We know that it is important for you to understand where your data is and what it is used for. This is an essential part of a school’s obligation as a Data Controller under DPA, and will receive even further scrutiny as we move into the era of GDPR in May 2018. The purpose of this article is to explain how we treat data in two key areas.
MIS and Active Directory to RM Unify
In order to provision accounts to cloud apps and provide users with SSO (Single Sign On) RM Unify extracts data from your MIS and Active Directory and stores it in the cloud. The data collected depends on which data sources you have chosen to connect:
- MIS only
- Active Directory only
- MIS and Active Directory
In some cases we always collect a particular attribute, for example User Role. Others are optional depending if the data has been submitted, for example Surname from the AD or D.O.B. from the MIS. There are other attributes we never collect, for example password recovery email.
RM Unify to App
As an RM Unify admin you decide what apps to connect. As part of the app installation process RM Unify Admins are required to review and accept each Apps individual data requirements. During the process we remind you of the significance of connecting the app and at the same time clearly display the data release policy. We keep a record of all App sign-ups for auditing purposes.
Full details of the processes described here can be found in the related TEC article http://support.rm.com/TechnicalArticle.asp?cref=TEC5891006&nav=0&referrer=rss which in turn links out to related documents.
Related Blogs
- http://www.rm.com/blog/2017/august/rm-unify-and-data-retention
- http://www.rm.com/blog/2017/july/rm-unify-and-information-security