Setting the Record Straight: Unraveling the Truth About Privacy

In an age where misinformation spreads like wildfire, discerning truth from fiction is more crucial than ever. One of the most pervasive challenges we face in the digital realm is the unchecked spread of false information by individuals who, often without proper research, share and perpetuate misconceptions.

This article is part of our ongoing series, Setting the Record Straight, where we tackle and dispel some of the most widespread myths about Proctorio. Today, we focus on one of the most critical aspects of our service: privacy.

Privacy at the Core of Proctorio’s Mission

Privacy isn’t just a buzzword at Proctorio; it’s the bedrock of our mission. From our inception in 2013, we’ve been unwavering in our commitment to developing software that prioritizes user privacy. In an increasingly digital world, where data mining and the theft of personally identifiable information (PII) have become rampant, we understand the importance of protecting our users’ data.

A 2019 study by the Pew Research Center revealed that over 60% of Americans believe it’s nearly impossible to navigate life without having their data harvested. Additionally, 79% expressed significant concern about how companies utilize the data they collect. These concerns resonate deeply with us, and our dedication to safeguarding user information has never been stronger.

Robust Security Measures: A Commitment to Transparency

At Proctorio, we use end-to-end encryption to ensure that even we, along with any third parties, cannot access sensitive information like your name, email address, or IP address. This commitment to user privacy is further underscored by our partnership with A-LIGN, a leading third-party auditing firm. After a rigorous, multi-step review process, A-LIGN awarded us the ISO 27018:2019 certification, an extension of our existing ISO 27001:2013 certification.

Proctorio was the first remote proctoring service to achieve ISO 27018 certification. Together, these certifications demonstrate our adherence to some of the highest standards in data security, comparable to the General Data Protection Regulation (GDPR) in the European Union.

But what do these certifications mean for you, the user? Let’s break it down:

1. SOC 2 Compliance: The SOC 2 (System and Organization Controls) cybersecurity audit evaluates a company’s security, availability, processing integrity, confidentiality, and privacy. By achieving SOC 2 compliance, Proctorio ensures that your private data is well-protected, exceeding the minimal security requirements often accepted by other institutions.
2. ISO 27001:2013 Certification: This international standard certifies that our information security management system (ISMS) effectively safeguards data confidentiality, integrity, and availability. It’s a testament to our systematic approach to managing sensitive company and customer information.
3. ISO 27018:2019 Certification: Building on ISO 27001, this certification specifically addresses our cloud service’s ability to manage personally identifiable information (PII). It adds 25 privacy and security controls that further enhance our data protection measures.
4. GDPR Compliance: GDPR is renowned for being one of the most stringent data protection regulations globally. Proctorio’s compliance with GDPR ensures that user PII is not misused and that data transfers are strictly regulated to prevent unauthorized access.
5. VPAT Compliance: Proctorio goes beyond the standard requirements by partnering with Deque, a third-party auditor, to assess our software’s accessibility. This process ensures that our platform meets high standards of digital inclusivity, verified through our Voluntary Product Accessibility Template (VPAT).
6. iKeepSafe Certification: We also work with iKeepSafe to verify our compliance with key industry standards such as the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), and the Student Online Personal Protection Act (SOPIPA). In Canada, we comply with the Freedom of Information and Protection of Privacy Act (FIPPA) and Alberta’s Freedom of Information and Protection of Privacy Act (FOIP).

Ethical Oversight and Continuous Improvement

To further bolster our security measures, we engaged HackerOne in 2020, a team of ethical hackers tasked with identifying potential vulnerabilities in our software. By proactively addressing these weaknesses, we ensure that malicious actors never have the opportunity to compromise our users’ sensitive data. Our ongoing collaboration with HackerOne is just one of the ways we maintain the highest standards of data security.

Working with reputable third-party auditors such as A-LIGN, Deque, iKeepSafe, and HackerOne not only holds us accountable but also provides objective verification that Proctorio consistently surpasses industry standards for privacy and data security.

Addressing the Myths: Proctorio’s True Commitment to Privacy

Despite our rigorous privacy practices, a small but vocal group of critics has attempted to associate Proctorio with companies that engage in questionable data practices. These allegations are baseless and entirely contrary to our values.

Proctorio’s dedication to data security and user privacy far exceeds both industry requirements and the practices of our competitors. Our motivation stems not from regulatory pressure or competition but from our genuine commitment to protecting our users.

For instance, Proctorio never uses invasive cookies or makes misleading claims about enhancing your online experience. We even developed our own font and video player to prevent ad companies like Google from tracking users on our website.

When we say that we are committed to your privacy, we mean it. If you’re still not convinced, we encourage you to review our comprehensive privacy policy.

Stay tuned for the next installment of Setting the Record Straight, where we’ll debunk another common myth about Proctorio.