10.6 Distance and correspondence education

An institution that offers distance or correspondence education that:

(a)   ensures that the student who registers in a distance course or correspondence education course or program is the same student who participates in and completes the course or program and receives the credit.

(b)   has a written procedure for protecting the privacy of students enrolled in distance and correspondence education courses or programs.

(c)    ensures that students are notified, in writing at the time of registration or enrollment, of any projected additional student charges associated with verification of student identity. (Distance and correspondence education)

√  Compliance   ____Non-Compliance

Narrative

St. Petersburg College (SPC) offers distance education that:

1. ensures that the student who registers in a distance course or program is the same student who participates in and completes the course or program and receives the credit;
2. has a written procedure for protecting the privacy of students enrolled in distance education courses or programs; and
3. does not apply any additional charges associated with the verification of student identity.

Distance or online, education (including Blended, LiveOnline, and Online courses) at SPC is delivered through the Brightspace D2L learning management system, MyCourses.  Access to MyCourses is governed through a secure Single-Sign-On portal for login and password credentials for all students, regardless of the modality of their courses or if they are Dual Enrolled.  Authentication for Single-Sign-On is housed within the Department of Information Technology and ties login information to student IDs across all College platforms.  As an additional layer of security protection, the College is in the process of rolling out Multi-factor Authentication to all college constituents, with the student roll-out to be completed by Summer 2023. The College’s Vice President of Information Technology Information Systems oversees the security of the College’s authentication system and Single-Sign-On processes, as well as the security of the College’s data and technology resources and college-wide security awareness training.

Ensuring Student Identity

St. Petersburg College (SPC) ensures that the student who registers is the same student who attends class by first verifying the identity of all students, including those who participate in online learning and/or are Dual Enrolled. Upon application, all applicant names, emails, dates of birth, and social security numbers are verified through Financial Aid processes and National Clearinghouse processes used by Admissions and Records (SPC Procedure P6Hx23-4.011). The College further emphasizes the importance of identity integrity by:

• informing students at the time of password creation via the instructions that they should be the only ones who have access to their passwords and not share their login information, emphasizing that it allows access to their student records and coursework;
• enforcing the student’s use of the secure login and password to access all coursework and tests through Single-Sign-On (SSO) and Multi-factor Authentication (MFA);
• presenting the Board of Trustees Procedures on Academic Integrity Policies/ Student Code of Conduct in syllabi (p.10), course shells, Student Right to Know webpage, Student Responsibilities/Syllabus Addendum webpage, Student Handbook (p.51), as well as certifying to adhere to such policies as part of the application process to impress upon students the college’s expectation that coursework and assessments are completed by the registered student;
• using remotely proctored examinations via Honorlock, with written procedures within the learning management system describing the ID requirements that match ID and face recognition.

Establishing Username and Password – Single Sign On Protocols and Multi-factor Authentication

Upon admission to the College, each student is issued an SPC student ID number and email address. Their email address becomes their username for accessing all SPC login protocols through Single-Sign-On (SSO). As part of the application process, students are prompted to establish a password of their choice. Guidelines appear during the password creation process to:  1) ensure that the password is of sufficient length and strength to be resistant to hacking, 2) remind users what their password provides access to, and 3) remind students not to share their login credentials.

In addition to creating a strong password, the College uses Multi-factor Authentication (MFA), which connects password creation to authenticate user identities using a time-based, one-time password via a user’s personal email or cell phone.  This process provides a second layer of security that helps minimize security issues when users use weak passwords or the same password for multiple accounts. The MFA process is used the first time a user signs into their SSO account after setting their password, as well as any time they sign in to the College’s SSO after closing their account or after system upgrades.

SPC logins direct the user to the Titan Hub landing page (Pathify) and provide secure access via SSO to all SPC systems including PeopleSoft Student Information System (SIS) functionality such as registration, Brightspace (D2L) learning management system which is branded as MyCourses, Microsoft 365 student email, and access to student support tools.

Online Proctored Testing & Charges

Prior to March 2020, St. Petersburg College used Proctorio to deliver remote proctored testing for midterm and final exams in some courses. Part of that service involved verifying the identity of the student who was testing. The Proctorio model charged the student directly for testing. Notes explaining that the testing fee could be charged were posted on each course section in the registration system.

As all instruction shifted to the online modality in March 2020, the College adopted Honorlock for remote proctored testing. Honorlock charges the institution directly, and those costs have been funded by the College to this day. SPC does not charge additional fees to recoup the cost of using the Honorlock platform or to verify student identity during online course testing.

Procedures for using Honorlock are shared with students via links from their course shells to the MyCourses Knowledge Base, as well as from course syllabi for courses that use this platform.  This link provides the minimum requirements for usage, privacy policies, acceptable forms of photo IDs, and FAQs.  Honorlock not only requires verification of student identity by matching photo ID to the test taker appearing on screen during the exam, it also closely monitors the testing environment and has a live proctor pop-in should anything seem amiss.

Students also have the option to make an appointment at any of the Campus testing centers to take their test in person. Students are required to verify their identity with Testing Center staff via photo ID, regardless of the testing location or modality.

Protecting Student Privacy

St. Petersburg College students have rights as afforded by the Family Educational Rights and Privacy Act (FERPA) which are delineated under the Board of Trustees Procedure P6Hx23-4.37. The College publishes the notification of FERPA Student Rights on the College website, the Student Handbook (p.56), the Privacy Policy website, and the Student Right to Know website, as well as course syllabi. Additionally, FERPA is discussed as part of the Employee Onboarding process, both on the new employee website, and as part of the onboarding presentation (p.92). This procedure provides details on what elements are included in Student Records, privacy protection of students and parents, right of privacy and disclosure of personally identifiable information in student records, and security of records.

Additional Board of Trustees Procedures regarding Privacy, Data Security, and Confidentiality of Student Records include:

• P6Hx23-6.899 Information Technology (IT) Security Program which describes how SPC employees gain access to college data
• P6Hx23-6.900 Technology Acceptable Use
• P6Hx23-6.9014 Technology Wireless Communications
• P6Hx23-4.23 Identification Cards

These written procedures explicitly outline the need for students to protect their passwords, prohibit sharing of passwords or use of another person’s identity, describe how SPC employees may have access to student data based on their job and the oversight of that access, as well as specifiy the use of SPC ID cards as an official form of verification.

The Academic Technology and Administrative Information Systems departments work together to protect information and deter breaches on college servers and connections to third-party servers used for student information and instruction.

Student Charges for Verification of Student Identity

SPC distance learning courses include a distance learning fee of $15.00 per credit. Dual Enrolled students are exempt from paying the distance learning fee for any online course they take.  No additional charges are associated with verifying student identity.