Answers

What are Respondus Monitor’s privacy policies regarding student and client data?

The privacy policies by Respondus Inc. seek to ensure the protection of private data collection and uses. Respondus Inc. does not lease, trade, sell, or reveal any of an individual’s particular information to any person except as described in the policy. Respondus Monitor is a companion product for LockDown Browser, which allows learners to self-record themselves while taking an online exam using a webcam and microphone.

Before the use of the Respondus Monitor, students must agree to the student terms of use. Moreover, an administrator must agree to the institutional terms of use at the licensing institution before allowing the use of the Respondus Monitoring apparatus in the LMS (Learning Management System).

Where does Respondus Monitor store student data?

Using the Respondus Monitor will require individual student activity to be recorded, both audibly and visually, during the online assessment sessions. Respondus Monitor will also record other data linked to the student’s activities during the assessments, such as time taken by a student to answer specific inquiries on an assessment, etc.

In General Data Protection Regulation (GDPR) terms, the Respondus Monitor service is a “processor” of personal information. The “controller” of the data is the licensing institution, which could be a college that gathers and processes the personal data. Respondus Monitor provides the technology for keeping and analyzing the data, but the control of the actual data is undertaken by the licensing institution. As the data controller, the institution lends the right to reveal any data or information about a person or any other user. This process is usually essential where there is a need to comply with a governmental request, law, or regulation.

Respondus Monitor does not require the students and faculty (the main users) to have an account because the Application Program Interfaces (APIs) encompass “single sign-on” abilities needed for authentication aims. Respondus Monitor uses APIs from the Learning Management System (LMS) to represent personal data like grades in the application. By using the APIs from the LMS, the information is gathered in real-time, and the Respondus Monitor does not process or store it.

How long is student data stored?

Respondus Monitor has a default retention period of five years. The licensing institution can alter the period of data retention by request (such as a year). When an institution ends its Respondus Monitor license, it may request for immediate deleting of user data. Alternatively, the retention of data will be dependent upon the time period an organization is allowed to regain access when they reinstate their Respondus Monitor contract.

How is student data secured and protected?

In line with the examination framework chosen by the instructor, students may be required to show an identification card to the web camera, which will take a photo. There will then be a safe transmission of the photo using https that will be taken to the Respondus Monitor server and then kept in an encrypted form within it. Respondus Monitor does not engage in additional processing or assessment of that data.

Who reviews students’ private information?

Only instructors, teaching assistants, and LMS managers can view the video sessions in conjunction with students’ identifiable information. A summary report of every assessment session is available to the instructor which includes the total user assessment time, when a question in the exam was answered, where there was an internet disruption (if any), and situations where other people were seen in the scope of the camera view. A general figure is produced for an examination session, which assists the instructor in finding the risk of occurrence of exam violations. Respondus Monitor applications generate these analytics automatically.

Why is Respondus Monitor only available as a hosted service?

Amazon Web Service (AWS) is the host for Respondus Monitor. AWS offers a strong security and control setting that encompasses the “SOC 1 (SSAE 16/ISAE 3402), SOC 2, SOC 3, PCI DSS Level 1, ISO 27001, FIPS 140‐2” certifications. AWS provides an environment compliant with the requirements for higher institutions of learning. AWA was also selected for scalability and performance.  

There is continuous monitoring of servers for metrics on health and performance with added servers or those removed automatically to sustain a regular level of performance regardless of load or individual server failures. Another reason for selecting the implementation of AWA is the cost. The support and development expenses are substantively decreased by supporting one architecture and framework.