Somebody reviewing privacy issues in our e-learning came up with this question:
Does Moodle pass any personal user data when launching a SCORM package?
Can't find anything on this in the Moodle documentation.
Typically the SCORM package sits within your LMS and does not communicate externally outside of the LMS so all the data is stored within your LMS.
The SCORM standard does allows SCORM packages to request the users id (Moodle passes the username in this instance) and the users name.
In most cases - this is just so the users full name can be displayed within the package itself (Hi Dan, welcome to this learning package) and it is not sent outside Moodle to any external system.
But.... There are a few edge cases to be aware of.
1) AICC HACP - This is a type of content package that is hosted externally to your LMS - it is disabled by default but if enabled, allows a teacher to add an AICC HACP content package to a course using the SCORM plugin. Usually these are commercial off-the-shelf content packages that you would be paying a subscription license for.
AICC settings in Moodle allow you to choose if the username or user->id field is sent in the external request and like mentioned above, it can also request the users full-name.
2) SCORM packages can be developed by anyone external and can include any javascript/tracking codes they want to. If you're familiar with things like Google analytics tracking codes - something quite similar could be implemented within the SCORM package by the SCORM author - This will all be done in the users browser session, so you'd be able to see it in the browser console while watching network traffic, but as the scorm package can access the username and fullname of the user accessing the package, it's possible that the tracking data could send this information to an external site
hope that helps!
The SCORM standard does allows SCORM packages to request the users id (Moodle passes the username in this instance) and the users name.
In most cases - this is just so the users full name can be displayed within the package itself (Hi Dan, welcome to this learning package) and it is not sent outside Moodle to any external system.
But.... There are a few edge cases to be aware of.
1) AICC HACP - This is a type of content package that is hosted externally to your LMS - it is disabled by default but if enabled, allows a teacher to add an AICC HACP content package to a course using the SCORM plugin. Usually these are commercial off-the-shelf content packages that you would be paying a subscription license for.
AICC settings in Moodle allow you to choose if the username or user->id field is sent in the external request and like mentioned above, it can also request the users full-name.
2) SCORM packages can be developed by anyone external and can include any javascript/tracking codes they want to. If you're familiar with things like Google analytics tracking codes - something quite similar could be implemented within the SCORM package by the SCORM author - This will all be done in the users browser session, so you'd be able to see it in the browser console while watching network traffic, but as the scorm package can access the username and fullname of the user accessing the package, it's possible that the tracking data could send this information to an external site
hope that helps!
Thank you very much Dan, that was exactly the answer I was looking for.