Confidentiality of the Executive Assessment (EA) Score
Collection of Test-Taker Data
The Graduate Management Admission Council (GMAC) collects certain information from test-takers at registration and on the day of the test. When registering for the EA, students must provide their full legal name and contact information (postal address, telephone number, and email address) as well as gender, date of birth, ethnicity, and country of citizenship. Data collected at the test center includes photo identification, digital photograph, signature, palm vein pattern, and video and audio surveillance of the test's administration. Students also may voluntarily submit their education history, a list of schools to receive score reports, and their native language, and may also opt into receiving information about various products, services, and surveys. Voluntarily submitted information may be altered by the user at any time. Students may request the deletion of voluntary information and the deactivation of their user accounts by contacting GMAC.
GMAC's Use of Student Data
GMAC states that student information is collected for EA registration purposes, to conduct research, to comply with any applicable legal requirements, to promote exam security and integrity, and to process payment through third-party vendors. Research on the EA is generally done in aggregate form and without individually identifying test-takers. Palm vein patterns are kept for five years, and scores are kept for 10 years. GMAC does not give students access to audio or videotape of the test, or to test records such as exam questions, answers, or essays. Students may only alter the name given at registration under limited circumstances.
EA Score Privacy
Students who take the EA are required to sign a non-disclosure agreement in which they agree not to share the contents of the test with any third party by any means (conversation, email, internet post, etc.). Penalties for violation of the non-disclosure agreement may include cancellation of scores, bans on future test attempts, and civil or criminal penalties.
Applicable Federal and State Regulations
Test-taker data is subject to U.S. law. Since GMAC is headquartered in the Commonwealth of Virginia, all legal actions that involve GMAC privacy policies must be filed in that jurisdiction. When scores are sent to institutions, the laws of the states or countries in which those schools are located also apply. In terms of federal protections for student data, the most relevant statute is the Family Educational Rights and Privacy Act (FERPA). FERPA gives students certain rights that concern their "education records," of which test scores are a part. FERPA severely limits the disclosure of education records without the student's consent. Most states do not regulate organizations such as GMAC, although California and Connecticut do offer some additional student data protections.