March 31, 2021
Paid stand-ins. Forbidden cheat sheets. Stolen test answers.
As demand for professional credentials grows, so has the volume of test-takers. Unfortunately, cheating on exams and theft of valuable intellectual property have spiked in parallel. To clearly identify test- takers, test providers often use advanced technologies like ID verification and biometrics to enhance security.
Though sensible and often increasingly necessary, these techniques nevertheless introduce data privacy concerns; in particular, how test-taker data is being used, stored, and protected. This leaves test providers with a difficult balancing act: finding ways to thwart the cheaters and protect the integrity of the testing environment while still adhering to local, regional, and national data privacy laws protecting test-takers. And those laws are getting tougher all the time.
Virginia strengthens its privacy stance
Earlier this month, Gov. Ralph Northam of Virginia signed the Consumer Data Protection Act (CDPA) into law, making his state one of a select few to enact a comprehensive data privacy law. The Virginia CDPA, which takes effect in January 2023, expands personal data rights and draws from Europe’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and its successor, the California Privacy Rights Act (CPRA).
Like CCPA and GDPR, the CDPA expands consumer rights by giving Virginia residents the right to access and delete their personal data. However, unlike CCPA, the CDPA uses GDPR-esque nomenclature (data controllers, data processors, etc.), and requires controllers to obtain consent prior to collecting and processing sensitive personal data. This differs from most other state privacy laws, which typically require only notice, not consent. Additionally, and of particular relevance to test providers and sponsors hoping to outwit cheaters, “sensitive data” includes genetic or biometric data collected and used to identify individuals.
Future-proof your testing program
To effectively fight the cheaters while observing legal mandates, test sponsors should partner with test providers that have systems and processes established to handle evolving requirements like the CDPA and similar privacy legislation. That partner should have deep expertise in matters of data privacy and security, and continually build awareness by monitoring pending privacy legislation throughout the globe. Together with the right partner, testing programs can become more resilient and better prepared to address complex privacy issues.
Contact us to learn more about the steps we take to secure our exam programs while protecting test-taker privacy.