Rustici Software's
SCORM Blog

Subscribe

Archive


Tweets by Rustici Software



Topics

Authors

At Rustici Software, the General Data Protection Regulation (GDPR) came at an ideal time for us to complete a self-review of our data privacy (see our official description of what we’ve done here). Our tools can be many things to many people, with each product having its own set of data privacy scenarios to think through. GDPR pushed us to take a close look at each of our tools, improving them as we found things that could be better. We began this process thinking we were doing everything already, only to discover ways to build better tools.

Of course we went through the normal process of evaluating our company-wide privacy policy and made some small changes. We were proud that we already valued our customers’ data as their own, never shared it out with a third-party for commercial gain and took every reasonable step to keep data secure. We’ve participated in Safe Harbor and Privacy Shield certifications in the past, which guided our existing policies. Nevertheless, we tweaked some internal policies and improved our stance. We also put some GDPR-required Data Processing Addendums in place for all the tools we use and with customers who rely on our hosted tools.

SCORM Cloud:

Our SCORM Cloud product was one of the first places we looked. Since its creation, SCORM Cloud has grown to launching over a million new courses each month. SCORM Cloud offers four ways to invite a learner to take a course, so we thought through GDPR implications for each. We’re grateful for our SCORM Cloud user base, who carefully considered our platform’s impact on their GDPR obligations and worked with us to get the right tools in place. The GDPR had an impact on each of these invitation methods.

Public Invites:

These invites provide a simple link that allows easy entry to a course. We needed to provide ways to delete the information that this method creates. While SCORM Cloud does not capture much, we do capture First Name, Last Name, Email Address, Quiz and Assessment Data, as well as xAPI Statements. We determined that it was too hard to delete this data, when requested to do so. We built tools to make this data management and deletion much easier; we wanted to make it easier for our SCORM Cloud customers to manage the GDPR data deletion requirements. You can review these PII deletion tools here.

Private Invites:

These invites provide a direct email to allow a learner to take a course. We also needed to provide ways to delete the information that this method creates. Again, while SCORM Cloud doesn’t capture much, we do capture First Name, Last Name, Email Address, Quiz and Assessment Data, as well as xAPI Statements. We determined that it was too hard to delete this data, when requested to do so and we built tools to make this data management and deletion much easier. You can also review these PII deletion tools here.

SCORM Cloud Dispatch:

SCORM Cloud Dispatch is a popular way to help content creators control their courses inside a third-party LMS. Dispatch provides six benefits to a course owner, who needs their content to play nicely inside nearly any third-party LMS. Since Dispatch has the potential to capture some learner’s personally identifiable information (PII) we have added a tool that can anonymize the PII learning data. This tool can help meet a content owner’s desire to control courses, without giving up their GDPR obligations. We’ve also added in an optional tool that will display a privacy policy at the bottom of the SCORM player window. Now using Dispatch can still be possible in an GDPR compliant environment. Dispatch users can learn more about our PII blocker here.

SCORM Cloud API:

Many of our SCORM Cloud’s integrations are purely API based. In order to support these customers, a new API has been added that makes the data delete operations available, in order to help our customers meet their GDPR obligations. Using the API, you can identify a learner ID (or xAPI Actor) and request SCORM Cloud delete all data about that learner from our system. The developer’s documentation for our PII and GDPR learner deletion tools can be found here.

SCORM Engine:

The cornerstone of our ability to help the eLearning industry “play nice” with one another has been our SCORM Engine. This application is relied on by hundreds of learning platforms and LMSs throughout the world. It was critically important that we provide tools within the SCORM Engine to help our customers more easily meet their platform’s GDPR obligations.

Engine now features the ability to delete learner data, via new API calls. We released this API enhancement as an Engine 2017.1 maintenance release. Additionally, we’ll be introducing a user interface for performing the same ‘learner delete’ operations as part of our Rustici Engine 2018.1 release. Existing Engine customers are encouraged to simply upgrade their Engine application to enable the latest GDPR data management tools. We’ve also added the ability for customers to have a privacy policy optionally displayed at the bottom of the SCORM Player window.

Content Controller:

Much like SCORM Cloud Dispatch, Content Controller needed some tools to make managing GDPR obligations easier. Upgrades were done to make sure Content Controller users aren’t tracking personal data for training when utilizing Content Controller to launch training through other LMSs. Content Controller customers now have the ability to enable one-way hashing of learner identifying data captured through various learning standards. When this option is enabled Learner Identifiers and Learner Names will be hashed (SHA-256) in the learner’s browser before that data is transmitted to the application providing the dispatch package. We’ve also added the ability for Content Controller customers to have a privacy policy optionally displayed at the bottom of the SCORM Player window. This guide provides more about PII inside Content Controller.

To sum it up

Nothing with privacy and software is final. Here at Rustici Software, we view data privacy and protection as a goal to continually strive for. The GDPR will most certainly evolve and we intend on doing whatever is reasonable to continue to support customers all over the world, while protecting their valuable data. If you have concerns about our existing tools, GDPR posture, or data privacy policy, please let us know. We’re always willing to take a closer look at our solutions and try to evolve them in new ways.

No Comments | Post a comment »



When looking through the eLearning Atlas, I wondered if the versions of SCORM that companies claim to support are closely matched to what we see being used in reality, via SCORM Cloud. Let’s check it out:

Versions of Claimed SCORM Support in the eLearning Atlas vs. Use in SCORM Cloud:
SCORM's use in the eLearning Atlas vs. SCORM Cloud

more…

1 Comment | Post a comment »



We created the eLearning Atlas to be an ideal tool to easily find the proper solutions. Jena and I have tried to speak to every company in the Atlas, and we continue to seek those that we’ve missed. This process provides a valuable pool of data. Rather than hoard this information, I thought it would be nice to share.

Let’s take a graphical look at some of the interesting conclusions I’ve drawn. The following graphs only include traditional products that can implement standards (Authoring Tools, LMSs, LCMSs and Content Libraries). Here we can see the haves and the have-nots:

eLearning Atlas Products That Support At Least One Standard:
eLearning Atlas products that support standards

A look at the Haves:
Standard support among those that use standards...

So, what does this all mean? For the majority of the industry, SCORM works, but there are lots of eLearning products out there that don’t play nicely with one another. The creation and delivery of content is a hard problem to solve, without a common standard or model… it’s really hard to solve.Double Rainbow - What does this mean? When developers try to fit a unique course into a unique learning system… things get complicated. When eLearning gets complicated, things get expensive.

The eLearning Atlas proves that there are thousands of possible companies who can create, manage and deliver eLearning, some doing it without any claimed support for standardization. For some companies, the expense of stepping outside their branded box of solutions, locks a customer in for life. We think SCORM frees people to choose the best fit. The eLearning Atlas can help users easily filter out the noise of companies who are not interested in playing nicely with one another, and make connections with products that want to work together.

To look at it another way, we’ve currently found 219 Authoring Tools, some being used by 360 Custom Content Creators to make training that will be delivered using 655 LMS/LCMSs… that’s 51,640,200 possible combinations. Trying to fit all those pieces together, each time, is a daunting task and the exact pain ADL created SCORM to solve. SCORM (and other standards) help eLearning providers play nicely with one another; the eLearning Atlas can help users find the products and services that will play nicely with the systems they already use.

No Comments | Post a comment »



A car salesman’s credibility is quickly lost when he guesses what size engine is under the hood or what the gas mileage could be. Claiming a car has “good” gas mileage is not the same thing as knowing it’s 40 mpg. A 6-cylinder engine can come in a variety of flavors… in-line or V, turbocharged or naturally-aspirated, these details create some machines that are much faster than others. With cars, more is not always better, sweating the details creates vehicles that keep “car guys” debating for hours. People who care nothing for cars will make generalizations that make me cringe, but nobody wants a guessing salesman to help choose the perfect vehicle.

A Garage Full of Fancy Cars... and Chris

more…

3 Comments | Post a comment »


MacGyver’s Map Wisdom

Categories: e-Learning Atlas
3 Nov 2011


The best company you can have, in a strange place, is a map.

-MacGyver

I’ve seen every episode of MacGyver… most more than twice. When thinking about the best way for users to get what they want out of our eLearning Atlas, MacGyver’s advice came to mind.

more…

No Comments | Post a comment »


Older Posts »

Browse Categories

Using the Standards

Tips, tricks and solutions for using SCORM and AICC.

Standards Evolution

Our chronicling and opinion of the evolution of SCORM.

Rustici Software

Stories about who we are and what we're up to.

Products

News about our products. Notifications of new releases and new features.

Ideas and Thoughts

Miscellaneous thoughts and ideas about e-learning, entrepreneurship and whatever else is on our minds.

Software Development

Ideas about software development and how we manage things internally.