A note from the founder of the Brightspace Platform and the CEO of D2L
Since our very beginning in 1999, we have been steadfast in our mission to improve the way people learn because we believe learning is transformational – inspiring social and technological change. We wanted D2L to provide the kind of technology that allowed our users to focus on what matters most – learning – without having to worry about the safety and privacy of their data. No compromises.
Twenty years later, I’m proud of how D2Lers have embraced this mission and made it central to our commitment to you. We know that some companies have blurred the lines on what they do with your data. But for us, even twenty years later, when it comes to your learning experience and the safety and privacy of your data, our mission remains clear.
At D2L, we believe that the data you entrust to us is always your data and you should get to choose what we can and cannot do with your data. It’s just not our data; it’s yours.
So, I personally thank you for trusting us to be different. Here’s to another 20 years of transforming learning – together.John Baker, President and CEO, D2L
We keep your data secure.With Brightspace you own your data – we keep it secure. Our approach puts your security and data confidentiality, availability and integrity first. Our process works, demonstrated by a track record of delivering reliable security that is continuously being improved.
We use your data for learning only, not for advertising.There are no ads in the Brightspace platform and we do not collect, track, target, use, or sell learner data for advertising purposes or to create advertising profiles. It’s that simple.
Privacy by Design
We design the Brightspace platform with privacy in mind.We have a long-standing practice of proactively incorporating privacy features into our products and practices. Privacy by Design is how we develop our solutions and helps maintain the trust of our learners.
We create safe channels for your data, no matter where it travels.We are cloud hosted, allowing us to adhere to regional hosting requirements where they exist. Not only do we rely on regional hosting procedures, we also rely on the our EU adequacy decision with Canada, our privacy shield certification in the United States, and model contract clauses.
We’re accountable to you, even for our vendors.They are only allowed to use personal information to provide their services and nothing else. Vendor contracts are reviewed to align with our data transfer protocol.
- GDPR (The General Data Protection Regulation 2016/679)
- FERPA (Family Educational Rights and Privacy Act)
- COPPA (Children’s Online Privacy Protection Act of 1998)
- PIPEDA (Personal Information Protection and Electronic Documents Act)
- ISO 27001, 27017, 27018, SOC 1 Type 2 and SOC 2 Type 2, Cloud Security Alliance (CSA), Security, Trust and Assurance Registry (STAR)
- We are EU-U.S. Privacy Shield certified, and are a proud signatory of the Privacy Pledge.
At D2L, we take security seriously.
We believe that privacy and security must be core to the development process – not an afterthought. So we develop and test the Brightspace platform based on the principles set out in the Open Web Application Security Project (OWASP) Top Ten framework. We have also achieved several security and privacy certifications, which are audited annually, of our operational practices based on industry leading standards such as ISO27001, SOC 1, SOC 2, and ISO27018.
Moreover, unlike some software providers, we do not just rely on our cloud provider’s security controls, because that would fail to give you confidence that our own processes meet the rigorous standards. Instead, we are independently audited by third parties to ensure our data protection practices meets and exceeds industry standards.
While certifications are an important step in making sure we’re doing the right things, we know that training our people is just as important. We use the Brightspace platform ourselves to train our employees on privacy and security best practices and to confirm their compliance with our internal security policies. And we run regular “table top” (fire drills) exercises to be certain that our employees are prepared to respond and protect your data in any situation.