Título
GDPR Security and Confidentiality compliance in LMS' a problem analysis and engineering solution proposal
Autor(es)
Palabras clave
Learning Analytics
GDPR
confidentiality
data privacy
digital identity
data security management
learning management systems
Clasificación UNESCO
Fecha de publicación
2019
Citación
D. Amo, M. Alier, F. J. García-Peñalvo, D. Fonseca and M. J. Casany, "GDPR Security and Confidentiality compliance in LMS’ a problem analysis and engineering solution proposal," in TEEM’19 Proceedings of the Seventh International Conference on Technological Ecosystems for Enhancing Multiculturality (Leon, Spain, October 16th-18th, 2019), M. Á. Conde-González, F. J. Rodríguez-Sedano, C. Fernández-Llamas and F. J. García-Peñalvo, Eds. ICPS: ACM International Conference Proceedings Series, pp. 253-259, New York, NY, USA: ACM, 2019. doi: 10.1145/3362789.3362823.
Resumen
We have studied the main Learning Management Systems
(LMSs) to comprehend how personal data is processed and
stored. We found that all the users' personal information,
activity, and logs are stored unencrypted on the server
filesystem and databases. A user with access to such resources
may have full access to all the personal information and metainformation
stored. Therefore, the LMSs are very vulnerable to
information leaks in front of targeted hacker attacks due to weak
GDPR compliance. In this paper, we analyze this problem from a
technical and operational perspective for the open-source market
leader LMS Moodle, and we propose a solution and a prototype
of implementation.
URI
DOI
Aparece en las colecciones
