Frameworks and principles

Frameworks and principles

Last updated 4 February 2021
Last updated 4 February 2021

TEOs can adapt these aspirations and principles to guide their approach to using learner analytics.

Aspirations and principles

Ethical and privacy issues in learner analytics include:

  • the conditions for the collection or aggregation of data
  • informed consent
  • de-identification of data
  • transparency
  • data security
  • interpretation of data, and
  • data classification and management.

Adapt these aspirations and principles to guide your approach


To ethically employ student data analytics in order to support personal academic success and improve enrolments and retention within the TEO.

To ensure that all use of student data at the TEO is carried out ethically and in accordance with all legal requirements and TEO policy, including Te Tiriti o Waitangi.


  1. The purpose of and approach to analysis must be transparent.
  2. Quality systems must be in place to ensure accuracy and privacy.
  3. Analysis must be human-focused.
  4. Bias and discrimination must be identified and managed.
  5. Data will be used safely and securely.
  6. Analysis will be underpinned by Treaty of Waitangi principles.
  7. Governance will be in place ensuring analysis is lawful and ethical.
  8. Rules apply around the use of data in evaluations.

Adopt an ethical framework

TEOs are the trusted kaitiaki (custodians) of non-research data. You have a legal obligation to keep the information secure at all stages of collection, storage and analysis, and use it ethically and lawfully.

The law you need to follow is the Privacy Act 1993. This legislation sets out 12 information privacy principles to guide your data collection, security and use.

Ethical considerations need to go further than legislation.

Remember, even though you can collect, use and disclose the data in a way that’s legally compliant, you need to think about whether you should.

(PDF 135 KB)

A framework for the ethical use of student data analytics © Victoria University of Wellington, New Zealand 2020

  • Click on the image to view a larger version of the framework.

Privacy Act principles

New Zealand privacy law is governed by the Privacy Act 1993. You should familiarise yourselves with the 12 information privacy principles to begin.

1. Collection purpose: Only collect personal information if you really need it

  • There must be a lawful purpose for collecting information which is connected to a function or activity of your TEO.
  • When collecting information about a person, consider:
    • Do you really need all that information?
    • Is the information connected to one of your purposes?
    • What information do you need to help this person?
    • Can you achieve the same outcome with less information?

2. Information source: Get it straight from the person concerned

  • Collecting information directly from the person concerned is always the best approach. However, there can be situations where it’s not appropriate or possible to do this, and you need to collect the information from another party.
  • You can do this if the information is publicly available, if the person authorises it, or to maintain the law.
  • You can also collect personal information from another source if collecting it directly would compromise collection, endanger someone’s safety, or is not reasonably practical.

3. Transparency: Explain what you’re going to do with it

  • Being open and transparent is the key to collecting personal information. People have the right to know what information is being collected about them, what it will be used for, who will receive it and how long it will be kept.
  • You must tell people whether collection of personal information is authorised under law, whether they are required to provide the information, and the consequences of not providing it.
  • Being open and transparent also means telling people of their rights to access and correct their information.

4. Collection manner: Collect it legally and fairly

  • Information must always be collected in a lawful, fair and reasonable way. Be fair and respectful about how you get information.

5. Storage and security: Keep it safe and secure

  • Ensure personal information is not lost, modified, disclosed or accessed inappropriately.
  • Simple ways to protect the security of information include using encryption to transfer information and anonymising or de-identifying information where possible.

6. Access: Let the person see it if they ask to

  • Subject to certain conditions, people have the right to access their personal information if they request it. You have 20 working days from receiving the request to decide whether the information will be granted and to let the person know the outcome.

7. Correction: Let the person ask for it to be corrected

  • People have the right to ask for correction of the information held about them. You must either correct the information or decline the request and attach a note to the information stating that a correction was requested and what the request was.

8. Accuracy: Make sure it’s accurate and up to date before it gets used

  • Before you use or disclose information about a person you need to be confident that it’s accurate. That means making sure it’s up to date, complete, relevant and not misleading.

9. Retention: Dispose of it when it’s no longer needed

  • You must dispose of information when you no longer have a reason to retain it. You can’t keep information just because it might be useful in the future or for another purpose. If you have stated that you will destroy the information within a certain timeframe, you must do so.

10. Use: Use information only for the purpose it was collected for

  • Generally, you can only use information for the same reason that you collected the information.
  • If you need to use the information for a different purpose, get permission from the person to do this.
  • The exceptions to this are:
    • if the information is publicly available
    • the use is necessary to uphold or enforce the law
    • the use could prevent or reduce a serious threat to public health or safety, or
    • if the person is not identifiable (this involves more than just removing someone’s name).

11. Disclosure: Share information only if there is a good reason

  • You can share personal information outside your TEO if the reason for disclosing it is directly related to the reason you collected it.
  • You can also share personal information if:
    • the person gives permission
    • it is required to uphold the law or prevent a serious threat to someone
    • the information is already publicly available, or
    • the person can’t be identified in the information.

12. Unique identifiers: Only assign these to information where it’s clearly allowed

  • A unique identifier (such as a student ID) is assigned to a person to enable an agency to carry out its functions. Unique identifiers can only be assigned when certain of the person’s identity.