Online proctoring has been used to deliver tests and exams for well over a decade. During the last four years, we have seen this method for secure remote testing grow rapidly in popularity. In 2019, just 1.5% of PSI tests were delivered using online proctoring. In 2023, this increased to over 30%.
However, as more test takers use online proctoring, privacy concerns have also grown. The very nature of online proctoring, where a proctor observes a test taker using their webcam and microphone, raises questions about privacy and data security.
It’s important that we work to understand and navigate the complexities of these privacy concerns, while applying the technologies, processes, and tools available to mitigate them.
Understanding test taker concerns
We need to understand privacy concerns with online proctoring from the test taker perspective before we can fully address them. And when it comes to this critical issue, we should be open and transparent about the steps we are taking and why. Test takers will be reassured that their concerns have been heard, and that action is being taken – even if we don’t have all the answers.
For test takers, privacy concerns might include:
- Invasion of privacy and intrusion into their personal space during online proctoring sessions. This can lead to increased anxiety on an already stressful test day.
- Data security and the collection, transmission, storage and use of personal data that might be involved in online proctoring processes. With data breaches hitting the headlines every day, test takers are increasingly concerned about the risk of unauthorized access to their information.
- Discrimination is a concern for some test takers, for example based on their appearance, unavoidable background noise or other environmental factors captured during an online proctoring session.
Privacy concerns for testing organizations
Equally, we see that the testing organizations we partner with also have privacy concerns,. particularly when it comes to making the move from in-person testing to remote testing online proctoring. These can include:
- Compliance and failure to adhere to privacy regulations, such as GDPR (General Data Protection Regulation) or US state data privacy laws, which could result in legal challenges.
- Reputation and the importance of trust with their test takers and stakeholders. Any issues with personal data or privacy during online proctoring could affect the credibility of their organization and testing programs and undermine confidence in the credentials they offer.
- Ethical considerations with the growing awareness of the importance and risks associated with data protection and privacy. Testing organizations need to balance these ethical considerations with the need for test security and fairness for all test takers.
In this environment, it is important that we build trust, maintain compliance, and uphold ethical standards in online proctoring. Always working to strike a balance between ensuring test integrity and protecting individual data and privacy rights.
Protect privacy with online proctoring technology
When online proctoring software is used effectively, it can address many of the concerns around data and personal privacy – at the same time as protecting test integrity.
Secure browser software, for instance, provides a secure testing environment where test takers are unable to access other applications or copy and paste. This software also means that proctors don’t have remote access to a test taker’s computer, maintaining their privacy and the security of their personal information.
Verifying a test taker is who they say they are can be another area of concern. Online proctoring software facilitates identity checks, allowing a proctor or check-in specialist to validate a test taker’s identity documents by cross referencing a photo ID against the webcam image of the test taker.
Transparency and informed consent
Having clear standards, policies, and procedures related to data privacy is an important element of addressing concerns with online proctoring.
For example, what audio and video of the test taker and their surrounding, are you recording? Do you collect and store keystroke data and why? Do you collect biometric data, such a fingerprint scans, for identity verification purposes? Clarity around the steps taken to store this information securely, and how long you will keep it for after a test is complete, will reassure test takers that their information is safe with you. It is also critical to outline for how long data is retained.
Most test takers want fair testing on a level playing field. Explain that the primary purpose of collecting data during online proctoring is to protect the integrity of the testing process.
Identity verification and webcam footage, for instance, prevents proxy testing by ensuring test takers are who they claim to be. And behavior analysis using audio and video allows proctors to detect suspicious behavior, such as talking to someone off camera or using another device.
While test takers might feel that online proctoring is an invasion of their privacy, especially when they are taking a test in their own home, explaining exactly what you are doing and why will help them understand the importance of test security. Reassure them how any information you collect will be used and who will have access to it.
Mitigating privacy risks with online proctoring
Technology, policies and procedures, and clear test taker communications aren’t the only strategies to mitigate risks around data and privacy with online proctoring. You can minimize the risks by collecting only the minimum amount of data needed for test monitoring and identity verification.
Single sign on (SSO), where test takers access their test from a Learning Management System (LMS) without needing to address their personal information again, is one way to achieve this. SSO has the added benefit that a proctor doesn’t need to access or know your LMS passwords, keeping even more data fully secure.
Robust security protocols and data encryption will also safeguard collected data against unauthorized access and data breaches. This should include secure data transmission between the test taker’s device and the proctoring server, plus end-to-end encryption for audio, video and other data captured during online proctoring. Any data stored on servers or in transit should be protected by strong encryption against unauthorized access.
Restrict access to personal information
Another important security step is to restrict access to proctoring systems and databases to authorized personnel only, as well as requiring multi-factor authentication from any proctors or administrators accessing proctoring platforms. Role-based access control is a good way of limiting the level of access granted to different users based on their job responsibilities.
Your processes and procedures should be backed up by comprehensive training for proctors so they understand the importance of test taker privacy and can handle any concerns sensitively. Training should extend to best practices and compliance requirements on data privacy.
Remaining compliant with online proctoring
The testing industry is evolving rapidly, and so are the technologies available to us to maintain and improve test security. Against this context of change, we must also stay up to date with any new regulations or legal precedents.
In a recent ruling, Ogletree vs. Cleveland State University, a student took an online exam from home and was required to show areas of his bedroom via a webcam. A district court found that the university had violated the student’s Fourth Amendment rights “to be secure in their person, houses, papers and effects against unreasonable searches and seizures”.
There was some initial concern in the testing industry following this ruling that a precedent had been set that might affect the ability to implement online proctoring technologies. However, this was an individual case with many unique aspects related to COVID restrictions, the individual test taker’s circumstances, and requirements that had been agreed in advance with the university. It’s also significant that this online test was proctored using a web conference rather than an a secure online proctoring platform.
The court’s ruling in this case was both narrow in scope and geographical reach, as the decision was issued from the District Court in Ohio and is not binding in other courts in the United States. It does, however, show the importance of rigorously upholding privacy standards and working with a testing provider that stays up to date with the latest developments.
Continuous improvement
Ethical practices are essential to the future of online proctoring and the testing industry as a whole. Alongside accountability, we need continuous improvement that prioritizes privacy and adopts the principles of fairness and transparency. All these elements will help to address and allay privacy concerns around online proctoring, while building important trust and continuing to protect the integrity of our tests and exams.
