Data Storage and Protection: A statement from 3P’s Chief Information Officer
- Here at 3P Learning our global community of students, teachers, administrators and parents now reaches almost every corner of the globe. Every day, thousands of our registered students log into our learning resources from schools and homes across the world.
- In doing so, these students generate a huge volume of data. This data is vitally important to their learning process. It records their results, tracks their progress and allows them to set their goals and celebrate their achievements. It also creates a vitally important diagnostic picture of each student’s knowledge, allowing teachers to identify and close learning gaps.
- We take the storage of this data incredibly seriously and place the highest priority on ensuring its security. This impacts the way we approach everything else we do and the decisions we make – from the very design of our resources, to our digital infrastructure and data storage and transfer mechanisms.
How do we manage data storage and security?
- As 3P Learning – and our community of users – has grown and evolved over the last ten years, so have our data storage requirements. In addition, the seismic changes to the environment in which we operate, the internet, mean that our digital landscape is radically different to just a decade ago.
- As part of a major project to evolve and future-proof our infrastructure, in August 2015 3P Learning began a major new partnership with Microsoft. In addition to being able to offer a greater range of support for the latest mobile devices, our two flagship learning platforms – Mathletics and Spellodrome – were transitioned fully to Microsoft’s industry-leading Azure cloud platform. This marked a new era of data capacity, storage and security for our data.
- In addition, our own company charter demands that everything we do is externally validated by industry experts. 3P Learning employs 3rd party security specialists who perform regular penetration testing across our physical and digital infrastructure, scrutinising the security of the platform to ensure any vulnerabilities are detected and corrected as soon as possible, so that our data continually remains secure.
Where is data stored?
- The Microsoft Azure platform delivers an enterprise-level cloud. The industry-leading approaches to data security were central to 3P’s decision to relocate our key platforms within the environment. All data is stored securely within an isolated network and database infrastructure. It is not accessible to any other person or account within the public cloud. Access is strictly limited to only specific elements of the 3P Learning resources.
- 3P has its main data location as the East US 2 region within Microsoft Azure. This location was chosen as it is one of the most advanced Azure regions, and is accessible for all our users around the world.
- In accordance with EU GDPR requirements, Microsoft Azure complies with both the EU-US privacy shield and EU Model Clauses. Further information is available in our privacy policy. Additionally, in accordance with various Canadian provinces’ privacy legislations (including British Columbia’s FIPPA and Nova Scotia’s PIIDPA), we do not store Canadian students’ personal identifiable information outside of Canada.
- All the data pertaining to a student’s activity within the platform (non-identifiable data) is stored in the East US 2 region of Microsoft Azure. Access to the data is restricted only to the users themselves – and then only via our own applications. It is strictly inaccessible outside of the environment of a 3P Learning resource account and each user only has access to their own data (or in the case of a school’s administrator or IT technician, the data within the school’s wider account).
Is any data published or viewable online?
- There are very limited occasions when personal information might be viewable online or published more , such as when student successes are celebrated as part of our online community. Top scoring students are showcased on 3P’s live online Halls of Fame – displayed within the Mathletics resource (or online during the World Education Games or World Maths Day events). In addition, a key element of the success of 3P Learning’s resources are the online education gaming components. However, during these live games no student data is shared or accessible between users.
- 3P Learning take steps to ensure that no identifiable user information is published to the wider web – beyond that actively permitted by the user (or administrator) themselves. A student’s on-screen display name is limited to their first name and first surname initial only – with additional functionality for teachers and parents to anonymise further to initials only (or anonymised completely with a pseudonym).
Where can I find further information?
Full and complete information covering 3P Learning’s data and privacy policy, including specific legal compliance with all relevant international data and privacy legislation, can be found at here.
Further information regarding data storage and security of the Microsoft Azure Cloud, including the latest update and compliance information, can be found at http://news.microsoft.com/security2015 and http://news.microsoft.com/stories/inthecloudwetrust.
If you have a specific question, contact us at privacy@3plearning.com.