GDPR Security and Confidentiality compliance in LMS' a problem analysis and engineering solution proposal

We have studied the main Learning Management Systems (LMSs) to comprehend how personal data is processed and stored. We found that all the users' personal information, activity, and logs are stored unencrypted on the server filesystem and databases. A user with access to such resources may have...

Descripción completa

Detalles Bibliográficos
Autores: Amo-Filvà, Daniel, Alier Forment, Marc, García-Peñalvo, Francisco J., Fonseca Escudero, David, Casany, María José
Tipo de recurso: artículo
Estado:Versión aceptada para publicación
Fecha de publicación:2019
País:España
Institución:Universidad de Salamanca (USAL)
Repositorio:GREDOS. Repositorio Institucional de la Universidad de Salamanca
OAI Identifier:oai:gredos.usal.es:10366/140549
Acceso en línea:http://hdl.handle.net/10366/140549
Access Level:acceso abierto
Palabra clave:Learning Analytics
GDPR
confidentiality
data privacy
digital identity
data security management
learning management systems
1203.17 Informática
Descripción
Sumario:We have studied the main Learning Management Systems (LMSs) to comprehend how personal data is processed and stored. We found that all the users' personal information, activity, and logs are stored unencrypted on the server filesystem and databases. A user with access to such resources may have full access to all the personal information and metainformation stored. Therefore, the LMSs are very vulnerable to information leaks in front of targeted hacker attacks due to weak GDPR compliance. In this paper, we analyze this problem from a technical and operational perspective for the open-source market leader LMS Moodle, and we propose a solution and a prototype of implementation.