Some of Moodle's default functionality might infringe with legislative privacy or data protection regulations in either the country you operate Moodle in or with the rules of the organization for which the VLE is run. An example of this is the ability of teachers to store notes about individual users without them able to view these. As different organizations are obliged to follow different guidelines, for example, FERPA in the United States, we are only able to point you in the direction of some of the most common issues and how to resolve them in Moodle.
The key issue is to protect personal information in educational records. Examples of such data are: personal details, grades, usage data (as described in Chapter 10, Moodle Logging and Reporting), and the already mentioned notes by teachers about students.
Some regulations prescribe what information about users is allowed to be stored, with or without their consent:
- Log files: In Chapter 10, Moodle Logging and Reporting, we covered two types of features that are relevant in the context of privacy. The first is the type of data that is stored in a log store. We described External database log, where you can specify what type of educational actions are being tracked (Teaching, Participating, and Other) and what type of database query types are being stored (Create, Read, Update, and Delete). Furthermore, you have the ability to prevent the reports from accessing the data. We have listed all the relevant capabilities for the roles in the Course and user reports section of the aforementioned logging and reporting chapter.
- Notes about users: Moodle contains a tool that allows users with teacher rights to take notes about students. Other users with teaching rights can potentially see these notes. If this facility is not in conformance with your regulations, go to Advanced features and uncheck the Enable notes parameter.
If there is any other information about users that it is prohibited to store, you are most likely to find a capability in the roles setting to achieve this.
Moodle is usually very open about what users can see about each other. While this might be in line with the philosophy of social constructivism, it might not conform to the regulations you have to abide by:
- Online users: In a site-wide context, the online users block displays the name of all the users who have been active in the system in the last 5 (default setting) minutes. You can disable this block by hiding it when you go to Plugins | Blocks | Manage blocks.
- User profile information: A user profile is visible to other users on the system. You can limit what information is shown to nonteachers and nonadministrators by selecting Hide user fields when you navigate to Users | Permissions | User policies. This also includes two fields providing information on First access and Last access.
- Courses a user is enrolled to: This is the same as the preceding point. You can enroll by selecting the Mycourses field.
- Revealing e-mail addresses: When searching for users or enrolling them to courses, their e-mail address is shown. To replace this, go to Users | Permissions | User policies and select ID number for the Show user identity parameter instead. The field(s) are only shown to users who have the moodle:site/viewuseridentity capability (by default, teachers and managers).
- Grades: Grades of students in a course can be seen and edited by teachers. Moodle supports the export of grades, which can be prohibited using a number of
gradeexportcapabilities. It is further possible to publish grades so that they can be viewed via a public URL without access to Moodle. This might be useful for external examiners, but it can cause issues with your privacy regulations and is, therefore, turned off by default (refer to Enable publishing by navigating to Grades | General settings and variousgradeexportcapabilities. - Backups: Teachers have the ability to take course backups, which also contain user information. We are going to deal with limiting backups in Chapter 13, Backup and Restore.
If there is any other information that it is prohibited for other users to see, you are most likely to find a capability in the roles setting to achieve this.