When test integrity and data privacy laws collide


March 31, 2021

Paid stand-ins. Forbidden cheat sheets. Stolen test answers.

As demand for professional credentials grows, so has the volume of test-takers. Unfortunately, cheating on exams and theft of valuable intellectual property have spiked in parallel. To clearly identify test- takers, test providers often use advanced technologies like ID verification and biometrics to enhance security.

Though sensible and often increasingly necessary, these techniques nevertheless introduce data privacy concerns; in particular, how test-taker data is being used, stored, and protected. This leaves test providers with a difficult balancing act: finding ways to thwart the cheaters and protect the integrity of the testing environment while still adhering to local, regional, and national data privacy laws protecting test-takers. And those laws are getting tougher all the time.

Virginia strengthens its privacy stance

Earlier this month, Gov. Ralph Northam of Virginia signed the Consumer Data Protection Act (CDPA) into law, making his state one of a select few to enact a comprehensive data privacy law. The Virginia CDPA, which takes effect in January 2023, expands personal data rights and draws from Europe’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and its successor, the California Privacy Rights Act (CPRA).

Like CCPA and GDPR, the CDPA expands consumer rights by giving Virginia residents the right to access and delete their personal data. However, unlike CCPA, the CDPA uses GDPR-esque nomenclature (data controllers, data processors, etc.), and requires controllers to obtain consent prior to collecting and processing sensitive personal data. This differs from most other state privacy laws, which typically require only notice, not consent. Additionally, and of particular relevance to test providers and sponsors hoping to outwit cheaters, “sensitive data” includes genetic or biometric data collected and used to identify individuals.

Future-proof your testing program

To effectively fight the cheaters while observing legal mandates, test sponsors should partner with test providers that have systems and processes established to handle evolving requirements like the CDPA and similar privacy legislation. That partner should have deep expertise in matters of data privacy and security, and continually build awareness by monitoring pending privacy legislation throughout the globe. Together with the right partner, testing programs can become more resilient and better prepared to address complex privacy issues.

Contact us to learn more about the steps we take to secure our exam programs while protecting test-taker privacy.


Pearson VUE legal

Pearson VUE’s legal team has been the leader in the computer-based assessment industry for over two decades, especially in matters surrounding data privacy and security. The Pearson VUE legal team’s expertise in both the industry and working with data protection authorities globally for over twenty years sets them apart in this field and provides Pearson VUE clients a substantial benefit.  We work closely with clients to protect the integrity of their programs while maintaining compliance and balancing the ethical issues of handling individual candidate data.

About Pearson VUE

Pearson VUE has been a pioneer in the computer-based testing industry for decades, delivering more than 16 million certification and licensure exams annually in every industry from academia and admissions to IT and healthcare. We are the global leader in developing and delivering high-stakes exams via the world's most comprehensive network of nearly 20,000 highly secure test centers as well as online testing in over 180 countries. Our leadership in the assessment industry is a result of our collaborative partnerships with a broad range of clients, from leading technology firms to government and regulatory agencies. For more information, please visit PearsonVUE.com.