Privacy settings

Digital age of consent verification

New feature
in LMS 3.4!

In LMS 3.4.2 onwards, a ‘Digital age of consent verification’ may be enabled in ‘Privacy settings’ in the Site administration. The default digital age of consent, and the age in any country where it differs from the default, may be specified. Country codes are as specified in ISO 3166-2.

*, 16
AT, 14
ES, 14
US, 13

In the above list the default digital age is 16.

If self-registration AND ‘Digital age of consent verification’ are both enabled, when a new user clicks the ‘Create new account’ button, they will be prompted to enter their age and country. If the user’s age is lower than the age of consent for their country, they will see a message prompting them to ask their parent/guardian to contact the support contact (as specified in ‘Support contact’ in the Site administration).

Policy settings

• A site policy may be enabled by entering the URL in ‘Policy settings’ in the Site administration. The URL can point to any type of file anywhere online that can be accessed without a log in to your LMS. It is not recommended that a page resource is used as a site policy, since the site header will be repeated in the iframe (see MDL-30486).
• It is recommended that the site policy is on the same domain as LMS to avoid the problem of Internet Explorer users seeing a blank screen when the site policy is on a different domain.
• The site policy will be displayed in a frame. You can view it via the URL yourlmssite.org/user/policy.php.
• If Email-based self-registration is enabled on the site, a link to the site policy is displayed on the signup page.
• When a site policy URL is set, all users will be required to agree to it when they next log in before accessing the rest of the site.
• A site policy for guests may also be enabled. Guest users will need to agree to it before accessing a course with Guest access enabled.

(In versions of LMS prior to 3.4.2, the the Site policy URL and Site policy URL for guests settings were located in ‘Site policies’.)

Forcing users to log in

In Site policies in the Site administration:

• Force users to login by checking the forcelogin checkbox
• Keep “Force users to login for profiles” enabled to keep anonymous visitors and search engines away from user profiles

Enrollment key usage

If Self enrollment is used, in the Self enrollment settings in the Site administration:

• Enforce enrollment key usage by ticking the ‘Require enrollment key’ checkbox
• Enforce enrollment key complexity by ticking the ‘Use password policy’ checkbox
• Disable the enrollment key hint leaving the ‘Show hint’ checkbox unticked

Hiding user fields

Increase student privacy by hiding user fields which would normally appear on users’ profile pages, and in some cases on the course participants page.

The hiddenuserfields setting is in User policies in the Site administration.

User fields which may be hidden are:
Description, city/town, country, web page, ICQ number, Skype ID, Yahoo ID, AIM ID, MSN ID, first access, last access, last IP address and my courses.

See also

• Data privacy plugin The Data Privacy plugin forms part of LMS’s privacy feature set and will assist sites to become GDPR compliant. It requires LMS 3.4.2 or later and will be integrated in the LMS 3.5 release in May 2018.
• GDPR – GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union
• Student Privacy forum discussion

Any further questions?

Please post in the Security and Privacy forum on paradisolms.net.