ISO/IEC 29187-1:2013 情報技術—学習、教育、トレーニング（LET）に関連するプライバシー保護要件の特定—パート1：フレームワークと参照モデル | ページ 3

1.3.1 機能サービスビュー (FSV)

この標準は、学習トランザクションの学習操作ビュー (LOV) の側面に焦点を当てており、学習要件を達成するために必要な技術的なメカニズムには関係しません。 LET コンテキストでは、LET 機能サービス ビュー (または LET-FSV) の FSV 定義は次のとおりです。

• Open-EDI s の実行をサポートするために必要な IT システム の情報技術相互運用性の側面に限定された トランザクションの学習 の観点
• [ISO/IEC 14662:2004, 3.10 から適応]

LET-FSV のさまざまな側面には、セキュリティ技術とサービス、通信プロトコルなどを含む機能サービス サポート ビュー (LET-FSV) の性質の要件の仕様が含まれます。これには、既存の ISO, IEC, UN/ECE, および/または ITU 規格によって承認されている既存の規格 (または FSV 性質の規格開発) が含まれます。

1 Scope

1.1 Statement of scope – ISO/IEC 29187 multipart standard

This (multipart) standard focuses on the identification of privacy protection requirements which apply to any JTC1/SC36 ITLET standard or LET activity which involves:

• 1) the identification of an individual, (e.g., as a learner or student, a teacher, professor, or instructor, an administrator, etc.), in the use and implementation of the JTC1/SC36 standard; and/or,
• 2) any standard which involves the recording of any information on or about an identifiable individual by any LET provider.

1.2 Statement of scope – part 1: Framework and Reference Model

Part 1 of this (multipart) standard identifies and summarizes principles governing privacy protection requirements which are generic in nature and applies them to the field of learning, education and/or training (LET). The LET transaction – Privacy Protection - Framework and Reference Model is learning transaction focused, rule-based, and conformant to the generic ISO/IEC Open-edi Reference Model. It maximizes re-use of existing ISO standards including applicable concepts and their definitions. LET privacy protection requirements are placed in the generic context of applicable public policy requirements, those pertaining to establishment and management of identities of an individual learner, as well as state changes and records retention requirements of personal information on or about an individual learner. This standard also incorporates best practices and policies as have already been implemented in LET environments in support of privacy protection requirements.

1.3 Exclusions

1.3.2 Overlap of and/or conflict among jurisdictional domains as sources of privacy protection requirements

A learning transaction requires an exchange of commitments among autonomous parties, i.e., an individual learner, a LET provider. Commitment is the making or accepting of a right, an obligation, liability or responsibility by a Person. In the context of a learning transaction, the making of commitments pertains to the transfer of a LET good, service and/or right among the Persons involved. In the past and still to a large extent today, the individual learner and the LET provider share the same jurisdictional domain. The advent of the Internet, online, distance, mobile, etc., learning has the result that parties to a learning transaction are often located in differing jurisdictional domains.

Consequently, it is not an uncommon occurrence depending on the goal and nature of the learning transaction that the Persons (and parties associated) are in different jurisdictional domains, and that, therefore, multiple sets of external constraints apply and overlap will occur. It is also not an uncommon occurrence that there is overlap among such sets of external constraints and/or conflict among them. This is also the case with respect to laws and regulations of a privacy protection nature. Resolving issues of this nature is outside the scope of this standard.

However, the modelling of learning transaction as scenarios and scenario components as re-useable business objects may well serve as a useful methodology for identifying specific overlaps and conflicts (thereby serving as a tool for their harmonization).

As such, the Open-edi descriptive techniques methodologies and constructs, can serve as a tool in harmonization and simplification of external constraints arising from jurisdictional domains.

1.3.3 Publicly available personal information

Excluded from the scope of this standard personal information which is publicly available, i.e., “publicly available personal information. In a learning transaction context, the LET provider does not collect personal information of this nature from the individual (particularly in the “planning phase” of the learning transaction process).

For example, the LET provider in advertising a new LET product or service to the market may access and use;

• 1) public personal information, i.e., publicly available personal information such as that found in telephone directories;
• 2) any personal information declared to be of a public information by a regular based on an law or regulation of the applicable jurisdictional domain; and/or;
• 3) that which the individual itself to make public, (e.g., via one or more Internet based applications such as “Facebook”, Twitter, letters to the editor, etc. These also include those applications where the individual decides not to invoke or use available “privacy settings”.

In a privacy protection context, publicly available personal information is defined as follows:

• personal information about an individual that the individual knowingly makes or permits to be made available to the public, or is legally obtained and accessed from: (a) government records that are available to the public; or, (b) information required by law to be made available to the public

  EXAMPLE 1

  Examples of personal information which an individual knowingly makes or permits to be made available include public telephone directories, advertisements in newspapers, published materials, postings of this nature on the internet, etc.

  EXAMPLE 2

  Examples of government records that are publicly available include registers of individuals who are entitled to vote, buy or sell a property, or any other personal information that a jurisdictional domain requires to be publicly available, etc.

Further, determining whether or not personal information is of a publicly available information nature is also excluded from the scope of this standard.

1.4 Aspects currently not addressed ¹¹⁾

This 1^st edition of ISO/IEC 29187-1 focuses on the essential, i.e., generic and primitive, aspects only. The purpose of this Clause is to identify aspects not currently addressed. These will be addressed either:

• 1) in an Addendum to this standard;
• 2) in the 2^nd edition of this standard;
• 3) through a new Part of this multipart standard; and/or
• 4) in a new ISO standard.

In this context, this 1^st edition of ISO/IEC 29187-1 does not currently support the following requirements:

• 1) the differences in equality in use of official languages by an individual, in being informed and exercising privacy protection rights within a jurisdictional domain ¹²⁾
• 2) the interworking between privacy protection and consumer protection requirements as two sets of external constraints applicable to an individual as a buyer in a learning transaction;
• 3) the identification and registration of schemas involving the control and management of legally recognized names (LRNs) as personas and associated unique identifiers for the unambiguous identification of an individual and/or the role qualification of an individual learner in a specific context;
• 4) the more detailed information management and audit requirements pertaining to ensuring privacy protection of personal information that should be enacted by and among organizations and public administrations as parties to a learning transaction;
• 5) the more detailed rules and associated text pertaining to the learning operational view perspective with respect to transborder data flows of personal information ¹³⁾
• 6) interoperation between jurisdictional domains where they do not possess defined equivalents to their privacy protection requirements or where privacy protection requirements are simply different.
• 7) the possible application of privacy protection requirements to personal information of an individual once deceased. On the whole, privacy protection requirements do not apply to an individual after his/her death. However, from a learning transaction perspective there may be some continuity in privacy protection requirements, (e.g., those pertaining to temporal aspects of post-actualization aspects of an instantiated learning transaction, (e.g., health care matters, warranties on products, service contracts, rights (including IP), etc.).

  NOTE 1 This may also include a settlement of wills, probate, investments, etc., pertaining to that individual once deceased or obligations of a LET provider to return “personal information” and a decrease “individual learner, (e.g., “student record”, granting of a degree, etc.)

  NOTE 2 Tax information filed has 4-6 records retention requirements in most jurisdictional domains. In some jurisdictional domains, tax matters are confidential and in others they are public. The status of personal information may change as a result of litigation.

  NOTE 3 Instantiated learning transactions not only may require personal information to be required to be retained but continue to be protected following the death of an individual, (e.g., many credit card agreements exist after the death of the credit card holder) the medical or psychological record of an individual learner.

  NOTE 4 As such, one may need to have an added Clause on privacy protection of personal information on individuals upon death of that individual (with most of these added requirements being addressed in the 2^nd edition of Part 1).

• 8) personal information found in journalistic reportsNot yet addressed in this 1^st edition of Part 1 is the use of personal information in a learning transaction which is found in journalistic reports including news items, public broadcasts, items published by news media about an individual, personal information made available by third parties on the internet, (e.g., via Google, Facebook, Twitter, etc.).The reasons here that a journalistic report containing personal information about an individual:
  • may contain inaccurate information, allegations, and thus should not (can not) be used as “personal information”;
  • may be subject to libel and other legal actions by the individual;
  • etc.

  Further issues pertaining to privacy protection versus journalistic reports on identified individuals resulting in the publishing personal information is a “grey area” which courts in various jurisdictional domains are addressing and thus not yet resolved.

• 9) This 1st edition does not address the question of negotiated consent but rather considers the simplest case that a learning transaction may be registered which includes a specific form of consent within it.

• 10) The use of biological characteristics and attributes of an individual which require their physical presence of an individual and are physically “taken” from an individual in a particular context and for a specified role action of an individual. These include the use of biometrics, biological (such as hair, blood, DNA samples), dentistry records, etc.

• 11) The application of the rights of individuals who are disabled as stated in the “UN Convention on the Rights of Persons with Disabilities” (2006) ¹⁴⁾ Of particular importance here is that this UN Convention takes as its basis the need to support individuals with disabilities to be a fully functioning member of society means that information necessary for these individuals to be able to make commitments including the undertaking of learning transactions shall be made available in a form and format so that the semantics are fully communicated, the individual is able to have informed consent, etc.

• 12) This 1st edition does not address the role of an “ombudsperson”, “Privacy Commissioner”, a “Data Protection Commissioner”, etc., who serve as an independent adjudicator of complaints, ensure compliance with privacy protection requirements (including of internally of the organization or public administration themselves). Many jurisdictional domains provide for the role of an ombudsperson.

• 13) Detailed rules pertaining to the use of agents and/or third parties by a LET provider in a learning transaction.

  This includes their qualification and assurance of compliance with applicable privacy protection requirements for the personal information pertaining to a learning transaction.

• 14) An agent acting on behalf of an individual learner

  An individual may request an agent to act on its behalf and this may or may not include the individual to require the agent not to reveal the individual identity or any personal information about the individual, i.e., as an anonymous “client” of the agent ¹⁵⁾

• 15) detailed rules governing the requirement to tag (or label) at the data elements (or field) level which form part of personal information of an individual generally as was as the business transactions(s) and associated LTIs.”

• 16) Internal behaviour of organizations (and public administration)

  Excluded from the scope of this standard is the application of privacy protection requirements within an organization itself. The Open-edi Reference Model, considers these to be internal behaviours of an organization and thus not germane to learning transactions (which focus on external behaviours pertaining to electronic data interchange among the autonomous parties to a learning transaction). As such, excluded from the scope of this standard are any:

  • a) internal use and management of recorded information pertaining to an identifiable individual by an organization (or public administration) within an organization; and,
  • b) implementation of internal information management controls, internal procedural controls or operational controls within an organization or public administration necessary for it to comply with applicable privacy requirements that may be required in observance of their lawful or contractual rights, duties and obligations as a legal entity in the jurisdictional domain(s) of which they are part.

• 17) “organizasation Person”

  From a public policy privacy protection requirements perspective an “organization Person” is a “natural person” who acts on behalf of and makes commitments of the organization (or public administration) of which that natural person is an “organization part”. But, as an “organization Person, they do not attract inherent rights to privacy.

  Examples of roles “organization Person” includes teacher, professor, instructor, tutor, administrator, contractor, consultant, etc., i.e., those working for an organization or public administration.

  As such, from a learning transaction perspective, it is an internal behaviour of an organization, as to who makes commitments on behalf of an organization or public administration. How and why organization Persons make decisions and commitments is not germane to the scope and purpose of the 1^st edition of this standard.{See further Part 1 of ISO/IEC 15944-1:2010, Clause 6.2 “Person and external constraints: Individual, organization, and public administration” as well as its Figure 17 “Illustration of commitment exchange versus information exchange for organization, organization part(s) and organization Person(s)”}

• 18) Specification of aspects related to functional support services (FSV) in an IT-platform neutral manner

• 19) Interoperability considerations of interfaces among different IT-systems.

1.5 IT-systems environment neutrality

This standard does not assume nor endorse any specific system environment, database management system, database design paradigm, system development methodology, data definition language, command language, system interface, user interface, syntax, computing platform, or any technology required for implementation, i.e., it is information technology neutral. At the same time, this standard maximizes an IT-enabled approach to its implementation and maximizes semantic interoperability.