Instructure's Q1 Privacy Program Updates

Table of Contents

    Share
    Share

    At Instructure, we believe privacy is a fundamental human right and take our responsibility very seriously. We are committed to protecting your privacy, and as we continually improve our Privacy Program, we wanted to update you on our current privacy projects for Q1 of 2023.

    Organization Change Announcements 

    We have realigned our privacy organization to better serve our customers and help them meet their regulatory needs. This new organizational structure aligns our technical and operational privacy functions more closely with our security, product, and engineering teams. We appointed a new Chief Information Security & Privacy Officer, as well as a new Data Protection Officer to provide legal guidance and oversight for our global privacy program. 

    Privacy initiatives, risks, and requirements need commitment and support at the highest levels of the organization. To support this need, we established an enterprise cross-functional Privacy Steering committee to serve as an advisory across Instructure’s suite of products, advising on privacy best practices, standards, and obligations across the organization.

    Current State of Privacy Strategy

    We completed our TrustArc TRUSTe Enterprise Privacy Certification, ensuring that our privacy management practices meet global standards and frameworks. This certification is built upon the TrustArc Framework, which includes standards such as the OECD Privacy Guidelines, the APEC Privacy Framework, the EU General Data Protection Regulation, ISO 27001, and other global privacy laws and standards.

    Additionally, in support of our Transparency Principle, we have published our Government Request Policy which outlines how we will respond to governmental requests for our customer’s data. This policy can be found in our Privacy Hub on the Canvas Community website. We’ve also published our first transparency report for government requests, located here: 2022 Government Requests.

    What’s to Come

    There is a lot in the works for our privacy program. Over the next two years, we are working to build a privacy-first architecture. We will be doing this by strengthening access control measures for our customers and setting up local EU-based customer support teams.

    Further supporting our commitment to building a customer-focused privacy-first platform, we are also working to establish regional Privacy Customer Advisory Boards (CAB) throughout 2023, consisting of privacy leadership at our customer institutions. These CABs serve as a formal opportunity for customers to engage with the Instructure Privacy and Product teams on direction, best practices, and help shape the work we do.

    Additionally, in conjunction with outside counsel, we will be presenting multiple sessions at InstructureCon from July 26-28, 2023, focused on various privacy topics such as K-12 Privacy and international privacy.

    In Closing

    As always, our global Privacy Program is guided by our Mission Statement, which establishes, maintains, and demonstrates our corporate commitment to privacy as a core tenant of our business. 

    Mission Statement: As stewards of the data entrusted to us, Instructure is committed to protecting the information we receive by ensuring that it is only used to support students, institutions, and education. We achieve this mission through our foundational Privacy Principles.

    Transparency - We will ensure transparent data processing in all aspects of our business. 

    Accountability - We will demonstrate our commitment to privacy in concrete and tangible ways.

    Integrity - We will strive to ensure that the data entrusted to us is trustworthy, consistent, and accurate.

    Security - Will will implement and maintain appropriate technical, administrative, and organizational measures to protect data in accordance with regulatory requirements.
    Confidentiality - We will establish and maintain policies, procedures, and practices that limit access to data and protect against unlawful processing.

    Stay in the know.

    Subscribe to our blog and keep up-to-date with our latest insights, tips, and updates!