iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 29187-1:2013

(Main)

Information technology — Identification of privacy protection requirements pertaining to learning, education and training (LET) — Part 1: Framework and reference model

Information technology — Identification of privacy protection requirements pertaining to learning, education and training (LET) — Part 1: Framework and reference model

ISO/IEC 29187-1:2013 has been developed to support modelling generic international requirements for identifying and providing privacy protection of personal information throughout any kind of ICT-based learning transaction where the individual has the role of an individual learner. It provides users and designers with a methodology and tools addressing privacy protection and related requirements imposed by applicable jurisdictional domains. ISO/IEC 29187-1:2013 takes the "learning operational view" (LOV) aspects based on the ISO/IEC 14662 Open-edi Reference Model (a freely available ISO standard) together with applicable ISO standards including ISO/IEC 15944-1 and ISO/IEC 15944‑5 (also available without charge) as well as many other international referenced specifications. ISO/IEC 29187-1:2013 models the requirements of jurisdictional domains as external constraints upon the creation, use, interchange, and information life cycle management of personal information. ISO/IEC 29187-1:2013 addresses the specified context of public policy requirements of jurisdictional domains controlling the use of personal information (PI). These include regulations for consumer protection, privacy protection, individual accessibility, etc. ISO/IEC 29187-1:2013 in a LET context identifies and expands upon eleven generic, primitive, international principles that have been associated with privacy protection requirements by international, regional, and UN member states. It models them with respect to the "collaboration space" of a learning transaction and commitment exchange involving an individual acting in the role of an individual learner. In a LET context, it provides principles and rules governing the establishment, management and use of identifiers of that individual, including the use of legally recognized names (LRNs), recognized individual identity (rii), and methods of non-identification, such as the use of anonymization and pseudonymization of personal information. ISO/IEC 29187-1:2013 also sets out principles governing information lifecycle management (ILCM) as well as the rules and associated coded domains for obtaining informed consent for collection, specifying state changes, records retention, record deletion and related matters in support of privacy protection requirements.

Technologies de l'information — Identification des exigences de protection privée concernant l'apprentissage, l'éducation et la formation (AÉF) — Partie 1: Cadre général et modèle de référence

General Information

Status
Published
Publication Date
05-Feb-2013
ICS
03.100.30 - Management of human resources
35.240.90 - IT applications in education
35.240.99 - IT applications in other fields
Technical Committee
ISO/IEC JTC 1/SC 36 - Information technology for learning, education and training
Drafting Committee
ISO/IEC JTC 1/SC 36 - Information technology for learning, education and training
Current Stage
9093 - International Standard confirmed
Start Date
18-Apr-2025
Completion Date
19-Apr-2025
Ref Project

Relations

Revised
ISO/IEC CD 29187-1 - Information technology — Identification of privacy protection requirements pertaining to learning, education and training (LET) — Part 1: Framework and reference model
Effective Date
16-Jan-2016

Buy Standard

ISO/IEC 29187-1:2013 - Information technology — Identification of privacy protection requirements pertaining to learning, education and training (LET) — Part 1: Framework and reference model Released:2/6/2013ISO/IEC 29187-1:2013 - Information technology — Identification of privacy protection requirements pertaining to learning, education and training (LET) — Part 1: Framework and reference model Released:2/6/2013
PreviousNext
Standard
ISO/IEC 29187-1:2013 - Information technology — Identification of privacy protection requirements pertaining to learning, education and training (LET) — Part 1: Framework and reference model Released:2/6/2013
English language
181 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 29187-1:2013 - Information technology -- Identification of privacy protection requirements pertaining to learning, education and training (LET)ISO/IEC 29187-1:2013 - Information technology -- Identification of privacy protection requirements pertaining to learning, education and training (LET)
PreviousNext
Standard
ISO/IEC 29187-1:2013 - Information technology -- Identification of privacy protection requirements pertaining to learning, education and training (LET)
English language
181 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 29187-1
First edition
2013-02-15
Information technology — Identification
of privacy protection requirements
pertaining to learning, education and
training (LET) —
Part 1:
Framework and reference model
Technologies de l'information — Identification des exigences de
protection privée concernant l'apprentissage, l'éducation et la formation
(AÉF) —
Partie 1: Cadre général et modèle de référence

Reference number
©
ISO/IEC 2013
©  ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved

Contents Page
Foreword . vii
0  Introduction . ix
0.1  Purpose and overview . ix
0.2  Benefits of using a multipart ISO/IEC 29187 standard approach . ix
0.3  Informed consent and learning transaction . x
0.4  Use of "jurisdictional domain", jurisdiction, country . xi
0.5  Use of “Person”, “individual”, “organization”, “public administration” and “person” in
the context of a learning transaction . xii
0.6  Importance of definitions and terms . xiii
0.7  Standard based on rules and guidelines . xiv
0.8  Size of document and role of “Part 1 Framework and Reference Model” . xiv
0.9  Use of “identifier” (in a learning transaction) . xv
0.10  Use of “privacy protection” in the context of a commitment exchange and learning
transaction . xv
0.11  Organization and description of document . xv
1  Scope . 1
1.1  Statement of scope – ISO/IEC 29187 multipart standard . 1
1.2  Statement of scope – part 1: Framework and Reference Model . 1
1.3  Exclusions . 1
1.3.1  Functional services view (FSV) . 1
1.3.2  Overlap of and/or conflict among jurisdictional domains as sources of privacy protection
requirements . 2
1.3.3  Publicly available personal information. 2
1.4  Aspects currently not addressed . 3
1.5  IT-systems environment neutrality . 6
2  Normative references . 7
2.1  ISO/IEC, ISO and ITU . 7
2.2  Referenced specifications . 9
3  Terms and definitions . 9
4  Symbols and acronyms . 39
5  Fundamental principles and assumptions governing privacy protection requirements in
learning transactions involving individual learners (external constraints perspective) . 41
5.1  Introduction and sources of requirements . 41
5.2  Exceptions to the application of the privacy protection principles . 43
5.3  Fundamental Privacy Protection Principles . 44
5.3.1  Privacy Protection Principle 1: Preventing Harm . 44
5.3.2  Privacy Protection Principle 2: Accountability . 44
5.3.3  Privacy Protection Principle 3: Identifying Purposes . 48
5.3.4  Privacy Protection Principle 4: Informed Consent . 48
5.3.5  Privacy Protection Principle 5: Limiting Collection . 50
5.3.6  Privacy Protection Principle 6: Limiting Use, Disclosure and Retention . 51
5.3.7  Privacy Principle 7: Accuracy . 55
5.3.8  Privacy Protection Principle 8: Safeguards . 56
5.3.9  Privacy Protection Principle 9: Openness . 57
5.3.10  Principle 10: Individual Access . 57
5.3.11  Privacy Protection Principle 11: Challenging Compliance . 59
5.4  Requirement for tagging (or labelling) data elements in support of privacy protection
requirements . 60
6  Collaboration space and privacy protection . 63
© ISO/IEC 2013 – All rights reserved iii

6.1  Introduction .63
6.2  Privacy collaboration space: Role of individual learner, LET provider and regulator .63
6.3  Learning collaboration space (of a learning transaction) .65
7  Public policy requirements of jurisdictional domains .67
7.1  Introduction .67
7.2  Jurisdictional domains and public policy requirements .67
7.2.1  Privacy protection.68
7.2.2  Consumer protection .69
7.2.3  Individual accessibility .70
7.2.4  Human rights .71
7.2.5  Privacy as a right of an “individual” and not right of an organization or public
administration .72
7.2.6  Need to differentiate between “privacy protection” and “confidentiality”, “security”, etc. .72
8  Principles and rules governing the establishment, management and use of identities of
an individual (and “individual learner”) .73
8.1  Introduction .73
8.2  Rules governing the establishment of personae, identifiers and signatures of an
individual .74
8.3  Rules governing the assignment of unique identifiers to an individual by Registration
Authorities (RAs) .80
8.4  Rules governing individual identity (ies), authentication, recognition, and use .80
8.5  Legally recognized individual identity(ies) (LRIIs) .85
9  Person component – individual sub-type .87
9.1  Introduction .87
9.2  Role qualification of a Person as an individual (learner).87
9.3  Persona and legally recognized names (LRNs) of an individual .88
9.4  Truncation and transliteration of legally recognized names of individuals .88
9.5  Rules governing anonymization of individuals in a learning transaction .89
9.6  Rules governing pseudonymization of personal information in a learning transaction .91
10  Process component .93
10.1  Introduction .93
10.2  Planning .93
10.3  Identification .94
10.4  Negotiation .94
10.5  Actualization .94
10.6  Post-Actualization .95
11  Data (element) component of a learning transaction .97
11.1  Introduction .97
11.2  Rules governing the role of Learning Transaction Identifier (LTI) in support of privacy
protection requirements .97
11.3  Rules governing state of change management of learning transactions in support of
privacy protection requirements .98
11.4  Rules governing records retention of personal information in a learning transaction .99
11.5  Rules governing time/date referencing of personal information in a learning transaction .99
12  Conformance statement . 101
12.1  Introduction . 101
12.2  Conformance to the ISO/IEC 29187-1 Reference Model . 102
12.3  Conformance to ISO/IEC 29187-2+ parts . 102
Annex A (normative) Consolidated list of terms and definitions with cultural adaptability:
ISO English and ISO French language equivalency . 103
A.1  Introduction . 103
A.2  ISO English and ISO French .
...


INTERNATIONAL ISO/IEC
STANDARD 29187-1
First edition
2013-02-15
Information technology — Identification
of privacy protection requirements
pertaining to learning, education and
training (LET) —
Part 1:
Framework and reference model
Technologies de l'information — Identification des exigences de
protection privée concernant l'apprentissage, l'éducation et la formation
(AÉF) —
Partie 1: Cadre général et modèle de référence

Reference number
©
ISO/IEC 2013
©  ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved

Contents Page
Foreword . vii
0  Introduction . ix
0.1  Purpose and overview . ix
0.2  Benefits of using a multipart ISO/IEC 29187 standard approach . ix
0.3  Informed consent and learning transaction . x
0.4  Use of "jurisdictional domain", jurisdiction, country . xi
0.5  Use of “Person”, “individual”, “organization”, “public administration” and “person” in
the context of a learning transaction . xii
0.6  Importance of definitions and terms . xiii
0.7  Standard based on rules and guidelines . xiv
0.8  Size of document and role of “Part 1 Framework and Reference Model” . xiv
0.9  Use of “identifier” (in a learning transaction) . xv
0.10  Use of “privacy protection” in the context of a commitment exchange and learning
transaction . xv
0.11  Organization and description of document . xv
1  Scope . 1
1.1  Statement of scope – ISO/IEC 29187 multipart standard . 1
1.2  Statement of scope – part 1: Framework and Reference Model . 1
1.3  Exclusions . 1
1.3.1  Functional services view (FSV) . 1
1.3.2  Overlap of and/or conflict among jurisdictional domains as sources of privacy protection
requirements . 2
1.3.3  Publicly available personal information. 2
1.4  Aspects currently not addressed . 3
1.5  IT-systems environment neutrality . 6
2  Normative references . 7
2.1  ISO/IEC, ISO and ITU . 7
2.2  Referenced specifications . 9
3  Terms and definitions . 9
4  Symbols and acronyms . 39
5  Fundamental principles and assumptions governing privacy protection requirements in
learning transactions involving individual learners (external constraints perspective) . 41
5.1  Introduction and sources of requirements . 41
5.2  Exceptions to the application of the privacy protection principles . 43
5.3  Fundamental Privacy Protection Principles . 44
5.3.1  Privacy Protection Principle 1: Preventing Harm . 44
5.3.2  Privacy Protection Principle 2: Accountability . 44
5.3.3  Privacy Protection Principle 3: Identifying Purposes . 48
5.3.4  Privacy Protection Principle 4: Informed Consent . 48
5.3.5  Privacy Protection Principle 5: Limiting Collection . 50
5.3.6  Privacy Protection Principle 6: Limiting Use, Disclosure and Retention . 51
5.3.7  Privacy Principle 7: Accuracy . 55
5.3.8  Privacy Protection Principle 8: Safeguards . 56
5.3.9  Privacy Protection Principle 9: Openness . 57
5.3.10  Principle 10: Individual Access . 57
5.3.11  Privacy Protection Principle 11: Challenging Compliance . 59
5.4  Requirement for tagging (or labelling) data elements in support of privacy protection
requirements . 60
6  Collaboration space and privacy protection . 63
© ISO/IEC 2013 – All rights reserved iii

6.1  Introduction .63
6.2  Privacy collaboration space: Role of individual learner, LET provider and regulator .63
6.3  Learning collaboration space (of a learning transaction) .65
7  Public policy requirements of jurisdictional domains .67
7.1  Introduction .67
7.2  Jurisdictional domains and public policy requirements .67
7.2.1  Privacy protection.68
7.2.2  Consumer protection .69
7.2.3  Individual accessibility .70
7.2.4  Human rights .71
7.2.5  Privacy as a right of an “individual” and not right of an organization or public
administration .72
7.2.6  Need to differentiate between “privacy protection” and “confidentiality”, “security”, etc. .72
8  Principles and rules governing the establishment, management and use of identities of
an individual (and “individual learner”) .73
8.1  Introduction .73
8.2  Rules governing the establishment of personae, identifiers and signatures of an
individual .74
8.3  Rules governing the assignment of unique identifiers to an individual by Registration
Authorities (RAs) .80
8.4  Rules governing individual identity (ies), authentication, recognition, and use .80
8.5  Legally recognized individual identity(ies) (LRIIs) .85
9  Person component – individual sub-type .87
9.1  Introduction .87
9.2  Role qualification of a Person as an individual (learner).87
9.3  Persona and legally recognized names (LRNs) of an individual .88
9.4  Truncation and transliteration of legally recognized names of individuals .88
9.5  Rules governing anonymization of individuals in a learning transaction .89
9.6  Rules governing pseudonymization of personal information in a learning transaction .91
10  Process component .93
10.1  Introduction .93
10.2  Planning .93
10.3  Identification .94
10.4  Negotiation .94
10.5  Actualization .94
10.6  Post-Actualization .95
11  Data (element) component of a learning transaction .97
11.1  Introduction .97
11.2  Rules governing the role of Learning Transaction Identifier (LTI) in support of privacy
protection requirements .97
11.3  Rules governing state of change management of learning transactions in support of
privacy protection requirements .98
11.4  Rules governing records retention of personal information in a learning transaction .99
11.5  Rules governing time/date referencing of personal information in a learning transaction .99
12  Conformance statement . 101
12.1  Introduction . 101
12.2  Conformance to the ISO/IEC 29187-1 Reference Model . 102
12.3  Conformance to ISO/IEC 29187-2+ parts . 102
Annex A (normative) Consolidated list of terms and definitions with cultural adaptability:
ISO English and ISO French language equivalency . 103
A.1  Introduction . 103
A.2  ISO English and ISO French .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 19788-7:2019(Main)
Information technology — Learning, education and training — Metadata for learning resources — Part 7: Bindings

This document provides RDF mappings of the different MLR entities introduced in the MLR framework (ISO/IEC 19788‑1 and its amendment): data element specifications (DESs), resource classes (RCs), data elements (DEs), application profiles (APs), MLR records and data element group specifications (DEGSs). This document associates HTTP IRIs (linguistically neutral and linguistic) to conceptual MLR entities denoted by MLR identifiers. This is needed for the management of MLR entities and their versions. Moreover, this document provides excerpts of an OWL 2 DL ontology for the resource classes and data element specifications (properties) introduced in the ISO/IEC 19788 series.

  • Standard
    113 pages
    English language
    sale 15% off
ISO
ISO/IEC 19479:2019(Main)
Information technology for learning, education, and training — Learner mobility achievement information (LMAI)

This document defines a model for the recording and exchange of learner achievement information among student information systems (SIS) (also known as student management information systems), as well as the aggregation of information by third party suppliers. In addition, this document defines refinements to the learner mobility achievement award (LMAI) model for representing the digital diploma supplement (DDS). NOTE The proposed model proposed is not intended to define the representation of the entire spectrum of learner mobility information but to define the formally structured representation of official, institutionally attested achievement information for learners engaged in formal learning processes, in order to facilitate its recording and subsequent exchange within any international area within which learner mobility is possible. Achievement information structured and presented in compliance with this document could, of course, be used for other purposes, for instance, to provide descriptions of achievement to enrich a learner-owned report in an e-portfolio. However, guidance on the document and the organisation of information for purposes other than the representation of formal achievement reports is outside the scope of this document.

  • Standard
    27 pages
    English language
    sale 15% off
  • Standard
    27 pages
    English language
    sale 15% off
ISO
ISO/IEC 40180:2017(Main)
Information technology — Quality for learning, education and training — Fundamentals and reference framework

ISO/IEC 40180 provides the fundamentals and the reference framework for quality assurance, quality management and quality improvement in IT-enhanced learning, education and training (called E-Learning). It consists mainly of the Quality Reference Framework (QRF) for E-Learning, which is a common and generic framework to describe, specify and understand critical properties, characteristics and metrics of quality. The QRF combines an elaborated and extensive process model with a descriptive model for the processes. ISO/IEC 40180 harmonizes existing approaches, concepts, specifications, terms and definitions related to quality for E-Learning, education and training.

  • Standard
    67 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 20748-2:2017(Main)
Information technology for learning, education and training — Learning analytics interoperability — Part 2: System requirements

ISO/IEC TR 20748-2:2017 specifies system requirements for learning analytics systems and services. Learning analytics systems and services are assumed to be composed of independent processes and applications having diverse purposes. To improve efficiency for communication and operation between systems and/or services, the system requirements identify each system's role, capability and recommended performance, etc. The system requirements are based on ISO/IEC TR 20748‑1 and additional use cases came from the National Bodies and Liaison Organizations (NBLOs).

  • Technical report
    13 pages
    English language
    sale 15% off
  • Technical report
    13 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 19788-11:2017(Main)
Information technology — Learning, education and training — Metadata for learning resources — Part 11: Migration from LOM to MLR

ISO/IEC TR 19788-11:2017 provides guidance in the form of rules and heuristics for the development of a conversion script from an IEEE 1484.12.1-2002 (LOM) record to an MLR data element set. Not all of LOM can be mapped to the MLR. As more parts are added to the ISO/IEC 19788 series, future version of this document is expected to provide a better coverage of the LOM metadata.

  • Technical report
    69 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 20748-1:2016(Main)
Information technology for learning, education and training — Learning analytics interoperability — Part 1: Reference model

ISO/IEC TR 20748-1:2016 specifies a reference model that identifies the diverse IT system requirements of learning analytics interoperability. The reference model identifies relevant terminology, user requirements, workflow and a reference architecture for learning analytics.

  • Technical report
    31 pages
    English language
    sale 15% off
ISO
ISO/IEC 19788-2:2011/Amd 1:2016(Amendment)
Information technology — Learning, education and training — Metadata for learning resources — Part 2: Dublin Core elements — Amendment 1: Non-literal content value data elements
  • Standard
    10 pages
    English language
    sale 15% off
  • Standard
    10 pages
    English language
    sale 15% off
ISO
ISO/IEC 19788-3:2011/Amd 1:2016(Amendment)
Information technology — Learning, education and training — Metadata for learning resources — Part 3: Basic application profile — Amendment 1
  • Standard
    27 pages
    English language
    sale 15% off
ISO
ISO/IEC 19788-9:2015(Main)
Information technology — Learning, education and training — Metadata for learning resources — Part 9: Data elements for persons

ISO/IEC 19788-9:2015 provides data elements for the description of persons (individual or organization) that are related to the description of a learning resource. These elements can later be combined with other descriptive elements from other type 1 parts of ISO/IEC 19788 or other standards to provide the description of a learning resource and of related entities needed for that description.

  • Standard
    23 pages
    English language
    sale 15% off
ISO
ISO/IEC 19788-8:2015(Main)
Information technology — Learning, education and training — Metadata for learning resources — Part 8: Data elements for MLR records

ISO/IEC 19788-8:2015 provides data elements for the description of MLR records: sets of data elements describing a learning resource [and resources directly related to that learning resource, e.g. persons (authors, contributors), annotations, learning activities, metadata records, etc.]. It can also be used to keep track of the record editing process including global metadata author identification, last record update, and application profile used for the description of a learning resource. These elements can later be combined with other descriptive elements from other parts of ISO/IEC 19788 or other standards to provide the description of a learning resource and of related entities needed for that description. ISO/IEC 19788-8:2015 enables the storage of learning resource description in the traditional database approach and the exchange of descriptions through harvesting mechanisms.

  • Standard
    29 pages
    English language
    sale 15% off