[Advisory] Sending pupil-level data outside of the school

[Crispin Weston]

I agree with Miles.
We have been having a similar discussion within SALTIS re.
VLE-to-learning-service interoperability, as part of the BECTA/ISB content
packaging profile discussions.
The position being taken by the requirements for this project is that there
should be a Chinese wall around the school platform (including MIS and VLE)
outside which student identity should not go. 
The VLE should therefore send to third-party content services a unique but
anonymous identifier for a student, as well as a term of address (and in
future, perhaps other key data for licensing purposes, such as school
membership, and for profiling purposes such as competency, preference and
accessibility data). 
So the content service would know that this was "Fred" with an ID of
"{25892e17-80f6-415f-9c65-7395632f0223}" who was the *same* Fred that did
some work last Friday - but nothing more.
I anticipate that the profile work will be backed by guidelines which would
make clear that, to preserve the anonymity of the identifier, compliant
content services should not solicit personal details from students.
I think the business of tracking "trusted" third-party services would be
bureaucratic nightmare, which would erect unnecessary barriers in the way of
new entrants to the market.
Crispin.

> -----Original Message-----
> From: advisory-admin@talk.naace.org [mailto:advisory-
> admin@talk.naace.org] On Behalf Of Miles Berry
> Sent: 02 December 2009 08:19
> To: advisory@talk.naace.org
> Subject: Re: [Advisory] Sending pupil-level data outside of the
> school
> 
> I'm a big fan of Google Apps for schools, and I could imagine others
> having a similar enthusiasm for live@edu, but have a nagging concern
> about using cloud based services to store pupil level data; I have a
> passing acquaintance with safe harbour agreements, and know Google
> are
> registered as part of the programme, but wonder if this is enough to
> set my mind at ease.
> 
> Best wishes,
> Miles.
> 
> 2009/12/2 Mike Bostock <mike@new-media-learning.org>:
> > This issue is an important one to get right.
> > If a school asks if it is safe to send pupil level data off to
> some company
> > or organisation, I am not sure what the authoritative answer would
> be.
> > It is a good one for Naace members to be certain of.
> >
> > Becta has a useful page at :
> >
> >
> http://schools.becta.org.uk/index.php?catcode=ss_lv_saf_dp_03&rid=14
> 734&section=lv
> >
> > There is a useful ‘Dos and Don’ts’ document which talks about
> using
> > encryption amongst other things.
> >
> > I would like to see some advice on how a school ensures how that
> data is
> > used once it gets to whoever it is intended for.  I would expect
> privacy
> > policies, Data Protection Act and CRB checks to be mentioned  -
> but I
> > haven’t yet discovered a good source of reference.
> >
> > Can anyone throw some light on whether there is a (short)
> statement that
> > would represent a good practical answer to the original question?
> >
> > Mike Bostock
> >
> ...
> 
> 
> 
> --
> Miles Berry
> Senior Lecturer, ICT | Roehampton University | roehampton.ac.uk |
> 0208 392 3241
> Community Manager | Open Source Schools | opensourceschools.org.uk |
> 07779 628656
> Blogger | milesberry.net
> Twit | twitter.com/mberry
> 
> _______________________________________________
> Advisory mailing list Advisory@talk.naace.org
> http://talk.naace.org/mm/listinfo/advisory
> To unsubscribe send a message to Advisory-admin@talk.naace.org with
> the body text:
> 
> unsubscribe Advisory YourEmailAddress
> 
> or: send a message to Advisory-request@talk.naace.org
> with the body text:
> 
> unsubscribe YourPassword YourEmailAddress