Certification Privacy FAQs
IAPP uses an exam hosting service, PearsonVUE, to make its exams available to people globally. PearsonVUE has relationships with testing centers all over the world so that candidates can sit for an exam close to their home or work. PearsonVUE also has a program, called OnVUE, that allows candidates to take an exam online from their home or office. The IAPP signed up to make the OnVUE option available to its candidates shortly after the COVID-19 pandemic struck.
This document has been created to explain the unique data processing activities involved in taking an IAPP exam. Information is also available in the IAPP Privacy Notice, but this set of frequently asked questions is specifically tailored to the exam experience, whether at a testing center or online using OnVUE.
After a candidate passes an exam, they can receive a digital certificate to display from the IAPP’s subcontractor, Accredible.
The IAPP shares the candidate’s first and last name, email address, and a personal authorization code that allows access to the exam. In an effort to minimize the data PearsonVUE collects, the address and phone number on your PearsonVUE account will be the IAPP headquarters’ address and phone number.
PearsonVUE communicates exam scheduling, rescheduling and cancellations with the IAPP’s database. Once an exam is taken, the results of the exam are also sent to the IAPP. The IAPP uses the pass/fail score to update the certification information in the candidate’s IAPP account. The actual results of the exams are used to monitor the health of the exam. They are kept by the IAPP for only six months and then are destroyed.
When checking in, OnVUE will require a phone number so the proctor can reach the candidate if any issues occur during the exam, as well as images of the candidate’s room surroundings to verify compliance with testing protocols (e.g., no one is allowed in the room with the candidate, no materials are allowed to assist the candidate, limited food/beverage, etcetera). OnVUE will also require a photograph of the candidate’s face and the candidate’s photo identification. Pearson’s ID validation software evaluates the legitimacy of the candidate’s identification (to confirm it is a valid government-issued ID). Pearson’s OnVue system also uses cloud-based services that in real time provides facial comparison services to verify that the face on the identification matches the candidate’s face, deleting the image immediately upon validation. If the match fails, a human proctor is summoned to perform the match identification in person. For current information on these service providers, please contact firstname.lastname@example.org.
The personal data retained by PearsonVUE following the exam are a photograph of the candidate, a copy of the candidate’s ID, images of their room surroundings, and the recording of their testing experience. The photograph is retained by Pearson for one year as a security measure to detect “proxy” testers but can be deleted earlier upon a candidate’s request. The ID is retained for 30 days following the test and then deleted. The remaining information (room surroundings, testing event recording) is retained in case the candidate has a reason to appeal the exam based on a claim of cheating in the testing environment, but if not is deleted within 60 days of the test.
If a candidate refuses to participate in the ID validation and facial comparison process, the candidate may contact PearsonVUE’s call center at https://home.pearsonvue.com/iapp/contact and arrange to have the candidate’s identity verified by a person. Candidates may also reach out directly to the IAPP for assistance: email@example.com. Please note, this may create delays in the testing process.
All inquiries about these data processing services, including the processors and sub-processors involved, may be directed to firstname.lastname@example.org.
Upon checking in at a testing center, a greeter will collect the candidate’s signature and take a photograph of the candidate’s face. The greeter will also check the candidate’s photo identification to verify the candidate’s identity. No record of the identification is saved. The candidate’s photograph will be stored for one year in PearsonVUE’s system for testing by proxy prevention. Test takers can request the deletion of the photo prior to the one-year mark by contacting the IAPP at email@example.com. None of the information collected at check-in is shared with the IAPP or any other entity.
Yes, exam sessions and communications between the proctor and test takers are recorded and kept within PearsonVUE’s system for 30 days after the exam. The recording is retained in case an appeal or issue is filed and needs further investigation. The recordings are not shared with the IAPP or any other entity. If the IAPP needs to review the recordings in light of a filed issue, IAPP will be given secure access to the file within PearsonVUE’s system.
Accredible is the IAPP’s digital certificate provider. Creation and delivery of the certificate requires the certification holder’s first and last name, the certification earned, the certification’s term dates, the certification ID, and the test taker’s email address.