Security Policy FAQs

Is there a Privacy Policy for this System?

Yes.  The Privacy Policy is attached.  The Privacy Policy explains how personally identifiable information is collected, handled and used.

Where will examinee data be stored?

Examinee data will be stored on computer servers located in Canada.  The primary servers are located in Ontario, in the Toronto area.  The back-up servers are located in British Columbia, in the Vancouver area.

Why is the data stored in Canada, instead of in the United States?

The data is stored in Canada because of Canadian law, which has a global reputation for the protection it affords to personally identifiable information.  Unlike the United States, Canada is recognized by the European Union as meeting the adequacy requirements of the European Union for protection of personal data.

How will examinee data be secured?

Examinee data on the System is protected through physical security, administrative safeguards and encryption. 

The examinee data is stored on servers located in a secured data center in Canada in a database that is encrypted with industry-standard high-security encryption.

When the data is transmitted, the data is encrypted using industry-standard Secure Socket Layer (SSL) technology.

The system uses a secured Oracle data base which separates and segregates a customer’s records so that they cannot be seen by other customers.  This separation and segregation is confirmed through testing and external auditing.

Customer access to the System and the data is protected by password.  Customers are responsible for safeguarding their passwords, and to change passwords periodically and whenever there is a concern about a possible compromise.  

The System is regularly tested and subjected to audits, both internal and external.

What happens if a bad guy attacks the data center and steals my data?

Personally identifiable information, including examinee data, is encrypted on the System.  Encryption is utilized to prevent an unauthorized person from being able to see or use the data.

What examinee data can System support people see?

Pearson support people do not have access to personally identifiable examinee data.  In the unlikely event that such access were needed to address a specific problem, specific procedures would have to be followed, which would entail securing explicit consent from the customer, obtaining a copy of the data from the customer or receiving authorization from the customer and Pearson management to have the data decrypted.  System support staff personnel do not have access to, or control over, the encryption keys.  The encryption keys are securely held and protected through physical and administrative safeguards in Canada.

Can Pearson use my examinee data for research?

Personally identifiable data cannot be used by Pearson for research except with your express written permission and consent.  Pearson may though statistically aggregate in non-person-specific form test responses and other information collected in the testing process for research, quality control, operations management, security and marketing purposes and to enhance, develop or improve tests and testing processes.  This non-identifiable data may be provided to researchers, test developers and Pearson contractors

.