Users' personal information may, under certain circumstances itemized below, be disclosed to other users in Blackboard Learn. These disclosures and the user's right to choose privacy options are in keeping with FERPA regulations.
Blackboard Learn users who have access to the Administrator Panel may be allowed to view personally identifiable information because they are "school officials with legitimate educational interest." Administrators can view (and in some cases change) users' personal information, including student IDs, grades and other education records, passwords, contact information, and roles in courses, organizations, and Outcomes system contexts. System roles can also be given privileges to access Outcomes Assessment contexts as well as courses and organizations, including the course or organization Control Panel. Institutions need to use caution and good judgment when granting users administrative roles that have privileges to access the paths listed in System Administration Paths.
Privileges can be customized by the institution to limit which system roles have administrative access to users' personal information.
As a security precaution, only administrators can modify privileges.
Institutions can achieve a satisfactory balance between protecting privacy and giving users with "legitimate educational interest" the information they need to do their jobs by assigning roles and configuring privileges appropriately.
System administration paths
The paths listed below give administrators access to personal information.
|(Course Catalog module) Course Catalog Browse||> Preview course with Control Panel and Quick Enroll links in Menu|
|(Organization Catalog module) Organization Catalog Browse||> Preview org with Control Panel and Quick Enroll links in Menu|
|Administrator Panel (Content Management)||> Administrator Search|
|> Manage Content|
|Administrator Panel (Communities)||> Domains|
|> Modules (delegated module administration)|
|Administrator Panel (Organizations)||> Organizations > Archive Organization|
|> Organizations > Copy Organization > Copy Organization with Users (Exact Copy)|
|> Organizations > Modify Organization > Access Statistics|
|> Organizations > Modify Organization > Enrollments|
|> Organizations > Preview org with Control Panel and Quick Enroll links in Menu|
|> Organizations > Restore Organization|
|Administrator Panel (Courses)||> Courses > Archive Course|
|> Courses > Copy Course > Copy Course with Users (Exact Copy)|
|> Courses > Modify Course > Course Access Statistics|
|> Courses > Modify Course > Enrollments|
|> Courses > Preview course with Control Panel and Quick Enroll links in Menu|
|> Courses > Restore Course|
|Administrator Panel (Users)||> Users|
Log files contain records of specific events and user actions in the system and therefore include personal information. Institutions need to use caution and good judgment when granting users system roles that have privileges to access the paths listed below. Access to the logs can be controlled in the user interface (UI) through flexible privilege management. Logs are also accessible using the command line, and only trusted users should be granted access to command line actions.
The following paths give administrators access to log files:
|Administrator Panel (Tools and Utilities)||> Logs > Authentication Logs|
|Administrator Panel (Manage Content)||> internal > logs|
Integrated learning environments
Vista and CE Learning Systems have their own privacy and personal information options. When these systems are integrated with Blackboard Learn, the user's privacy choices in their native Vista or CE learning environment do not carry over into Blackboard Learn or the other way around. Users need to set their privacy options in each system separately.
When an administrator needs to select another user, to enroll them in a course for example, they can browse for other users with the User Selector, which displays users' names, usernames, and email addresses. With the exception of Content Management, this function is only available to administrators, instructors and leaders (and similar roles) in courses and organizations, and managers in the Outcomes System, all of whom are generally "school officials with legitimate educational interest."
One of the primary purposes of the Content Collection is for users to share content with one another. Users can be uniquely identified only by their usernames, so the username is displayed as part of the path in the /users directory. To select which people to give permission to for sharing, a user will see a list of other users in the User Selector, which displays the users' names and usernames.
If the institution wants to restrict this display of personal information, they can set the Content Collection privacy settings so that only users who have opted in to be included in the User Directory will be included in searches in the Content System User Selector. This setting is under Administrator Panel > Content Management > Content Management Settings > Privacy Settings.
Users can also independently decide not to share any content that is in their /users directory with other users in the system. This action prevents others from seeing their username in the path for that content. Alternatively, users can send passes and permanent URLs to other users to share content, hiding the path location of the content and protecting their usernames from being revealed.
Building blocks and integrations
Building blocks and other integrations may be configured to access users' personal information, with or without the users' consent. When you make these tools available, review the disclosures page to determine whether the tools accesses users' personal information. Only install tools that are trusted, particularly if they access users' personal information.