Rustici Software's
SCORM Blog

Subscribe

Archive


Tweets by Rustici Software



Topics

Authors

We know our customers have been spending a lot of time thinking through how GDPR affects their business and the learning data they maintain on behalf of their customers. So have we.

We’ve been working hard to make sure our customers have the tools necessary to accommodate any GDPR-related requests they may receive, while also auditing our internal systems and procedures to make sure we’re following industry best practices related to privacy and security.

As we get closer to releasing these new tools, we want to make sure our customers know what they are and how to make use of them. GDPR impacts each of our products differently.

Below is a sneak peek of what’s to come in each. More details can be found on our GDPR home page, which will always have the most up to date information on our support and product updates related to GDPR.

SCORM Cloud and SCORM Engine

We are adding the ability to delete learner data within both SCORM Cloud and SCORM Engine.

There will be different methods for accessing this function in SCORM Cloud depending on how you interface with the application.

We will include additional API methods in an upcoming maintenance release for Engine 2017 to support deleting learner data. Engine 2018 will include a user interface that can facilitate deleting learner data.

Dispatch and Content Controller

Based on collaboration with some of our customers, we’ll be helping you ensure you aren’t tracking personal data when utilizing Dispatch or Content Controller to launch training through other LMSs. We are adding the ability to enable one-way hashing of learner identifying data captured through various learning standards. When this option is enabled Learner Identifiers and Learner Names will be hashed (SHA-256) in the learner’s browser before that data is transmitted to the application that is providing the dispatch package.

What Now?

If you have more questions about how these features work, when they’ll be available, how you use them, or believe you need a Rustici Software Data Processor Agreement (DPA), please contact us at GDPR@scorm.com.

Remember, we’ll be continually updating our GDPR and Rustici Software Products webpage with the most up to date information.

No Comments | Post a comment »



Update for May 12th, 2016:  We are continuing to observe the situation. The European Commission has released details of the new Privacy Shield Framework designed to heighten protections for transferring European Union residents’ personal data to the U.S. Procedural barriers still inhibit its approval, but it appears thus far to be a viable solution for US companies that need to respond to the invalidation of the Safe Harbor Framework. 

We expect that approval of the Privacy Shield Framework may come as early as June 2016. To that end, we are putting into place the processes and policies necessary to ensure that we can properly comply with all new data protection regulations. Rustici Software is fully committed to ensuring that we are able to protect your privacy and security.

The situation is still fluid, and we await further information from the European Commission and related authorities.   The US Department of Commerce has indicated that it will continue to administer the Safe Harbor program in the interim.

Until the Privacy Shield framework is approved, two alternatives are available:  EU Model Contract Clauses and Binding Corporate Rules (BCRs).  Because of the significant administrative burdens and lengthy approval process of BCRs, many companies have elected to implement Model Contract Clauses in the interim. Rustici Software currently uses Amazon Web Services (AWS) for all data transfers between the EU and US that are affected by the recent ruling.  AWS released a Customer Update on October 9th where they announced that they have fully implemented Model Contract Clauses:

Today, we’d like to confirm for customers and partners that they can continue to use AWS to transfer their customer content from the EEA to the US, without altering workloads, and in compliance with EU law. This is possible because AWS has already obtained approval from EU data protection authorities (known as the Article 29 Working Party) of the AWS Data Processing Addendum and Model Clauses to enable transfer of personal data outside Europe, including to the US with our EU-approved Data Processing Addendum and Model Clauses. AWS customers can continue to run their global operations using AWS in full compliance with the EU Data Protection Directive (Directive 95/46/EC). The AWS Data Processing Addendum is available to all AWS customers who are processing personal data whether they are established in Europe or a global company operating in the EEA. For additional information, please visit AWS EU Data Protection FAQ.

The full text of the AWS advisory is available here.

AWS’ Data Protection whitepaper further describes the effect of the Model Contract Clauses:

On March 6, 2015, the AWS data processing addendum, including the Model Clauses, was approved by the group of EU data protection authorities known as the Article 29 Working Party. This approval means that any AWS customer who requires the Model Clauses can now rely on the AWS data processing addendum as providing sufficient contractual commitments to enable international data flows in accordance with the Directive. For more detail on the approval from the Article 29 Working Party, please visit the Luxembourg Data Protection Authority webpage here: http://www.cnpd.public.lu/en/actualites/international/2015/03/AWS/index.html.

It appears that AWS’ implementation of Model Contract Clauses will allow our EU-based clients that utilize our Cloud Services to continue to comply with all relevant laws and regulations.  However, we are currently making a closer examination of these matters to ensure that we are correctly protecting our EU clients’ interests and fully complying with all applicable regulations.

We will update this page and our privacy policy as developments warrant.  If you have any questions or concerns, please contact us via your normal support channel, or send an email directly to our privacy team at safeharbor@scorm.com.

Warm Regards,

Your Friends at Rustici Software

 

No Comments | Post a comment »



Browse Categories

Using the Standards

Tips, tricks and solutions for using SCORM and AICC.

Standards Evolution

Our chronicling and opinion of the evolution of SCORM.

Rustici Software

Stories about who we are and what we're up to.

Products

News about our products. Notifications of new releases and new features.

Ideas and Thoughts

Miscellaneous thoughts and ideas about e-learning, entrepreneurship and whatever else is on our minds.

Software Development

Ideas about software development and how we manage things internally.