Security and Standards


Trust and security are foundational to our company and how we engage with our clients and communities. Our IBM Corporate Social Responsibility team, in particular, pursues the highest standards of corporate responsibility in all we do. Therefore, personal data is handled with appropriate standards and care, and can be removed at any time by request.
To learn more, visit: IBM Trust Center


IBM SkillsBuild for Students and Educators is built on IBM’s YourLearning platform, the internal learning platform for hundreds of thousands of IBMers around the world, which complies with rigorous global privacy and security standards: General Data Protection Regulation (GDPR) and ISO/IEC 27001.

General Data Protection Regulation (GDPR) is a regulation in the European Union on data privacy and protection that gives individuals much greater control over how organizations/ companies process or control the processing of their personal data. It is generally considered the most stringent data protection regulation and became a model for most countries around the world. The California Consumer Privacy Act (CCPA) has many similarities to GDPR.

ISO/IEC 27001* is an international standard on managing information security management systems (ISMS). Certification for ISO 27001 ensures that security is actively considered and managed in all aspects of the system.

For more questions, please contact us at [email protected].

Security standards FAQs

  • We collect as little information as possible to protect user privacy and comply with data privacy standards. For each user, we collect the following required Personally Identifiable Information (PII):

    — Name
    — Email address
    — School/org affiliation (any individual sign-up is marked “Not-Applicable”)
    — Country
    — (For students affiliated with a school/organization): Assigned teacher/administrator/mentor
    — (For teachers/admins affiliated with a school/organization): Students who are assigned to them in the system
    — Age range (above/below the age of consent in your particular country)
    • Note – We do not ask for a specific birthdate, so this is not considered Sensitive Personal Information. We only ask for a year of birth to ensure we comply with local age of Digital Consent laws.
    • Note – For students who are below the age of consent for a particular country, we also collect their parent/guardian email address in order to gather and document parental consent for minors to use IBM SkillsBuild for Students and Educators.

    — Unique id (a unique identifier generated by IBM SkillsBuild for Students and Educators)

    During registration, we collect the following optional information to better understand our user base as a whole. The individual information is never shared with anyone outside of the core IBM SkillsBuild for Students and Educators team.

    — (For students): Grade level
    — (For teachers/admins): Subject taught — How you heard about IBM SkillsBuild for Students and Educators

    Once users begin using the platform, we collect the following usage metrics by user to issue learning credit and credentials to our users. We also collect usage metrics to monitor the health of the platform and assess impact.

    — # of learning hours completed
    — badges earned
    — courses queued, in progress, or completed

    These metrics are anonymized and aggregated when shared externally. No other demographic information or sensitive PII beyond the above is collected at this time for the core IBM SkillsBuild for Students and Educators experience.

  • As mentioned above, we are compliant with the major international privacy laws that have been passed since 2016: Global Data Privacy Regulations, California Consumer Privacy Act, and more international laws that are coming into effect in the near future. Given the absence of a U.S. national data security law, it is
    difficult to explicitly address each and every local law regarding data privacy across the 50 states. However, we remain confident that our privacy and security practices likely meet or exceed the requirements of those laws. If you are from a state or locality that does have a specific data security law on the books, our legal team can review to ensure specific compliance. Please just reach out to our IBM SkillsBuild for Students and Educators point of contact for more details.

  • Since IBM is a global company in compliance with Global Data Privacy Regulations (GDPR), we store our data
    in Frankfurt, Germany.

  • We must share certain data with vendors in order to deliver the IBM SkillsBuild for Students and Educators platform. The specific data we share with Chronus and Tribe (two of our vendors that add value to the user experience on the platform) is articulated above.
    In certain cases, we also share name, email address, and unique ID with 3rd-party content vendors in order to give users credit for learning completed on partner platforms. We have data privacy agreements with all third parties, and any data shared is transmitted and received through secure, encrypted channels. In addition, all vendors are required to abide by our digital privacy agreements so that your data is handled securely.