Data Privacy Within the Brightspace Platform

A note from the founder of the Brightspace Platform and the CEO of D2L

Since our very beginning in 1999, we have been steadfast in our mission to improve the way people learn because we believe learning is transformational – inspiring social and technological change. We wanted D2L to provide the kind of technology that allowed our users to focus on what matters most – learning – without having to worry about the safety and privacy of their data. No compromises.

Twenty years later, I’m proud of how D2Lers have embraced this mission and made it central to our commitment to you. We know that some companies have blurred the lines on what they do with your data. But for us, even twenty years later, when it comes to your learning experience and the safety and privacy of your data, our mission remains clear.

At D2L, we believe that the data you entrust to us is always your data and you should get to choose what we can and cannot do with your data. It’s just not our data; it’s yours.

So, I personally thank you for trusting us to be different. Here’s to another 20 years of transforming learning – together.

John Baker, President and CEO, D2L

Data Security

We keep your data secure.

With Brightspace you own your data – we keep it secure. Our approach puts your security and data confidentiality, availability and integrity first. Our process works, demonstrated by a track record of delivering reliable security that is continuously being improved.

Ad-free

We use your data for learning only, not for advertising.

There are no ads in the Brightspace platform and we do not collect, track, target, use, or sell learner data for advertising purposes or to create advertising profiles. It’s that simple.

Privacy by Design

We design the Brightspace platform with privacy in mind.

We have a long-standing practice of proactively incorporating privacy features into our products and practices. Privacy by Design is how we develop our solutions and helps maintain the trust of our learners.

Data Transfers

We create safe channels for your data, no matter where it travels.

We are cloud hosted, allowing us to adhere to regional hosting requirements where they exist. Not only do we rely on regional hosting procedures, we also rely on the our EU adequacy decision with Canada, our privacy shield certification in the United States, and model contract clauses.

Our Vendors

We’re accountable to you, even for our vendors.

They are only allowed to use personal information to provide their services and nothing else. Vendor contracts are reviewed to align with our data transfer protocol.

Regulatory Compliance

We understand the importance of regulatory compliance with respect to the security, and privacy of information. Our services support compliance with your privacy and security requirements. We have invested significant engineering, process and security efforts into our offerings to help our clients address user data privacy under relevant privacy laws.

The Brightspace platform supports compliance with rigorous standards.

GDPR (The General Data Protection Regulation 2016/679)
FERPA (Family Educational Rights and Privacy Act)
COPPA (Children’s Online Privacy Protection Act of 1998)
PIPEDA (Personal Information Protection and Electronic Documents Act)
LGPD (Brazilian General Data Protection Law)
Australian Privacy Act of 1988
Singapore Personal Data Protection Act (PDPA)
ISO 27001, 27018, SOC 1 Type 2 and SOC 2 Type 2, Cloud Security Alliance (CSA), Security, Trust and Assurance Registry (STAR)
We are EU-U.S. Privacy Shield certified, and are a proud signatory of the Privacy Pledge.

Security

At D2L, we take security seriously.

We believe that privacy and security must be core to the development process – not an afterthought. So we develop and test the Brightspace platform based on the principles set out in the Open Web Application Security Project (OWASP) Top Ten framework. We have also achieved several security and privacy certifications, which are audited annually, of our operational practices based on industry leading standards such as ISO27001, SOC 1, SOC 2, and ISO27018.

We aim to give our customers a world class experience, by leveraging industry-leading AWS to deploy our platform within a highly reliable and secure architecture. When our customers are in the D2L Cloud, they can rest easy knowing that we doubled down on security. While AWS is certified and secure, we go further with independent third- party audits to make sure our data protection practices meet and exceed industry standards.

While certifications are an important step in making sure we’re doing the right things, we know that training our people is just as important. We use the Brightspace platform ourselves to train our employees on privacy and security best practices and to confirm their compliance with our internal security policies. And we run regular “table top” (fire drills) exercises to be certain that our employees are prepared to respond and protect your data in any situation.

Our Privacy and Security Leaders

Anna Forgione

Chief Legal Officer and Chief Privacy Officer

Anna joined the company in 2013 and brings over 20 years of experience in corporate leadership, technology advocacy, business development, negotiations, and strategic planning. She is the Chief Legal Officer and Corporate Secretary for the company and oversees all legal, governance, regulatory and compliance matters for D2L worldwide. Her responsibilities include directing company transactional, intellectual property, litigation, and acquisition matters

Nick Oddson

Chief Technology Officer

Nick brings over twenty years of design and enterprise-level software experience to his role with D2L. He’s responsible for guiding the product team as they continue to scale and develop the company’s industry-leading learning solutions.