We helped a professional organization understand how their online testing platform would impact the privacy of test-takers.
At a glance
A professional association needed to evaluate how updates to their remote testing platform would affect their data privacy readiness and protect the data of test-takers. That’s why they contacted us.
When the coronavirus pandemic led to lockdowns across the country, a professional association faced the task of going virtual with its licensing exam, which had historically been administered in person. They had selected a platform for online testing, which incorporated anti-cheating features such as photo ID confirmation, computer lockdown during the exam, and remote proctoring that captures a continuous audio and video recording of the exam taker through their webcam.
When consumer advocacy groups voiced concerns over the platform’s data privacy risks, the organization asked us to conduct a risk assessment and make a recommendation on whether they should move forward with their chosen vendor.
Approach and solution
Our team evaluated the platform across three phases—pre-test, test day, and post-test—and five areas—technology, contingency planning, data privacy, security, and human factors. We developed risk protocols for each area and rated the platform’s associated risk.
When our assessment was complete, our client received a comprehensive report that included
• A summary of the risk discovered in each area as high, medium, or low
• Detailed documentation of the reasons behind each rating
• Our recommendation on the feasibility of the platform
Overall, we rated the platform as feasible, but with some serious reservations due to the risks we identified. We ensured the client understood the gaps that made it impossible to eliminate the data privacy risks involved in administering the exam remotely.
Value and benefits: “The Wins”
When the project was complete, our client had the insights they needed to make the right decision on their testing platform. They could approach their decision with the confidence not only that they could maintain their readiness for data privacy laws, but also that they were doing the right thing for their current and future members.