Proctorio Blog Proctorio Blog

Our Commitment to Protecting Your Privacy

Last week in a 5-0 vote, the FTC sent the strongest signal yet that they're moving more towards national regulation of edtech companies. Here at Proctorio, we say it's long overdue.

Online proctoring began as an accommodation. It was an alternative path for students who needed a different test taking environment. When the pandemic hit, seemingly overnight every academic program turned to remote proctoring services to keep their students on the road to graduation.

This meant exponential growth. Many proctoring companies saw huge increases in revenue. Proctorio was no different. But unlike some of our competitors, we never got into the secret side business that has tempted so many technology companies.

"Data is like oil" started showing up in pitch decks over a decade ago. Offer a product that requires a bunch of personal information to use it, collect all that information, package it up and sell it back to interested third parties. Think consumer packaged goods companies. Think multinational advertising firms.

Think Cambridge Analytica.

Like early prospectors drilling for oil, tech companies have scraped every last inch of our digitized lives for information. It's why you keep getting emails from stores you've never shopped in, calls from candidates you'd never vote for, and online ads for that pair of shoes you looked at once before moving on.

Here at Proctorio, we saw the effect of oil on the natural landscape and decided we wanted no part of data's effect on our digital one. That's why we don't collect things like names, email addresses or social security numbers. We don't need that to administer a test. Only the university or institution has access to a student's information. If we ever were to suffer a breach, it'd be like a thief breaking into an empty vault.

I heard it put best the other day. If you don't need an email address from your customer to deliver a service, then why would you collect it? A competitor of ours experienced a data breach during the pandemic and nearly 500,000 students had their personal information exposed. This was more than just emails, too; this was names and addresses. A data breach this year affecting over 800,000 students has led to a ban on an edtech software company by the entire New York City Department of Education. Why was that information just lying around? We can do our job without collecting this personal information. Why can't our competitors?

Here are two answers. It's not easy and it's not cheap.

Instead of just checking a box, all our privacy certifications are audited by outside parties for accuracy. We first reached out to IKeepSafe in 2015 and remain a partner with them to this day. We don't collect names of our users or what courses they're taking so our marketing expenses are higher. We don't log full IP addresses. We bought our own font so we wouldn't have to use Google Fonts because, guess what? Google tracks users through theirs. We don't have cookies or ad trackers on our website.

Speaking of which, if you go to themarkup.org/blacklight and type in any website's address, it'll tell you how many ad trackers and third party cookies that site has contracted with to share your information. Proctorio has 0 ad trackers and 0 third party cookies. We typed in a few of our competitors. One had 4 ad trackers and 8 third party cookies. Another had 6 and 11. Another had 11 and 29. The FTC has said our industry is dominated by a commercial surveillance business model. They're not wrong.

But we're doing something about it.

This new move by the FTC is based on the Children's Online Privacy Protection Act of 1998 out of California. In our industry, we call it COPPA. It's an important piece of legislation that regulates the actions of websites and online services to protect the privacy of children under the age of 13. We've been certified in compliance with COPPA since 2016.

In addition to this new national legislation, California is pushing ahead with its own bill in the State Senate, SB1172, which specifically targets the online proctoring industry. This bill, introduced by Senator Pan, is seeking to impose civil penalties on companies that illegally harvest and resell the private information of test takers. As we learned in The New York Times last week, one of our competitors sends student data to Amazon. Proctorio has come out in full support of the bill. We'll be working with the bill's sponsors to make the language more strict. This might seem like a strange move on our part. We don't think so. Bad actors in our field make it harder for the rest of us who are trying to find scalable and sustainable solutions to bring education to more people around the globe.

If events of the last week have taught us anything, it is that protecting children in an academic environment is both difficult and dangerous. It's also necessary and worthy. People always say education levels the playing field even if the costs keep going up. Getting your degree has never been more expensive. It shouldn't also cost you your privacy.

Related blog posts

June 25, 2021

PRIVACY & SECURITY

Proctorio achieves ISO 27001:2013 Information Security Certification

April 14, 2021

PRIVACY & SECURITY

Proctorio becomes SOC 2 Type 1 compliant proctoring provider

November 01, 2020

PRIVACY & SECURITY

Enhanced encryption and security features for Fall Semester 2020

October 06, 2020

PRIVACY & SECURITY

Why Proctorio requests certain browser permissions

August 16, 2020

PRIVACY & SECURITY

Why Proctorio does not use facial recognition

August 15, 2020

PRIVACY & SECURITY

How Proctorio approaches data security and test-taker privacy