Welcome to Blackboard’s Privacy Center
Our Privacy Center provides an overview of our Data Privacy Program and our approach to data privacy. We also have additional helpful data privacy information on the following pages:
- The Privacy Statement details how we use personal information.
- The California Privacy Notice provides information for California consumers that use our products and services when we are acting as a business.
- The Data Privacy and Security group (available in English only) on Blackboard Community has regular contributions from us and the community.
We care about privacy. We believe that privacy is a fundamental right for all individuals. Our clients entrust us with the personal information of their employees and their users, who are often students. We take the obligations that are attached to this information very seriously.
Data privacy and security have therefore been long-standing key priorities of Blackboard. The European Union General Data Protection Regulation (GDPR) was an opportunity to further strengthen our existing data privacy practices and formalize them as part of a global data privacy program led by our Global Privacy Officer.
Our approach to data privacy has always been client-focused. We understand the challenges our clients face. Our Data Privacy Program is designed to help them with their data privacy compliance.
We are a proud signatory of the Privacy Pledge and a member of the Future of Privacy Forum.
Privacy by design
As it becomes more and more challenging in today’s world for individuals to maintain control over their information, privacy by design and accountability become increasingly important to maintain the trust of individuals, clients, and regulators and to document how an organization complies with the GDPR. Privacy by design is therefore at the heart of our Data Privacy Program.
We have a multi-layered approach to data transfer compliance. This means we address data transfer requirements via multiple avenues to ensure personal information is adequately protected:
- Regional hosting: We have a regional hosting strategy with all key products and functionalities hosted in regions (e.g. in the EU for EU clients). Access to personal information from outside the region (e.g. from outside the EEA) to this regionally hosted personal information may be required to provide the products and services, e.g. for 24/7-support and product maintenance.
- Biding Corporate Rules (BCR): We have submitted our BCR for authorization with the Dutch Data Protection Authority and will rely on the BCR once authorized.
- Standard Contractual Clauses: We use the EU-approved data standard contractual clauses (SCCs) to compliantly transfer personal information outside the EEA within Blackboard's group of companies.
- Supplementary measures: We use additional contractual, organizational and technical measures to protect transferred personal information.
- Onward transfers: Robust contracts are in place with vendors and partners (e.g. Amazon Web Services) to ensure that data transfer requirements (and other data privacy obligations) are passed on to our vendors and partners with access to personal information.
We use vendors to help us provide our products and services or to perform work on our behalf. Where this requires access to personal information, we are responsible for the data privacy practices of the vendors. Our vendors must abide by our strict data privacy and security requirements and instructions. They are not allowed to use personal information they access or receive from us for any other purposes than as needed to carry out their work for us.
We employ a variety of physical, administrative, and technological safeguards designed to protect personal information against loss, misuse, and unauthorized access or disclosure. We have dedicated information security programs and work hard to continuously enhance our technical and operational security measures.
Our measures consider the sensitivity of the information we collect, use, and store, and the current state of technology. Our security measures include data encryption, firewalls, data use, and access limitations for our personnel and vendors and physical access controls to our facilities.
This content was last updated on November 22, 2020.