COL's Policy on Online Data Protection

As an intergovernmental organisation, the Commonwealth of Learning (COL) is committed to the highest standards of privacy and protection of user information online. The purpose of this policy is to communicate the operational steps COL takes for the protection of data derived from COL’s public online services.

Data Collection

COL collects only a minimum of online data to meet the purpose of activities designed to fulfill its mission of increasing access to learning at all levels.

COL may collect personal identifiers such as the name, email, organisational affiliation, country, age and gender of a user that avails public online services provided by COL. Such data will be retained only for the period of time that is compatible with the purposes for which the data is collected.

Data Management and Control

Data collected online by COL staff and management is retained in servers that are wholly owned or managed by COL. COL deploys online security measures that are appropriate for an organisation of its size to ensure that the data held is secure and verifiable by an external auditor. Third-party access is not permitted at any time to data held in these servers.

Where practical, COL avails cloud computing services provided by reputable international companies. COL makes use of data centres of these services in locations where the laws and regulations guarantee that there will be no third-party access to data in any unauthorised manner.

COL may engage contractors and consultants that carry out specific operations online on behalf of COL. All such consultants and contractors are required to agree to legally binding conditions that are directly based on this policy. COL requests its institutional partners and collaborators in Commonwealth countries to adhere to a similar policy when they offer online services as part of a partnership with COL.

Data Oversight and Accountability

COL’s online data processes are monitored internally on a regular basis for breaches and security lapses and subject to external audits. Audit results are reported at the governance level.

COL’s Data Protection function is overseen by an internal committee comprised of senior management and other colleagues. A user may contact an official responsible for this function at DataProtection.

As part of this policy, COL will issue a data protection code for its staff, consultants and contractors and will provide adequate training to staff in this regard.

 

 May 2018