privacy

5 Tips to prevent your webinar being hijacked

As large numbers of people turn to videoconferencing or webinars to stay connected during the COVID-19 crisis, reports of hijacking (also called “Zoom-bombing”) are emerging worldwide. Here are 5 simple tips you can use to help prevent digital bullying or inappropriate content being shared.

prevent webinar hijacking

5 Tips to protect your webinar, created by Tracie Regan, all rights reserved

student logins, shared emails and student privacy

Email

Email

Not every student has their own email, for various reasons.   This may include:

  • student is not a regular computer user and is accessing the course from a friend’s account;
  • student’s workplace is coordinating the enrollment and provides one contact email address;
  • it is a small workplace and they don’t have unique emails.

But, as a registered training organisation (RTO) have you considered whether using a shared email complies with your responsibilities to keep the student’s records, progress and results confidential?
Think about it. Your online course welcome message may include login details, including a password to your no-longer-secure learning management system, all course progression messages may be linked to an email and assessment feedback sent via email.

Your confidence in assessment submission authenticity is weakened as you can’t be sure who really submitted that work, and unless you have face to face contact with the student or build an online profile for the student’s digital identity, any determination could be reasonably challenged.

I would recommend:

  • Help the student create their own email using a free account and provide basic support until the student is confident in accessing and responding to emails.  Students can usually use computers at the local library if they don’t have one at home.

If your student does need to use a shared email,  you should also do these four things:

  1. Ask the student to sign an Authority to Release Information form giving permission for the shared email owner/s to see their online participation records.
  2. Change your assessment strategy to include a signed Declaration of Authenticity for assessment submissions (similar to the process followed for posted assessment submissions)  You may need to strengthen your assessment to include on off-line task.  This is reasonable adjustment to maintain validity.
  3. Ensure the online teacher/assessor includes ‘This message is for student xxx’ in any emails so that the receiver is prompted to pass on the message.
  4. Change your facilitation strategy to include more student contact so that the assessor is confident who is submitting the final work.  This means more regular phone calls, perhaps trying out a video or web cam session, visiting on site if possible, or inviting the student into a face to face class.

Protecting your students’ privacy in an e-learning course

The age of lugging heavy text books around is now quickly being forgotten(thankfully!) and bright publishers are investing on their own learning management systems (LMS) as a way of managing copy risk, tracking e-resource use and collecting statistics for future development.

Examples:

Most Training Organisations have also embraced e-learning and have their own preferred LMS (ie. Moodle, Janison, Blackboard).  We use our LMS to track student enrolments, participation in study, identify problems in learning, track assessments and interactions.  This all helps us in meeting our audit requirements.

HeinzIn a perfect world we would all have either a Windows or Mac version of e-books and LMSs, but no, there is a Heinz variety out there.

And not many ‘talk’ to each other. 😦

resource wheelThe other problem is the re-invention of the resource wheel.  If you can’t access a resource already prepared (often at high cost) you need to develop your own (often at higher cost) and protect your own copyright (or, here’s a new concept – share!)

Resource difficulties aside though, the other issue is the handling of our students’ personal information.  As an avid LinkedIn member, this week the issue of protection of personal information really came to my attention with the ‘leak’ of millions of members’ passwords:

http://www.smh.com.au/it-pro/security-it/millions-of-linkedin-passwords-posted-online-20120607-1zx91.html#ixzz1x4owF0iz 

If we are using a learning management system outside of TAFE we need to ensure the students are advised of this in the course fact sheet and again in the actual course (that their information is being shared with a third party and why (i.e. to receive a login to the learning). Then we need to carefully structure the lesson plan, to bring the learner ‘back’ into our LMS for consolidation of learning and assessment tasks.  Facilitating the learning on someone else’s LMS is another discussion 🙂

The other consideration we need to be mindful of is whether the non-TAFE server that houses this personal data is stored in Australia or not.

For one course we recently put togther with another provider, I followed the Cloud Computing and Privacy Infomation sheets available from http://www.oic.qld.gov.au/information-sheets to advise our students accordingly and restrict access to course material unless the student acknowledges and accepts this disclosure (see below image).

privacy declaration

privacy declaration

Who else wants to know?

There are other reasons when you will need to advise your student of your intention to share their private information.  It could be simply that an employer has paid for a course and wants to know whether his employee has completed the studies successfully (or not).  Unless the student is signed up for this study under an Australian Apprenticeship an employer (or anyone else for that matter) doesn’t really have the right to know enrolment details or results unless the student agrees or provides this advice personally. An example below is from our Fluoride training program where successful training is a reportable regulatory compliance item.

Privacy Fluoride

Privacy Fluoride