Title:
|
GDPR security and confidentiality compliance in LMS' a problem analysis and engineering proposal
|
Author:
|
Amo Filvá, Daniel; Alier Forment, Marc; García Peñalvo, Francisco José; Fonseca Escudero, David; Casany Guerrero, María José
|
Other authors:
|
Universitat Politècnica de Catalunya. Departament d'Enginyeria de Serveis i Sistemes d'Informació; Universitat Politècnica de Catalunya. BCN SEER - Barcelona Science and Engineering Education Research Group |
Abstract:
|
We have studied the main Learning Management Systems (LMSs) to comprehend how personal data is processed and stored. We found that all the users' personal information, activity, and logs are stored unencrypted on the server filesystem and databases. A user with access to such resources may have full access to all the personal information and metainformation stored. Therefore, the LMSs are very vulnerable to
information leaks in front of targeted hacker attacks due to weak GDPR compliance. In this paper, we analyze this problem from a technical and operational perspective for the open-source market leader LMS Moodle, and we propose a solution and a prototype of implementation. |
Abstract:
|
Peer Reviewed |
Subject(s):
|
-Àrees temàtiques de la UPC::Informàtica::Sistemes d'informació -Data protection -Learning analytics -GDPR -Confidentiality -Data privacy -Digital identity -Data security management -Learning management systems -Protecció de dades |
Rights:
|
|
Document type:
|
Article - Submitted version Conference Object |
Published by:
|
Association for Computing Machinery (ACM)
|
Share:
|
|