At Rustici Software, the General Data Protection Regulation (GDPR) came at an ideal time for us to complete a self-review of our data privacy (see our official description of what we’ve done here). Our tools can be many things to many people, with each product having its own set of data privacy scenarios to think through. GDPR pushed us to take a close look at each of our tools, improving them as we found things that could be better. We began this process thinking we were doing everything already, only to discover ways to build better tools.
Our SCORM Cloud product was one of the first places we looked. Since its creation, SCORM Cloud has grown to launching over a million new courses each month. SCORM Cloud offers four ways to invite a learner to take a course, so we thought through GDPR implications for each. We’re grateful for our SCORM Cloud user base, who carefully considered our platform’s impact on their GDPR obligations and worked with us to get the right tools in place. The GDPR had an impact on each of these invitation methods.
These invites provide a simple link that allows easy entry to a course. We needed to provide ways to delete the information that this method creates. While SCORM Cloud does not capture much, we do capture First Name, Last Name, Email Address, Quiz and Assessment Data, as well as xAPI Statements. We determined that it was too hard to delete this data, when requested to do so. We built tools to make this data management and deletion much easier; we wanted to make it easier for our SCORM Cloud customers to manage the GDPR data deletion requirements. You can review these PII deletion tools here.
These invites provide a direct email to allow a learner to take a course. We also needed to provide ways to delete the information that this method creates. Again, while SCORM Cloud doesn’t capture much, we do capture First Name, Last Name, Email Address, Quiz and Assessment Data, as well as xAPI Statements. We determined that it was too hard to delete this data, when requested to do so and we built tools to make this data management and deletion much easier. You can also review these PII deletion tools here.
SCORM Cloud Dispatch:
SCORM Cloud API:
Many of our SCORM Cloud’s integrations are purely API based. In order to support these customers, a new API has been added that makes the data delete operations available, in order to help our customers meet their GDPR obligations. Using the API, you can identify a learner ID (or xAPI Actor) and request SCORM Cloud delete all data about that learner from our system. The developer’s documentation for our PII and GDPR learner deletion tools can be found here.
The cornerstone of our ability to help the eLearning industry “play nice” with one another has been our Rustici Engine. This application is relied on by hundreds of learning platforms and LMSs throughout the world. It was critically important that we provide tools within the Rustici Engine to help our customers more easily meet their platform’s GDPR obligations.
To sum it up