting the information shared across LMS’s and networks to only the image of fully compliant students. In situations where potential non-compliance is identified additional frames are “flagged” and shared to provide support for the violations.
Additionally, Integrity Advocate reviews all flagged frames for personal information that is not pertinent to the potential violation and obscures it from the institution. Examples of personal information include religious, political, or socially controversial imagery and potentially embarrassing acts or paraphernalia.
The only information shared from Integrity Advocate externally is what is required to support the flagged rule violation. All other information is deleted in 24 hours, long enough for a potential quality control review.