1. ACER School Support
  2. Your account
  3. Technical requirements, data and legal

Data privacy FAQs

Updated

ACER regularly assesses the information privacy impact of our school assessment services. This article contains a summary of privacy impact related questions frequently asked by schools and education authorities:

Policies, processes, and certifications

Data storage, technology, and security

Collection of information

Access and use of information

Policies, processes, and certifications

ACER’s privacy policy

https://www.acer.org/privacy

Online Assessment and Reporting System terms and conditions

https://oars.acer.edu.au/terms-conditions

ISO/IEC 27001:2022 standard certification

ISO/IEC 27001:2022 is the latest version of the international standard for Information Security Management Systems (ISMS). This standard provides an internationally recognised framework for organisations to systematically and effectively manage and protect their information assets. The ISMS pertaining to ACER’s Online Assessment and Reporting System has been ISO/IEC 27001 certified since 2021.

Safer Technologies 4 Schools (ST4S) Product Badge Program

ACER's Online Assessment and Reporting System has successfully qualified to be part of the Safer Technologies 4 Schools (ST4S) Product Badge Program in 2023.

The Safer Technologies 4 Schools (ST4S) service is a national standardised approach to evaluating digital products and services used by schools across Australia. It is supported by the state and territory governments and the Catholic and independent school sectors. Learn more at www.st4s.edu.au.

Data storage, technology, and security

Where are the Online Assessment and Reporting System data stored?

All system data are stored on the Amazon Web Services (AWS) cloud in Sydney.

How long are data retained in ACER’s Online Assessment and Reporting System?

Data are retained for 13 years unless a client requests data to be erased earlier.

Are data stored on devices?

Data are only stored on devices when downloaded from ACER's Online Assessment and Reporting System and saved by users.

Collection of information

What student personal information is collected in ACER’s Online Assessment and Report System?

The following personal student information may be collected:

  • Given name
  • Family name
  • Middle names
  • Username
  • Password
  • Gender (M, F, X)
  • Date of birth
  • Year Level

Can students remain anonymous in ACER’s Online Assessment and Reporting System?

Yes, you may opt to enter a pseudonym for a student or choose not to create a student record.

Is it necessary to provide a date of birth for each student?

The system requires a date of birth for each student, but it is possible to enter a false date (e.g. 1/1/2024) in lieu of the student’s actual date of birth.

Are unique student identifiers required in the system?

No, but schools have the option of recording a Unique ID that may be used to align data across different school databases.

Does ACER’s Online Assessment and Reporting System create a unique student identifier?

Yes, when a student account is created in a school’s account a System ID is created. In the case of a student’s data being transferred to another school, a new System ID will be created in the new school’s account.

Are other demographic data or potentially sensitive information captured in ACER’s Online Assessment and Reporting System?

System users have the option of creating tags for each student that may be based on demographic or sensitive information. The creation of tags is optional.

Access and use of information

Who can view data in the Online Assessment and Reporting System?

Each school is provided with a unique account and URL to prevent unauthorised access to data. These accounts may be viewable by a ‘system super user’ where a school’s licence agreement is managed by an education authority. ACER technical support staff may also have access to view a school’s data.

Are data provided to third parties?

Not unless there is an explicit agreement between ACER and an education authority.

Are students’ data transferred between schools?

Not unless there is an explicit agreement between ACER and an education authority or schools.

Is access to the Online Assessment and Reporting System role-based?

Yes, access to data and the system is role-based and the user's role within the system (for example ‘Teacher’ or ‘Student’) defines what account functionality they have access to once they are logged in. School staff can be assigned one of three roles:

Client Administrators have the rights to:

  • Complete purchases in the Store
  • Edit the school’s account details (contact, enrolments, school hours etc.)
  • View, add and edit student information
  • Assign tests to students
  • View, create, edit and delete staff logins
  • Generate reports

Candidate Managers have the rights to:

  • View, add and edit student information
  • Assign tests to students

Report Generators have the rights to:

How does ACER handle unsolicited personal information sent via unsecured channels, such as email?

Senders are asked to only supply personal information necessary for the use of ACER’s services and to do so by secure means. If the ACER support team receives more personal information than they need to perform their job, or if they receive information via an inappropriate channel, such as email, the data are deleted and the sender is notified.

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

ACER Discover
News and expert insights on educational research and developments around the world
Team registrations now open
Challenge students to use mathematics to make a difference to the world around them