Participant Privacy And Confidentiality

Student Success considers the privacy and confidentiality of those taking our programs to be of paramount importance. Our Clients are generally schools, universities, and organizations. Participants are generally college students, or faculty/employees. To that end, we have built layers into our programs to ensure the Participants’ privacy.

Participants Are Informed

Participants are informed about our privacy policies up front. Prior to beginning our programs, each Participant must acknowledge our Privacy Statement and accept or decline our Consent to Research Statement.

Participants May Opt Out

Individual Participants can choose to opt out of our research, which means that their de-identified data will not be included in our aggregate research. Student Success will not know which students opt out of research so that there can be no negative consequences. In addition, a Client may opt out of our aggregate research in its entirety, meaning that all of the de-identified data for that Client’s Participants will be excluded.

We Collect Limited Identified Data

Student Success collects only limited data that is identifiable to a Participant. Participants generally provide their first and last name, gender, year of study, email address, and at the discretion of a Client, a student ID. Student Success also has access to an identified pre/post test score, and when and whether the participant has completed the program (and if doing so required a re-take). A Participant might also include a phone number at their choosing if they send a help request regarding login issues, lost passwords or other technical problems. All other information is de-identified. Clients may add questions to the identified report but sensitive questions will be rejected by Student Success or included only in the de-identified data. Participants enter the program initially with a provided access code, but then create their own password to continue the program.

Protections On De-Identified Data

Student Success collects additional data that is de-identified so that it cannot be matched with a particular Participant. Such questions include demographic and behavior-related questions, factual questions about material within the program, and program evaluation questions. Any sensitive questions include a “Prefer not to answer” option. All Participant answers to demographic, pre/post test and evaluation questions are kept in a database separate from Participant name and any other identifying information. The removal of identifiers is performed as the Participant enters the information so at no time are their specific answers coupled with their identifying information. Also, any question(s) may be removed at a Client’s request.

Technical Security Information

Our contractual obligation (agreement with a Client) includes our commitment to the confidentiality of all Participants and the anonymity of Participant answer-specific data. Similar to hard-copy data protection, all identifying information is separated from the answers to specific questions (except those already identified above). The records are combined electronically via a 3rd key file. All records are encrypted so as to be useless even were someone to gain access to the system. Below is information about the technical security that protects the data.

Browser/Sever Technical Design

All implementations of the Student Success system consist of two components: a “front-end” (which is the interface-the end user sees in their web browser) and a “back-end” (which is the application logic and data repository). The front-end is a similar to a dumb-terminal, such that although questions are asked and answered via this interface, no data is ever stored on the front-end (i.e. the web browser or the end user’s computer). These front-end components run a custom web application built using web technologies (e.g., HTML, JavaScript and CSS) that has been designed to securely connect to Student Success’s back-end. The connection between the front-end and the back-end is secured with 256-bit TSL encryption (i.e. https), and user authentication is required to establish the connection. A Cicso firewall sits between the back-end server and the wider Internet, with only the minimal ports open (80 and 443). Additionally, a web application firewall (WAF) operates between the back-end server and the wider Internet. This WAF monitors all traffic and automatically blocks any suspicious traffic. The back-end server is running Red Hat Enterprise Linux OS, Apache web server and a MySQL database server, with a secure certificate for encryption. If a connection between a front-end browser and the back-end server has become inactive for a period of time, the connection is terminated and the client must re-authenticate. All sensitive files and data on the backend are stored in an encrypted format. The database is encrypted using AES 256. The system servers reside in a facility that is certified SSAE 16 / ISAE 3402 compliant (including SAS 70 compliance). All files (programming code) and data on the back-end are backed up to tape nightly, and backups are retained for 30 days.

Limited Reporting

In addition to the security provided by the Client/Sever technical design, we also have a feature designed to prevent a Client from uniquely identifying the personal data from any individual Participant. For each Client (e.g., each school), an administrator is provided with access to an online portal that provides information about that Client’s Participant’s progress. The administrator has access to a Progress Report, which includes Participant-specific information as discussed above. They also have access to a raw data report that includes all of the de-identified data. The de-identified data does not become available to the Client until at least 100 men and 100 women have completed the program. In addition, each time the full raw data report is opened the information is randomized. These protections ensure that a Client is not able to review the Participants that have completed the program each day and try to match it up with data in the raw data report, thereby identifying the personal data from any individual Participant. Should a Client not meet the 100 men and 100 women minimum, they are not provided access to the raw data until after all Participants have completed the program, and if the number of completions is still too low at that time, either the demographic data is removed from the raw data file altogether or with very small populations, the raw data is not provided at all at.

Data Provision and Usage

As indicated above, each Client receives a progress report with identification and tracking information for each Participant as well as a raw data file with no identifying information with safety measures to avoid the ability to connect these two sources. These reports are provided in CSV or excel formats (both easily exported to other database types). Clients may choose to use their data in any way they determine. Student Success maintains an aggregate file of all Participants who consent to research (from all school clients). Currently, we pull each individual Client’s raw data and provide an aggregate report of summary statistics for each individual Client (they only receive their own aggregate data) and it is not shared with any other entity. We also use the full aggregate report for all of our Clients to create an aggregate report of summary statistics; no individual Participants and/or Clients are referenced in that report. In fact no Participants are ever identified in any reports, and a Client name is only identified to the extent that its name appears on its own individual school report.

Third Party Websites

Our programs may contain links to other websites not owned or operated by Student Success. These are typically external resources that are provided or specified by our Clients. We are not responsible for the privacy practices of such third party websites or services.

Communication

Certain programs may include the ability to send emails to Participants. Sending of such emails is only done at the request of the Client. These emails would include reminders, follow up information or follow up questions.

Tracking Cookies

A cookie is a piece of data stored on a Participant’s hard drive to track the Participant after he or she has logged into the program. Our programs use cookies for short term tracking of Participants within the program. The cookies store technical information so that the Participant remains logged in while they access the program. The cookies never store any personally identifiable information. No cookie data is ever retained, and cookies are never used for any purpose other than facilitating the Participant’s progress through the program. All cookies expire shortly after the Participant exits the site.

Collected Technical Information

While a Participant is accessing the program, their computer and Internet browser provides information about its configuration. This includes browser type and version and the computer operating system. This information is aggregated and reviewed to help us better understand the technological makeup of all Participants so we can improve the functionality of the program (such as ensuring support for older browser versions). This technical information is not stored for individual Participants.

IP Addresses

IP (Internet Protocol) addresses are collected for the purpose of analyzing aggregate traffic statistics. An IP address is not unique to a given computer, but rather, to a given Internet connection. We cannot determine where a Participant lives, and we do not make any attempt to trace the identities of the Participants. We use this information to determine if a large number of Participants originate from a given organization or ISP (Internet Service Provider, like America Online or Earthlink). IP information is aggregated and reviewed to help us better understand the origination of all Participants so we can improve the functionality of the program (such as utilizing video distribution methods in multiple geographic locations). This IP information is not stored for individual Participants.

Tracking Technologies We Don’t Use

We do not use any tracking technologies other than those stated above. We do not use local shared objected (commonly called Flash cookies or LSOs), pixel tags (also called clear GIFs or web beacons), third-party cookies, or any other tracking technologies.

Outside Relationships

We do not accept advertising or sponsorship from outside entities. We do not share or sell any information or data gathered or derived from the Student Success programs with any third party vendors or affiliates. We do not create, select, influence or deliver content based upon relationships with outside vendors or business partners. If we do employ independent contractors or vendors, we never share any identifiable information with them.

We do contract the development and hosting of the Student Success software to an outside vendor, Flipside Media. We have a business associates agreement with Flipside Media that ensures that the same level of privacy and protection as elaborated in this document is adhered to by Flipside Media.

Children’s Privacy

Student success does not allow participants under the age of 18 to consent to research. However, such participants may still complete the program unless clients request otherwise.

Client Privacy

Student Success does not publish its client list nor sell it to third parties. We may provide a client list in response to inquiries from prospective clients. We do not share client contact information without their consent.

FERPA

Student success agrees that it and its clients are subject to the Family Educational Rights and Privacy Act (“FERPA”) and to that end agree (a) they are each providing educational services to the other that they would otherwise have to provide for themselves using faculty and staff; (b) each party has a legitimate educational interest in the student education records disclosed under this Agreement; and (c) NFORMD.NET agrees to be under the direct control of User with respect to the use and maintenance of information from student education records. Any Party, including a “school official,” that receives student education records acknowledges that the student education record is confidential and may use the information only for the purposes for which the disclosure was made. NFORMD.NET may not re-disclose the information to any third party without prior written consent from the student and client. Student Success works together with clients to share student education records in a manner that best assures the protection of student education records from disclosure.