At VitalSource, privacy and security are our top concerns, and we take exceptional measures to secure the privacy of all users and data. VitalSource’s platforms are purposefully designed to seamlessly deliver course materials to learners with a single click and can even work without requiring Personally Identifiable Information (PII).
From our offline native applications through our LMS integrations, our customers have single sign-on (SSO) options using an anonymous token from the LMS that obviates the need for personal information. Institutions passing us anonymized tokens can also enable the exercise of personal data rights, including the “right to be forgotten.”
We believe users, institutions, and content providers own and should control the use of their data. As a valued partner, VitalSource will never sell your users’ data. Any transfer of user data shall be strictly in accordance with our privacy policy.
In this article, we’ll cover the ways an institution can implement our services with various degrees of PII. While VitalSource always recommends that, whenever possible, schools pass at least a few minimum identifying fields needed to enable a seamless user experience, a totally anonymous experience is possible if the institution requires it.
General PII Note
All applications and systems related to the storage, transfer, and processing of our data are designed with security in mind and as the default mode of operation. At all times, only the minimum amount of data needed to facilitate providing services to customers and fulfilling contractual obligations is collected by our systems. This data is only stored for the minimum time required to provide services which the data subject has acquired or to fulfill contractual obligations. When systems or applications containing data are connected, that connection is designed to provide end-to-end protection of the data.
Personally Identifiable Information (PII)
At VitalSource, privacy and security are our top concerns, and we take exceptional measures to secure the privacy of all users and data. VitalSource’s platforms are purposefully designed to seamlessly deliver course materials to learners with a single click and can even work without requiring Personally Identifiable Information (PII).
From our offline native applications through our LMS integrations, our customers have single sign-on (SSO) options using an anonymous token from the LMS that obviates the need for personal information. Institutions passing us anonymized tokens can also enable the exercise of personal data rights, including the “right to be forgotten.”
We believe users, institutions, and content providers own and should control the use of their data. As a valued partner, VitalSource will never sell your users’ data. Any transfer of user data shall be strictly in accordance with our privacy policy.
In this article we’ll cover the ways an institution can implement our services with various degrees of PII. While VitalSource always recommends that, whenever possible, schools pass at least a few minimum identifying fields needed to enable a seamless user experience, a totally anonymous experience is possible if the institution requires it.
PII with Your VitalSource Integration
VitalSource serves two main types of institutions when managing data:
Institution 1: School doesn’t want to send any PII (fully anonymous)
- No PII Sent
- Applications operate simply with an opaque user identifier/token.
- Certain applications, such as our analytics platforms, then require extra research by admins or faculty to join those opaque identifiers back to institutional data.
- VitalSource Bookshelf offline readers, such as iOS, Android, and Windows and Mac desktop applications, still work and function but require one SSO from the online reader to the native applications.
Institution 2: School sends us PII
- Send PII (first name, last name, email) to VitalSource.
- This is the extent of PII that VitalSource may request. We do not need any other student information.
- We use this data to empower Inclusive Access (IA) management tools, institutional engagement dashboards, and faculty dashboards to view at-risk vs engaged students.
- An email address makes it easier for students to access VitalSource Bookshelf offline readers, such as iOS, Android, and Windows and Mac desktop applications.
- VitalSource supports all FERPA and GDPR compliance laws and regulations. We can remove student PII as requested at any time via “right to be forgotten” provisions, etc.
PII With Your LMS
In every case, your institution controls the data that is sent or not sent to VitalSource by your LMS during LTI setup. You can control how much data any service provider gets (or doesn’t) using the native LTI tool setup provisions within the LMS. VitalSource applications can function entirely without PII.
Example student data received from LMS in place of PII when data is anonymized: UserID: 1e34sdq123a
Example student data received from LMS when a school sends PII:
Full Name: John Smith
Student Email: john.smith@university.edu
First Name: John
Last Name: Smith
Student ID: 12345
UserID: 1e34sdq123a
PII With Verba Connect
Verba Connect is a digital discovery and management tool utilized by digital program managers at your institution for Inclusive Access programs. This application connects to both the school’s Student Information System (SIS) and its LMS to help facilitate backend processes. By default, the following fields are requested from your SIS via SFTP in order to more seamlessly communicate with students, manage student accounts, and send data between systems:
- Term Name
- Department
- Course Number
- Section Code
- Student ID: The student ID should be static and non-changing (we use it as the primary student identifier; if it changes, we will create a new student record). This ID will be used as a reference for billing and for students who opt-out.
- Student First Name
- Student Last Name
- Student Email Address
However, an anonymous use of Verba Connect is possible if your school is willing to provide anonymized information to our servers. This method would include the following:
- Your school sends us a reference token (ID) instead of student name. The school would then translate the reference ID on its end with the student’s actual name and/or real student ID.
- Your school sends VitalSource non-PII email addresses which then forward to the student’s real address. Again, for the purposes of managing communications to specific students, the school would do the translation on its end.
- Because we eventually need to match a user in an LMS course to the data we have in Connect, we also request that any reference tokens a school sends us a match between its LMS and SIS systems.
Please note that this will impact the Connect user experience, particularly when managing students; instead of first and last name appearing, a token ID will appear in its place.
Other Data Privacy Considerations
- With integrations, you want to be assured that your partner has experience with the standards (LTI) and workflows involved. VitalSource has been a member of IMS Global (the creators of the LTI standard) for more than a decade, participates in the working groups, helped create the last two LTI versions, and has a seat on the board of directors. Additionally, VitalSource has been providing LTI integration services during that entire time and doing so at scale with more than 4500 live integrations.
- With an LTI integration, you want to be assured that your partner has full certification and is using the very latest versions to assure you, its customer, that all security, performance, and features are available on day one. VitalSource was the first LTI provider to be certified in LTI Advantage (the latest version that we helped create), and our certifications are maintained annually, and publicly available at https://site.imsglobal.org/certifications?query=VitalSource.
- With an integration partner, you want to be assured that it can provide solutions for the complex business models you require. The VitalSource platform provides unmatched flexibility in supporting those needs with opt-in, opt-out, institution pay, student pay, white label storefronts, integrated affiliate programs, and the ability to combine these together to customize what you need inside your LMS or as an external site.
- With an integration partner, you want to be assured it can handle the scale you need, as well as those peak demand days when all your students need things at the same time. The VitalSource platform supports more than 12 million daily users in 241 countries and territories around the globe. We are unmatched in our ability to not only scale as demand increases, but to do so while delivering a guaranteed 99.9% uptime. Our offline native applications provide access 100% as needed.
- When you need an integration partner to simplify and solve downstream integrations with publisher courseware, you want to be assured that it can not only do what it claims, but that it has proven that fact over and over. VitalSource’s more than 20-year-long relationship with educational publishers around the globe has given our customers the confidence that we can deliver. And the facts have proven that: we delivered more than 800,000 instances of publisher courseware from Pearson, McGraw-Hill, Elsevier, Macmillan, Wiley, and others last year alone.
- When you work with an integration partner, you need to know that it will handle your data according to your requirements. As detailed, VitalSource is a privacy-by-default organization that complies with international and domestic requirements. This includes the data that we pass to publisher courseware on your behalf. All applications and systems related to the storage, transfer, and processing of our data are designed with privacy in mind, and privacy is the default mode of operation. At all times, our systems collect only the minimum amount of data to facilitate providing services to customers and fulfilling contractual obligations. This data is only stored for the minimum time required to provide services which the data subject has acquired or to fulfill contractual obligations. When systems or applications containing data are connected, that connection is constructed to provide end-to-end protection of the data within the limits of current technology.
- As much as you want to trust your integration partner, you should verify its claims. To provide confidence in our claims, VitalSource regularly contracts SOC 2 auditing against our systems. A summary report covering security, privacy, and confidentiality can be made available to prospective customers (an NDA will be required).
VitalSource is a privacy-by-default organization that complies with international and domestic requirements. The decision on which user data to pass to the VitalSource SaaS platform via an integration is made by our customers, and our standard and default integration is to never require any Personally Identifiable Information. The complete integration can be accomplished by simply passing an anonymous unique LMS identifier.
- Specifically, the compliance with relevant requirements includes, but is not limited to:
- The United States, Canada, and Mexico
- Per the USMCA modifications to NAFTA, Article 19.12:
- Location of Computing Facilities: No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory.
- Ratified by the US on January 29, 2020
- Ratified by Canada on March 13, 2020
- Ratified by Mexico on June 19, 2019
- European GDPR
- UK’s DPA 2018
- Brazil’s LGPD
- California’s CCPA
All data that does reside on the VitalSource SaaS platform is stored remotely on major cloud providers (primarily GCP, the Google Cloud Platform, with smaller components of our service on AWS, Amazon Web Service). Data is stored using logical separation of client data in a SaaS multi-tenant environment that is encrypted both in-flight and at rest. Data in cloud storage is automatically backed up with automated failover to alternate regions. Our primary deployment region for GCP is the US-East. While primary data resides in the United States, optimized cloud data delivery means that your actual content may be located far closer via CDN servers that are securely hosted within GCP and Cloudflare.
The Google Cloud endpoint locations in Canada are in:
- Montréal (Network edge, and current region with 3 zones)
- Toronto (Network edge, and future region with 3 zones)
The Cloudflare endpoint locations in Canada are in:
- Calgary, AB
- Montréal, QC
- Saskatoon, SK
- Toronto, ON
- Vancouver, BC
- Winnipeg, MB
For more information go to:
- https://cloud.google.com/compute/docs/regions-zones/
- https://cloud.google.com/about/locations
- https://www.cloudflare.com/network/
- https://www.cloudflarestatus.com