Sensibility Is Required

Data security when learning with xAPI

Thomas PilzKühlungsborn, December, 2014 - The company " eG" deals with a variety of eLearning issues, but its focus is on eLearning software that provides data security. With, its own version of the Experience API, the company completes its offerings of "unite" education, making available the most comprehensive and secure eLearning package in Germany. According Thomas Pilz, xAPI software developer, with the right technology, it is possible to collect large amounts of data in eLearning and to use it in a safe, responsible way.

What are the biggest mistakes organizations make in the realm of data storage?

Thomas Pilz: Most organizations prefer to give the bottom line of their balance sheet priority over security. Systems, however, frequently combine a variety of tools and data storage. End users, e.g., the learners, usually don’t know that thanks to inexpensive cloud hosting, their data ends up in places that are known for low standards of privacy specifications. In general, there is a lack of understanding of and appreciation for a high-level of data security.

Some of the systems in use today implement an additional security layer, such as "two-factor authentication" (2FA), which that requires an additional one-time password for each login. 2FA Security is not the "Holy Grail" in terms of security, but it provides added protection and is very easy to implement. Unfortunately, many organizations fear the higher costs, although greater customer security can be achieved for only a few cents.

The combination of penny-pinching and complacency in regard to storage is fatal and the greatest threat to data security and privacy.

What impact can this have?

Thomas Pilz: In the worst case, all stored data, such as an organization’s or eLearning institution’s sensitive user data, as well as the know-how related to sensitive research and product data, can be hacked and scattered to the four winds. If a particular learner’s learning outcomes would get hacked, the damage would be limited - but even this should not happen!

Consider the following scenario: Corporation X at University Y uses an LMS with a built-in authoring or content-creation tool. The software application is provided by a US company with a US-based cloud service. This would mean that the data of every user or learner could be compromised and made accessible to intelligence agencies around the world.

Or Corporation X trains its employees with the aim of improving product quality or sales. By undertaking this process, Corporation X begins to store sensitive data, which basically are its "secret ingredients". Sooner or later, this can lead to loss of its advantage over the competition. Or even worse, the company could lose the results of all its efforts in research and development!

University Y deals the same way with its learning content and projects related to its latest high-tech inventions or medical research. Usually, high-profile faculties are sponsored by industry or work together with or on behalf of a sponsor, i.e., they create and test new methods or products. In this case, the university’s scientific expertise is exposed and the industrial partner’s investment placed at risk.

How does xAPI help to solve these problems?

Thomas Pilz: xAPI is a tool that collects data from all types of eLearning sources. What protects the data is the technical context in which xAPI applications are used because of the way the xAPI-compliant content is created or administered in the authoring tool or LMS. For the user, the deployment of xAPI is like having a personal data safety-deposit box.