GDPR and Rustici Software Products

General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. We are adding new features to our products to ensure that our software solutions help our customers comply with the GDPR-related requests.

Here you will find the latest information on GDPR-related features that are coming soon for our products and how to take advantage of these features once available.

SCORM Cloud

Coming soon, SCORM Cloud will include the ability to delete learner data. How you use SCORM Cloud will determine how you are able to use this tool.

Invitation users

Soon, we’ll have a new user interface that allows you to delete a learner’s data from SCORM Cloud. This feature will allow you to delete all data that you have tracked regarding that learner. This includes:

  • Name
  • Email Address
  • Quiz & Assessment Data
  • xAPI Statements

SCORM Cloud API users

If you are using the SCORM Cloud API, you’ll find a new API has been added that makes the same delete operations available. Via the API, you can identify a learner ID (or xAPI Actor) and request SCORM Cloud delete all data about that learner from our system.

We will announce when each of these features are available in SCORM Cloud on our Knowledge Base. You can follow this forum for the latest news and walk-through guides on how to use these new tools.

SCORM Engine

The ability to delete learner data via new API calls will also be available within SCORM Engine. Your development team will be able to request, via the API, that learner information be deleted from the SCORM Engine’s database tables.

In the most likely scenario, you’ll want to make this functionality available to some privileged users through your own administration user interface; that’s what the Engine API is intended to enable.

We’ll be releasing this API enhancement as an Engine 2017.1 maintenance release. Additionally, we’ll be introducing a user interface for performing the same ‘learner delete’ operations as part of our Rustici Engine 2018.1 release. You can follow this forum to be notified when new Engine releases are available.

Long-term, you’ll definitely need to upgrade your Engine version; however, we recognize that some customers may be unable to perform an upgrade of their system quickly. We encourage you to reach out to our support team if you receive any requests before you’ve completed your upgrade and we will assist you with creating database queries that will allow you to manually delete a learner’s data from the Rustici Engine database for your particular Engine version.

Dispatch and Content Controller

Whether you use our Dispatch functionality inside SCORM Cloud, the integrated Dispatch application or Content Controller, you’ll be able to accommodate your customers GDPR concerns while still managing your content versions and licenses in a single place.

Based on collaboration with some of our customers, we’re adding the ability for our customers to make sure they aren’t tracking personal data for training when utilizing Dispatch or Content Controller to launch training through other LMSs. Customers will now have the ability to enable one-way hashing of learner identifying data captured through various learning standards. When this option is enabled Learner Identifiers and Learner Names will be hashed (SHA-256) in the learner’s browser before that data is transmitted to the application providing the dispatch package.

The latest release of Content Controller now includes this option. Contact us to get started with the latest release. SCORM Cloud Dispatch and the Dispatch option within SCORM Engine are coming soon. Follow the latest updates in our Support Forum for news on when this feature will be available in those applications.

Still have questions about how we can support your GDPR efforts?

If you have more questions about how these features work, when they’ll be available or how you use them please be in touch. If you believe you need a Rustici Software Data Processor Agreement (DPA) please contact us at GDPR@scorm.com.