Quality systems to ensure privacy

Quality systems to ensure privacy

Last updated 4 February 2021
Last updated 4 February 2021

Guidance for TEOs on the privacy impact assessment process to manage risks.

Privacy impact assessment

Privacy risk is typically managed by a privacy impact assessment (PIA).

A PIA is a process to assess risks to privacy when you are changing a process or implementing new products or services. It is a tool to help you get it right. It is not a legal opinion or a compliance exercise to tick off on your path to approval.

Consider a PIA across all phases of a project/change:

  • Start: Complete an initial assessment pre-business case to identify any obvious privacy risks you need to be manage.
  • Design and development: During the design phase, identify, assess and manage risks. Keep a register of recommendations and decisions.
  • Before go live: Before implementation, check that risks have been mitigated appropriately. 
  • After implementation: Ensure that controls are operating as intended and address remaining recommendations.

Privacy impact assessment report

If you don’t have an organisational PIA process, you should complete this report when you want to use learner analytics at your TEO, to help mitigate risks before implementation.

First, complete the Privacy Impact Assessment Questionnaire to outline the different components of learner analytics at your TEO. Then get your privacy officer or a privacy expert to complete the Initial Privacy Impact Assessment Report to outline any risks that learner analytics may pose.

Download the:

Below are some common privacy risks and associated mitigations that might help to complete this process.

Highly complex learner analytics programmes may require a more thorough PIA, possibly by an external party. If in doubt, talk to your privacy officer or TEC.

You should be prepared to publish a PIA (or summary of it) on your organisation’s public website.

Common risks and mitigations

Risks to consider

How to mitigate these

Collecting data above and beyond the original or legal purpose risks breaching information privacy principle (IPP) 1 of the Privacy Act.

Set a clear purpose of collection and ensure that it is related to your functions as a TEO. Being transparent about this purpose through notices and detailed explanations to student participants will help ensure that additional information is not illegitimately collected.

A lack of transparency about data that is collected and how it is being used could risk breaching IPP 3 of the Privacy Act.

Website privacy notices, clear explanations on application forms or face-to-face conversations can aid transparency. Ensure that student consent processes are well explained, documented and able to be adjusted whenever the student requires it.

Careless security practices could result in accidental disclosures and susceptibility to theft by outside parties, and risk breaching IPP 5.

Reasonable steps must be taken to ensure the security of information. Consider whether data could be anonymised or de-identified and encrypted. Ensure that staff are trained in security and ethical data management.

Having no process in place to manage requests for access to or correction of information risks breaching IPPs 6 and 7.

Establish a dedicated address where people can submit access and correction requests. It is also a good idea to create a set of templates to acknowledge, transfer, accept and decline requests. Large TEOs may wish to invest in redaction software to support document collation.

Inaccurate or out-of-date information can skew results and not deliver the benefits intended, and risk breaching IPP 8.

Data must be accurate and up-to-date before use. The risk can be mitigated through regularly checking with participants to ensure details are correct. Human oversight can also improve results with tailored interventions.

Keeping information even when it is no longer useful, or the student has left your TEO, risks breaching IPP 9.

Make sure that your TEO has a retention policy and/or disposal authority to ensure that your records are appropriately archived or destroyed.

Finding a secondary use for the information you have collected on student risks a breach of IPP 10, particularly if they do not consent to this other use.

Ensure that staff are trained in ethical data analytics and know the legal exceptions for data use outside of the original purpose for collection. If you consider a secondary use ensure that each individual whose data will be used is informed of the change and consents to it.

Sharing the results of learner analytics could breach student privacy (and IPP 11) if their individual details are disclosed.

Interventions that come about as a result of learner analytics must be carefully managed, with the student fully aware of and involved in the process.

It may be tempting to share results of learner analytics to the academic community, but ensure that identifying information is removed from any published reports. If a cohort is small (i.e. fewer than 5 individuals) consider masking it (eg, <5).