This document explores how the ISO/IEC 29100 privacy framework can be applied to learning analytics, presenting a mapping between this standard and the developing ISO/IEC 20748 reference model. Key privacy requirements and principles are identified to aid in designing learning analytics systems and managing privacy risks. The paper outlines fundamental elements of privacy, including roles, safeguarding requirements, and principles essential for protecting personally identifiable information.

1. Mapping a Privacy Framework to
a Reference Model of Learning Analytics
Yong-Sang Cho, Tore Hoel and Weiqin Chen
Korea Education & Research Information Service
Yong-Sang Cho, Ph.D
zzosang@keris.or.kr
FB: /zzosang Twitter: @zzosang
LAK 2016 Workshop
April 25, 2016

2. “This paper is a first exploration of how the privacy framework found in the ISO/IEC 29100
standard could be applied to learning analytics. In this case study a mapping is provided
between the published ISO/IEC standard and the learning analytics framework under
development as a reference model for learning analytics, ISO/IEC 20748.
This mapping and the identified privacy requirements and principles will prove useful
in designing learning analytics system as well as performing risk management to avoid
privacy breaches.”
Abstract

3. Overview ISO/IEC 29100
ISO/IEC 29100 is an international standard providing a high-level framework for
the protection of Personally Identifiable Information (PII) within information and
communication technology (ICT) systems. This standard describes organizational
technical, and procedural aspects in overall privacy framework.
• specifying a common privacy terminology;
• defining the actors and their roles in processing PII;
• describing privacy safeguarding requirements; and
• referencing known privacy principles.

4. Basic Elements of Privacy Framework
• actors and roles;
• Interactions;
• recognizing PII;
• privacy safeguarding requirements;
• privacy policies; and
• privacy controls.

5. Basic Elements of Privacy Framework
• actors and roles;
• Interactions;
• recognizing PII;
• privacy safeguarding requirements;
• privacy policies; and
• privacy controls.
a) PII Principals
b) PII Controller
c) PII Processor
d) Third party

6. Basic Elements of Privacy Framework
• actors and roles;
• Interactions;
• recognizing PII;
• privacy safeguarding requirements;
• privacy policies; and
• privacy controls.
Provide PII between actors

7. Basic Elements of Privacy Framework
• actors and roles;
• Interactions;
• recognizing PII;
• privacy safeguarding requirements;
• privacy policies; and
• privacy controls.
a) Identifier
b) Other distinguishing
characteristics
c) Any information
linked to a PII principal
d) Pseudonymous data
e) Metadata
f) Unsolicited PII
g) Sensitive PII

8. Basic Elements of Privacy Framework
• actors and roles;
• Interactions;
• recognizing PII;
• privacy safeguarding requirements; Risk Management
• privacy policies; and
• privacy controls.

9. Basic Elements of Privacy Framework
• actors and roles;
• Interactions;
• recognizing PII;
• privacy safeguarding requirements;
• privacy policies; and
• privacy controls.
a) Provide framework
b) Satisfy privacy
safeguarding requirements

10. Basic Elements of Privacy Framework
• actors and roles;
• Interactions;
• recognizing PII;
• privacy safeguarding requirements;
• privacy policies; and
• privacy controls. to meet the privacy safeguarding
requirements identified
by the privacy risk assessment and
treatment process

11. Privacy Principles

12. Privacy Principles
1. Consent and choice
2. Purpose legitimacy and specification
3. Collection limitation
4. Data minimization
5. Use, retention and disclosure limitation
6. Accuracy and quality
7. Openness, transparency and notice
8. Individual participation and access
9. Accountability
10. Information security
11. Privacy compliance

13. ISO/IEC 29748-1 LAI - Reference Model

15. Adoption of
Privacy Framework to Learning Analytics

19. Questions?
Korea Education & Research Information Service
Yong-Sang CHO, Ph.D
zzosang@gmail.com
FB: /zzosang Twitter: @zzosang