GDPR: Personally Identifiable Information

One of the biggest promises of online learning is the potential to create truly data-driven learning experiences. But this same potential also creates ethical grey areas around the acceptable uses of learners’ data inside and outside of the learning experience. With the implementation of GDPR on May 25th, this grey area is increasingly legal too.

As a company, we have always taken the ethical side of education very seriously. While we are a registered for-profit company, we are also a B corporation and will always put our social mission before profit. This has made it easy for us to treat learner data correctly.

As part of our effort to be compliant with GDPR and transparent to our users, I wanted to share some of the principles we live by when handling data:

1. Require as little Personally Identifiable Information as possible.

To take a course with us, we require you to register an account with us. At that point, you must provide us with the following information:

• Your name (you could use a fake name)
• Your email address (you could use a throwaway account)
• A username
• A password

You will also have to opt in to accept our Terms of Use and Privacy Policy. You can optionally choose to receive marketing emails from us.

We never require users to provide us with demographic information or other such data without their explicit consent. We strive to make it clear that providing such data is not required for completion of a course.

2. Your data is your data.

While we use data from our learners in aggregate to better identify valuable resources, learning patterns, and generally improve our course experience, we ultimately realize that any data a learner generates is their data. While we already let learners export their own data by emailing us at support@techchange.org, we are working on automating that process so that learners can export that data whenever they want.

Whereas many companies treat the data of its users as their property to use how they want, we understand that we are privileged to be able to learn from that data and improve our own course experience.

This means we will never sell your data and will always make sure you have the ability to access your own data.

3. Keep your data safe.

To us, data security isn’t just a box to check, but rather a fundamental underpinning to our business. We will always do our best to make sure your data is safe by following industry standards for data security and constantly looking to improve our own practices.

These are just a few of the ways we work to keep data safe:

• If we share your data with a third party, it is solely for the purpose of providing a certain service and we only share the bare minimum information possible. We will always vet those third parties for their own safety measures. You can read more about some of the third parties we use here.
• We provide direct access to databases and servers only to essential staff members.
• We encrypt our databases so that, even if a server is compromised, your data is still out of reach.
• We don’t keep all of our data in one place. Even if one of our databases is compromised, this does not mean all data is compromised.

If we ever find out that there has been a data breach, we will contact our learners as soon as possible and take all available steps to remedy the situation.

Want to learn more? We have an additional resource here that is available if you want to learn more about how we handle data at TechChange!