How Does Honorlock Protect Student Privacy?

Are midterm or final exams on the way in your online courses? Is your university or college normally on campus, but has migrated to distance learning due to the global health crisis? If the answer is yes to either of these questions, your students are likely to bring up concerns about their privacy when taking remotely proctored exams. We clarified many of these student privacy concerns about the privacy of students in a previous blog addressed to students, but are revisiting and extending our responses here for school administrators who may currently be researching online proctoring services for their institutions

Here are common questions about student privacy and our answers:

1. Is Honorlock FERPA Compliant?

Yes. Certain student information and records are covered by the Family Educational Rights and Privacy Act (FERPA). Institutions protect the information and records in accordance with FERPA privacy rights and other applicable laws. Honorlock is prohibited from using student data in any way except to carry out online exam proctoring services. The information transmitted belongs to each school.

2. Does Honorlock Sell Student Information to Third Parties?

No. Honorlock will never sell or monetize student data. 

3. Does Honorlock require that students provide a picture of a photo ID to verify their identity? Is this information saved/stored?

Honorlock does not require that students provide a photo ID, however, most academic institutions choose to enable this feature. Honorlock encourages the primary use of a University/College ID and that is what schools usually recommend. However, any photo ID that has an image of the test-taker and their name on it will work for the purposes of confirming and documenting that the student that is supposed to take the online proctored exam is the student that actually does so. Your information is protected in accordance with FERPA privacy rights and other applicable laws. Honorlock is prohibited from using student data in any way except to carry out online exam proctoring services. The information transmitted belongs to each school.

4. Does Honorlock monitor the test taker’s network and secondary devices?

Honorlock does not employ any technologies to allow the detection of secondary devices connected to a student’s local/home network used during the online test proctoring session. No agents or applications are downloaded to these secondary devices to initiate any type of surveillance activities. Other users connected to the local/home network during a student’s Honorlock online exam can process personal or confidential information at the same time without fear of the student’s Honorlock session monitoring or eavesdropping on secondary device activities. In addition, our software is not capable of intercepting local/home network communications from devices connected during the student’s session.

We do monitor the quality of the internet connection of the specific test-taking device to ensure its quality and to document the network connection stability during the proctored test, so as to be able to troubleshoot situations in which the test-takers internet connection becomes unstable.

5. What data is tracked/recorded from the web browser extension and how is it handled?

Our Chrome Web browser extension allows Honorlock to interact with the student and the exam content during proctored exams for online courses. This includes launching the webcam window and interacting with student behavior within the exam. During the proctored online exam, the following data is captured, analyzed, and stored:

  • Webcam video, including audio
  • Recording of desktop activity
  • Student information presented by the learning management system, such as student name, course number, exam name, etc.
  • Pages visited during the examination session
  • Specific student behavior that may indicate academic dishonesty, such as copy/paste into search engines

6. Who has access to student data?

Only appropriate school personnel have access to student data. Key staff within Honorlock will have access, if needed, in order to provide quality control and support for your instructors. Our employees are likewise bound to FERPA and privacy requirements.

7. Where does Honorlock store student data?

Honorlock uses an encrypted and secured connection during each online proctored exam. All videos and photos are stored on Honorlock’s proctored testing platform. All data, including photos and video, is stored in an encrypted format on isolated storage systems within Honorlock’s private cloud in Amazon’s AWS U.S. data centers. They are SOC 2 Type 1 and GDPR compliant. Your school owns the data.

8. Who monitors the test, artificial intelligence (AI) or live proctors? Who reviews the flags?

Honorlock’s AI monitors the test-taking. The AI automatically generates a flag if unusual activity is detected, such as another person entering the room. If unusual activity is detected, a live proctor is notified and will pop-in via chatbox. Once an online exam session is completed, instructors are able to review flagged recordings to determine if there was a possible academic integrity violation. Instructors make the final assessment as to whether a transgression has taken place.

Honorlock was created by students who wanted other students to be able to have the most convenient, least intrusive remote exam proctoring experience.

Sign up below to receive more resources for tips, best practices, white papers, and industry trends

Want to see our proctored testing process? Schedule a demo.

Alice Cifuentes

Alice has several years of marketing experience within healthcare and most recently in higher education focused on social media growth, tradeshow management, and communication. She is passionate about creatively navigating new challenges and discovering innovative ways to connect with educators.

Is a VPAT Enough? How to Reduce Accessibility Barriers for Students, Faculty and Staff

If you or your institution want to know whether a product such as online exam proctoring software is accessible for those with disabilities, either before or after you’ve settled on a purchase, you’ll be likely to be reviewing a VPAT.

The question will arise, “Who should be reviewing a VPAT?” Note that reviewing and evaluating accessibility documentation requires familiarity with accessibility standards and barriers. The expectation that this responsibility belongs solely to procurement staff, or to the faculty, or to the disability services office may lead to greater institutional problems.

What is a VPAT?

The Voluntary Product Accessibility Template (VPAT) is a document from a Washington-based policy group that provides a standardized reporting format for product accessibility conformance. The document format undergoes small modifications based on feedback from industry partners.

When the VPAT is used to report accessibility conformance of a product, the completed document is known as the Accessibility Conformance Report (ACR). The term ACR is more correct and represents the completed document. However, the term VPAT is commonly used to represent an ACR.

Just Compliance?

An institution of higher education may review products for conformance with accessibility standards, such as the Revised 508 Standards, as part of its obligation to ensure accessibility of information and communication technology, also known as ICT.  Two crucial steps towards ensuring accessibility compliance include:

  • Working with vendors to remove accessibility barriers identified in products, and
  • Developing plans to “Provide individuals with disabilities access to and use of information and data by alternate means that meets identified needs” (E202.7.2 Alternative Means, Revised 508 Standards).

Keep in mind, developing alternate access plans is about removing barriers that could otherwise cause delays for students, faculty, and staff with disabilities, as well as compliance. You can see how important these plans are when it comes to remote exam proctoring solutions. The last thing you want is to create obstacles or delays at exam time.

What is an Alternate Access Plan?

An Equally Effective Alternate Access Plan (EEAAP) describes what an institution will do when an ICT product does not meet its minimum accessibility standards. An EEAAP identifies how access to the product will be provided when a person with a disability were to use it by answering the following questions:

  • What is the access barrier?
  • Who is affected by the access barrier?
  • Who is responsible for the plan?
  • How will equal access be provided?
  • What resources are necessary to provide equal access?
  • When will the vendor remove the access barriers?

It is important to note that EEAAPs are general plans. Any qualified individual with a disability still has the same rights to request individualized accommodations through the institution’s reasonable accommodation process beyond what the EEAAP proposes. 

Consider a product with videos that are not captioned. The EEAAP may include a stipulation for using institutional resources to caption the current set of videos while the vendor builds in captioned videos to the next product update. This provision does not mean that an individual might not still request ASL interpreting when using the product.

College of the Desert’s EEAAP (opens PDF) and San Francisco State University’s EEAAP (opens PDF) are just two helpful examples of EEAAPs in use at colleges and universities around the country.

Accessibility Reviews

There are several options for accessibility reviews. The type of review for evaluating accessibility used by an institution may depend on the availability of information and institutional resources. Each review process provides different information and has pros and cons.  In all cases, incomplete or contradictory information will lead to questions for the vendor and may identify the need for alternate access plans.

Accessibility reviews include:

  1. VPAT review and taking the information at face value
  2. Product testing by staff familiar with accessibility
  3. Vendor product demonstration
  4. In-house product accessibility evaluation
  5. Third-party product accessibility audit
  6. User testing of a product by various users of assistive technology

You won’t be surprised that taking the information in a VPAT at face value when it has been self-reported by a vendor may not be the most reliable or accurate method of evaluating accessibility for a product. Then again, doing so is probably the fastest way to review a product, at least initially.

A VPAT review could take a few hours. Contrast this with the several weeks it could take to conduct an in-depth evaluation of the product or to contract a third-party to evaluate the product. While such evaluations could result in more accurate information, depending on the product, there could also be delays for all users or delays in providing alternate access to users with disabilities.

What to Look for in a VPAT

Simply having a VPAT available for a product does not mean the document includes usable information. The information in a VPAT needs to be relevant to an institution’s accessibility conformance review process.

VPAT Editions

There are four editions of the VPAT.  When an institution has adopted the revised Section 508 standards as its minimum accessibility standards for ICT, it is important to review the Revised Section 508 Edition of the VPAT.  Otherwise, the product accessibility information may be incomplete.

For instance, Section 508 standards apply to hardware ICT as well as web content.  If the VPAT WCAG edition for web content is used to report the accessibility conformance of hardware, information describing how the ICT meets hardware standards would probably be missing.

VPAT Version

VPAT 2.4 is the current version. Prior to version 2.0, the information in the VPAT will not reference the revised Section 508 standards. Therefore, the information may be incomplete and difficult to match up with the tools used as part of an institution’s process of evaluating accessibility.

Date Completed

Web content, as well as software and hardware products, changes regularly.  The accessibility documentation should be updated to reflect product development.  The VPAT should therefore be a recent report, from at least within the last 12 months.

VPAT Evaluation Methods Used

The VPAT should identify the evaluation methods used to complete the report. It should answer the questions:

  • What automated tools were used?
  • What manual evaluation techniques were conducted?
  • What browsers and assistive technologies were used?
  • And by whom?

Remarks and Explanations

Vendors report a conformance level for each success criterion. If the conformance level is “Partially Supports” or “Does Not Support”, the remarks should identify:

  • The functions or features with accessibility barriers
  • How the product does not fully support the criterion
  • A roadmap for the vendor to remove the access barriers
  • If the criterion does not apply, an explanation as to why
  • If an accessible alternative is used, a description of it

The roadmap or timeframe from the vendor for removing the accessibility barriers is not included in the VPAT instructions for vendors, but rather, it is information that institutions need to include in alternate access plans as part of Section 508 compliance.

Accessibility Review Example

Let’s consider the first WCAG 2.0 level A success criterion, 1.1.1 Not-text Content.  The first part of 1.1.1 states “All non-text content that is presented to the user has a text alternative that serves the equivalent purpose,” then lists specific exceptions. 

When a success criterion is complex, it helps to ask several questions that address all the requirements for the success criterion. This is part of the approach used by the Section 508 Trusted Tester Conformance Test Process Version 5.

  • Question: Does the accessible name and accessible description for a meaningful image provide an equivalent description of the image?

An equivalent description for a meaningful image could be provided in alt text for images or in other types of text alternatives.  For example, a link to an accessible table of data might be provided for a chart.  It is important to note that only a human can determine whether the description is equivalent.

  • Vendor’s answer: Supports; The product uses standard HTML and WAI-ARIA techniques to provide text equivalents for all visual elements. This includes the attributes “alt”, “aria-label”, and “aria-describedby”.

Results

The vendor states that text equivalents are provided for all visual elements. However, the vendor does not state how it was determined that the text descriptions are equivalent for meaningful images.

It would be helpful if the vendor described the process that is used to ensure text descriptions are equivalent.  Otherwise, images could have file names or nonsense text and still pass a test with an automated tool. 

In this case, the vendor states the product conformance level is “Supports” for the success criterion. Taken at face value, the statement indicates no need for alternate access. However, if the VPAT Evaluation Methods Used does not give the reviewer confidence in the vendor’s process, the reviewer might ask the vendor for clarification.

Conclusion

If this VPAT is being reviewed by taking the information reported by the vendor at face value, even though the conformance level for the success criterion reported by the vendor is “Supports,” alternate access may be needed. It will depend on what additional information the vendor provides or if other testing identifies accessibility barriers related to this success criterion.

Disability Justice

With most technology there will usually still be a need for accommodations for those with disabilities. This reality does not have to be a barrier for institutions as they meet their accessibility goals and obligations. Instead, each time an institution reviews ICT, including web proctoring software, that review can be a beneficial part of a collective effort to reduce accessibility barriers for students, faculty, and staff anywhere the product is used.

Accessibility & Compliance Blog

This blog post was written by Nicolás M. Crisosto, Accessibility Specialist. You can watch his webinar by clicking this link: VPATs, Accessibility Conformance Reports, and Developing Alternate Access Plans

Sign up below to receive more resources for tips, best practices, white papers, and industry trends

Want to see Honorlock in action? Schedule a demo.

Tess Mitchell

Tess has 20+ years of experience heading up corporate marketing teams in healthcare and higher education. She is passionate about thinking differently to lead teams to discover new and innovative ways to drive positive outcomes.

Student Privacy, Online Exams, and COVID-19

COVID-19 continues to impact higher education institutions

As COVID-19 continues to impact the US, colleges are rapidly moving to online learning—an abrupt and jarring transition for many students and faculty. In some places, all courses will be offered online and most colleges and universities haven’t decided if courses in the future will also be online-only. So, what does this mean for students?

For those of you who are already learning online, very little about your schooling structure has changed. However, for students who had intentionally chosen an on-the-ground, in-person learning experience, this might feel like quite a loss. Not only are you being asked to learn new technologies and maintain your grades during a global pandemic, you’re probably missing the on-campus connection with faculty and classmates.

Get information about quickly implementing online proctoring if your institution is transitioning to online learning related to COVID

Set Up Proctoring in 2 Days

Online Learning: The Practicalities

In addition to processing this entirely new dynamic, you probably have some logistical and privacy concerns as you make the switch to online learning. We don’t blame you—learning a new technology is challenging enough in itself without the additional pressure of doing it overnight. So, we want to take some time to ease your worries and help you understand how Honorlock collects and uses your data.

For starters, we want you to know how seriously we take student privacy online. Honorlock was founded by college students—we get the worries and frustrations that often accompany online learning, and our goal has always been to make those things better.

One of the ways we do this is by maintaining a commitment to honesty. We understand why you might have some concerns about using our platform, so we want to be completely open about what information we collect from you, how we collect it, how (and how long) we store it, and how we use it. So, without further ado, let’s take a look at what Honorlock asks from you, how that compares to other proctoring services, and what else you need to know about protecting student privacy online during exams.

What Information Does Honorlock Collect?

You’re probably wondering what this all means on a practical level. What, exactly, does Honorlock gather during your exam? The short answer is that we gather as little as possible.

  • Using our Chrome extension, we gather your IP address
  • Using your school’s LMS, we also gather your name and email address
  • During the exam, we capture a screen recording and a webcam recording
  • To verify your identity, we’ll also ask you to take a photo of yourself as well as your student ID

That’s it.

You won’t be required to create an account or password—everything about our online proctoring system can be accessed through your LMS. We also don’t access your webcam outside of your exam—as soon as you’re done testing, we stop using it. And, as always, if you continue to be concerned, you can just uninstall the extension and reinstall for your next exam.

The data we collect is for the sole purpose of verifying your identity and ensuring academic integrity. We’ll never sell or share your data and, after 12 months, it is purged from our system. Plus, while we have it stored, we make sure it’s encrypted and secured—everything at Honorlock meets industry standards with AES-256 block encryption. Also, as an AWS partner, Honorlock follows federal NIST 800-88 guidelines for proof of data/drive destruction.

Does Honorlock Have Access to Mobile Devices or Detect Phones?

You may have heard that Honorlock can detect the use of cell phones and other secondary devices.

Here’s the real deal: we do not have access to your mobile devices.

It’s true that our system can create and send alerts if you attempt to search for answers, but those alerts are based on the sites you might visit—not your device. We never have access to your mobile device’s operating system or information—not during your exam and not at any point after.

Does Honorlock Sell My Data?

We do not sell your data. You may have concerns about student privacy online and data security, but don’t worry, Honorlock has you covered.  We only share your data with your educational institution and delete it per school policy.

Using Honorlock’s Online Proctoring System

We know that for many of you online education wasn’t part of the plan. Our goal is to help you make the best of a challenging situation. As you adjust to using Honorlock’s online proctoring system, please don’t hesitate to reach out to our support agents with questions—they’re here for you 24/7/365.

We wish you all the best as you transition to online schooling during the pandemic and will be cheering you on as you finish your semester!

Set Up Proctoring in 2 Days

Sign up below to receive more resources for tips, best practices, white papers, and industry trends

Want to see Honorlock in action? Schedule a demo.

Read more relevant articles

successful-online
Instructors-Guide
Comparing-Online

Alice Cifuentes

Alice has several years of marketing experience within healthcare and most recently in higher education focused on social media growth, tradeshow management, and communication. She is passionate about creatively navigating new challenges and discovering innovative ways to connect with educators.