Honorlock Security and Privacy FAQs

CCS College Computing Services

FSU has a formal agreement to provide online proctoring services through Honorlock, and the college operates under that agreement. The agreement supersedes Honorlock’s general Terms of Services and includes specific legal requirements for the privacy and security of student information including:

  • A formal data sharing agreement for student information with specific privacy and security restrictions under the federal Family Educational Rights and Privacy Act (FERPA), the European General Data Protection Regulation (GDPR) and the Florida Information Protection Act (FIPA);

  • FERPA binds Honorlock to only collect, process, and store student data for contracted services and this information cannot be sold or transferred for any other purpose; Restricting access to our student data to only those within Honorlock with an authorized reason to process or view this data;

  • Restricting storage of our student data to only data centers located in the United States and requiring encryption in the transmission of any protected university data;

  • The use of appropriate administrative, technical, and physical security measures to preserve the confidentiality, integrity, and availability of protected student data;

  • Data minimization procedures to delete collected information when no longer necessary or upon termination of the agreement;

  • Procedures to alert the university upon the confirmation of a data breach of the Honorlock system.

Honorlock is a cloud-based proctoring solution, which has successfully completed the Service Organization Control (SOC) 2 Type 1 audit, US Privacy Shield compliance, and General Data Protection Regulation (GDPR) readiness. The audit affirms that Honorlock’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, and confidentiality.


Frequently Asked Questions

Where does Honorlock store student data?

Honorlock uses an encrypted and secured connection during the exam. All videos and photos are stored in Honorlock’s platform. Their system runs in a secure, private cloud within Amazon’s AWS cloud platform in US data centers.


How long is student data stored?

Honorlock has defined data retention periods of 12 months, after which all student-related data is automatically purged, unless the university requests an extension of a particular student’s data related to an academic integrity case. Upon request from the university, Honorlock can extend the data retention of a student’s data up to an additional 12 months.


How is student data secured and protected?

All data, including photos and video, is stored in an encrypted format on isolated storage systems within Honorlock’s private cloud in Amazon’s AWS US data centers. They are SOC 2 Type 1, US Privacy Shield and GDPR complaint.


Who has access to student data?

Only key staff within Honorlock will have access in order to provide quality control and support for college instructors. Those accessing student data are bound to the FERPA and privacy requirements required by the FSU/Honorlock master service agreement.


Who monitors the test, Artificial Intelligence (AI) or live proctors? Who reviews the flags?

The AI automatically generates a flag if unusual activity is detected, such as another person entering the room. There is no live person watching the student during the exam. Once an exam session is completed, instructors are able to review flagged recordings to determine if a cheating incident may have occurred.


What data is tracked/recorded from the web browser extension and how is it handled?

The Chrome Web browser extension allows Honorlock to interact with the student and the exam content during the exam. This includes launching the webcam window and interacting with student behavior within the exam. During the exam, the following data is captured, analyzed, and stored:

  • Webcam video, including audio;

  • Recording of desktop activity;

  • Student information presented by the learning management system (Canvas), such as student name, course number, exam name, etc.;

  • Pages visited during the examination session;

  • Specific student behavior that may indicate academic dishonesty, such as copy/paste into search engines.

Secondary devices that may be connected on the network used by the student during the examination session are not monitored by Honorlock. Only the students computing device, with the active Honorlock application session, is monitored for the information listed in the prior bullet point. Finally, the application does not have the capability of sniffing/intercepting traffic from devices connected on the network used by the student.

Students using phones to search test banks during the examination process must be aware Honorlock employs a technology to detect access to unauthorized test banks. It is important for students to understand they are not authorized to use their phones during an Honorlock proctored examination.

Webcam and audio analysis has certain AI capabilities built in, such as detecting the presence of zero, one, or more faces in the camera, one or more voices, etc. This AI will generate a “flag,” prompting the instructor to review the exam session to determine if additional action is necessary to remediate any academic integrity issues.