[Year 12 IT Apps] VCAA vs VCAA and the NPP's
Roland Gesthuizen
rgesthuizen at gmail.com
Sun Sep 9 10:58:52 EST 2012
Yes, there are some concerns about using any database identity number this
way as I notice has been happening with the CASES and VSN numbers. Glad
that this was raised with the other numbers.
The privacy legislation was the basis of the Ultranet generating and using
pseudo-random login codes .. e.g. gest1 gsth12 rges3 etc and my guess, why
staff can can easily request to change their edumail email address (done by
fiddling middle initials). For this reason, nobody can just look up my
payroll number, even though it is part of my edumail identity and DEECD
login, it isnt used to generate an email address and cannot be used as
another database index. Many schools are probably doing the right thing by
still using obscure and rather vapourous teacher timetable codes to login
and authenticate local network access.
Students cannot sign away their privacy with a consent form or get schools
off the hook for breaking the law. Being "easier" for the tech to ceate
accounts isnt an excuse to use a CASES or VSN number with another database,
say with logging and tracking student website usage after authentication,
print charging or other million uses that come to mind. Neither is the goal
of sign-in convenience.
It isnt all that hard to write some code and generate our own volatile
login identity or rely on full-name logins and we probably should have
taken this path.
Regards Roland
*Roland Gesthuizen* | eLearning Leader
Keysborough College
Acacia Campus | T +61 3 9798 1877
www.keysboroughsc.vic.edu.au
On 9 September 2012 10:16, Kevork Krozian <kevork at edulists.com.au> wrote:
> Hi Roland,****
>
> ** **
>
> Very topical as I have heard of some schools deciding to use the VSN as
> the new login codes especially when there are a number of students from
> outside schools who attend VET and similar courses and need access to the
> systems. These externals are from both government and private schools and
> will be given logon codes using their VSNs along with all the regular
> internal students ( no more Cases codes to logon ) starting from next
> year. ****
>
> ** **
>
> Section 7.2(b) of the NPP refers to the case where one or more exclusions
> of *2.1(e) to 2.1(h) (inclusive) apply to the use or disclosure*****
>
> The exclusion 2 (b) refers to the individual consenting to the use or
> disclosure ****
>
> ** **
>
> I wonder if students can be considered to be consenting to the disclosure
> when asked for their VSN to create a login account. Perhaps a form to sign
> that states by furnishing their VSN there are giving consent for its use
> within the limited purpose of identifying them uniquely to access the
> school’s IT facilities?****
>
> ** **
>
> Very interesting .****
>
> ** **
>
> Kevork Krozian****
>
> Edulists Creator Administrator****
>
> www.edulists.com.au****
>
> tel: 0419 356 034****
>
> ** **
>
> *From:* itapps-bounces at edulists.com.au [mailto:
> itapps-bounces at edulists.com.au] *On Behalf Of *Roland Gesthuizen
> *Sent:* Sunday, 9 September 2012 6:55 AM
>
> *To:* Year 12 IT Applications Teachers' Mailing List
> *Subject:* Re: [Year 12 IT Apps] VCAA vs VCAA and the NPP's****
>
> ** **
>
> Microchips and tattoos aside, there is a good privacy reason why teachers
> and schools cannot use particular numbers and from memory it has to do with
> data-linking and matching. I am just thinking this through aloud and I am
> not a lawyer so this is not to be taken as any form of legal advice.
> Still, have a glance at my concerns below.****
>
> ** **
>
> By illustration, whilst the Ultranet uses a VSN number to identify
> students and assist with record sharing between schools, it cannot be
> viewed or easily extracted. Instead, an different login code is generated
> for use by teachers and students. If a student changes schools, their login
> might change but at least their details and records will follow.****
>
> ** **
>
> http://www.vcaa.vic.edu.au/Documents/vsn/information_for_student.pdf <http://www.vcaa.vic.edu.au/Documents/vsn/information_for_student.pdf>
> ****
>
> "The information will be used only for educational purposes and the ways
> in which the VSN can be used is prescribed by legislation. The legislation
> also includes criminal offences for use of the data for other than the
> prescribed purposes. Commonwealth and State Privacy Principles have also
> been used to guide the design of the VSN system."****
>
> ** **
>
> When I mentioned this to my wife who works as a nurse, she remarked about
> the security around the patient identify number system that is in use by
> hospitals and the strict provisions governing its use.****
>
> ** **
>
>
> http://www.privacy.vic.gov.au/privacy/web2.nsf/pages/frequently-asked-questions-general-public
> ****
>
> IPP 7 Unique identifiers: A unique identifier is usually a number assigned
> to an individual in order to identify the person for the purposes of an
> organisation's operations. Tax File Numbers and Driver's Licence Numbers
> are examples. Unique identifiers can facilitate data matching. Data
> matching can diminish privacy. IPP 7 limits the adoption and sharing of
> unique identifiers. ****
>
> ** **
>
> Now it has me thinking that perhaps the current practice for schools to
> use a student CASES identity number may be in breach of just this
> information privacy principle. The CASES identifier is often regularly
> published, freely shared, used by other school databases and provided to
> TSSP contractors to set up these systems such as local network accounts or
> email addresses. It could be used to provide access to sensitive
> information about user access, notes or files. I suspect that this is a
> usage that should probably be discouraged as it edges well beyond the scope
> of the original reason and database for the identification number. By
> illustration, some schools use a locally generated timetable initial, not a
> teachers payroll or 'T0 number' to identify teachers and similarly, edumail
> uses a locally generated user name (sometimes with a middle initial tweak)
> not the T0 identifier to generate an email address. ****
>
> ** **
>
> Perhaps the Paula or the privacy commissioner could provide some advice
> about this.****
>
> Regards Roland
>
> *Roland Gesthuizen* | eLearning Leader
> Keysborough College
> Acacia Campus | T +61 3 9798 1877
> www.keysboroughsc.vic.edu.au****
>
> On 4 September 2012 16:39, Robert Timmer-Arends <timmer at westnet.com.au>
> wrote:****
>
> Hello Damien****
>
> ****
>
> I have had this quoted to me in the context of a query regarding the use
> of students' VSN. The VCAA bulletin ran an article suggesting we could *
> not* use the VSN internally in the school (I was interested in doing this
> because the CASES code can change so there is no way of tracking students
> over time).****
>
> ****
>
> I think the 'out' for VCAA and VCAT might be 7.2a (and 7.1A sounds like
> another opportunity for an out - are either or both VCAA and VCAT
> 'prescribed organisations'?)****
>
> ****
>
> Also, while they are separate entities they are both govenment agencies
> and I vaguely remember reading something in the NPPs that could allow you
> to interpret that as a single organisation???****
>
> ****
>
> ****
>
> Regards****
>
> Robert T-A****
>
> Brighton SC****
>
> ****
>
> ****
>
> ----- Original Message ----- ****
>
> *From:* ATKINSON-BUCK, Damien <Damien.ATKINSON-BUCK at ivanhoe.com.au> ****
>
> *To:* Year 12 IT Applications Teachers' Mailing List<itapps at edulists.com.au>
> ****
>
> *Sent:* Tuesday, September 04, 2012 2:49 PM****
>
> *Subject:* [Year 12 IT Apps] VCAA vs VCAA and the NPP's****
>
> ** **
>
> Hi folks,****
>
> I was going through the NPP’s with my year 12’s today. When we
> were discussing NPP 7 Identifiers (see below) one of my students asked why
> VCAA and VTAC both use their student numbers as the primary identifier.
> Does anyone out there know if this is indeed the case and if so, how they
> are allowed to do it, they are separate entities aren’t they? ****
>
> Thanks****
>
> Damien****
>
> ****
>
> *7.1 An organisation must not adopt as its own identifier of an
> individual an identifier of the individual that has been assigned by: ****
> *
>
> *(a) an agency; or*****
>
> *(b) an agent of an agency acting in its capacity as agent; or*****
>
> *(c) a contracted service provider for a Commonwealth contract acting in
> its capacity as contracted service provider for that contract*. ****
>
> *7.1A However, subclause 7.1 does not apply to the adoption by a
> prescribed organisation of a prescribed identifier in prescribed
> circumstances. *****
>
> *Note: There are prerequisites that must be satisfied before those
> matters are prescribed: see subsection 100(2).*****
>
> *7.2 An organisation must not use or disclose an identifier assigned to
> an individual by an agency, or by an agent or contracted service provider
> mentioned in subclause 7.1, unless: *****
>
> *(a) the use or disclosure is necessary for the organisation to fulfil
> its obligations to the agency; or*****
>
> *(b) one or more of paragraphs 2.1(e) to 2.1(h) (inclusive) apply to the
> use or disclosure; or*****
>
> *(c) the use or disclosure is by a prescribed organisation of a
> prescribed identifier in prescribed circumstances.*****
>
> *Note: There are prerequisites that must be satisfied before the matters
> mentioned in paragraph (c) are prescribed: see subsection 100(2). *****
>
> *7.3 In this clause:*****
>
> *identifier includes a number assigned by an organisation to an
> individual to identify uniquely the individual for the purposes of the
> organisation's operations. However, an individual's name or ABN (as defined
> in the A New Tax System (Australian Business Number) Act 1999) is not an
> identifier. *****
>
> ****
>
> ****
>
> *Damien Atkinson-Buck*
> KLA Head - MYP Technology & SYP Info Tech****
>
> *p:*****
>
> +61 3 9490 3848****
>
> *f:*****
>
> +61 3 9490 3490****
>
> *e:*****
>
> damien.atkinson-buck at ivanhoe.com.au****
>
> *w:*****
>
> http://myivanhoe.net****
>
> *The Ridgeway Campus*
> PO Box 91 The Ridgeway
> Ivanhoe Victoria
> 3079 Australia****
>
> **** <http://myivanhoe.net/>
>
> **** <http://myivanhoe.net/>
>
> **** <http://myivanhoe.net/>
>
> **** <http://myivanhoe.net/>
>
>
>
>
>
> <http://myivanhoe.net/>
> Privacy, Virus and Copyright Warning
>
> The information contained in this electronic message (e-mail), and any
> files transmitted with it:
>
> * is intended for the named recipients only. If you have received this in
> error, please advise the sender and delete it and any copies immediately;
> * Any personal information in this email must be used in accordance with
> the Privacy Act 1988 and this always applies even if it has been sent to
> you in error.
> * represents the views of the sender and does not necessarily represent
> the views or formal advice of Ivanhoe Grammar School;
> * may be subject to Copyright, so no further use should be made of it
> without the author's permission.
>
> The School does not represent or warrant that the email or any files
> attached do not contain errors or are free from computer viruses or other
> defects nor does it accept responsibility for any loss or damage resulting
> directly or indirectly from the use of the email or any attached files. **
> ** <http://myivanhoe.net/>
>
> ------------------------------
> <http://myivanhoe.net/>
>
> _______________________________________________
> *http://www.edulists.com.au* - FAQ, resources, subscribe, unsubscribe
> IT Applications Mailing List kindly supported by
> *http://www.vcaa.vic.edu.au/vce/studies/infotech/itapplications3-4.html*- Victorian Curriculum and Assessment Authority <br>
> *http://www.vitta.org.au* - VITTA Victorian Information Technology
> Teachers Association Inc <br>
> *http://www.swinburne.edu.au/ict/schools* - Swinburne University****<http://myivanhoe.net/>
>
>
> _______________________________________________
> *http://www.edulists.com.au* - FAQ, resources, subscribe, unsubscribe
> IT Applications Mailing List kindly supported by
> *http://www.vcaa.vic.edu.au/vce/studies/infotech/itapplications3-4.html*- Victorian Curriculum and Assessment Authority <br>
> *http://www.vitta.org.au* - VITTA Victorian Information Technology
> Teachers Association Inc <br>
> *http://www.swinburne.edu.au/ict/schools* - Swinburne University****<http://myivanhoe.net/>
>
>
>
> **** <http://myivanhoe.net/>
>
> ** ** <http://myivanhoe.net/>
>
> --
> --
> Roland Gesthuizen - eLearning Coordinator - Keysborough Secondary College
>
> "Never doubt that a small group of thoughtful, committed citizens can
> change the world; indeed it is the only thing that ever has." --Margaret
> Mead**** <http://myivanhoe.net/>
>
> _______________________________________________
> http://www.edulists.com.au - FAQ, resources, subscribe, unsubscribe
> IT Applications Mailing List kindly supported by
> http://www.vcaa.vic.edu.au/vce/studies/infotech/itapplications3-4.html -
> Victorian Curriculum and Assessment Authority <br>
> http://www.vitta.org.au - VITTA Victorian Information Technology
> Teachers Association Inc <br>
> http://www.swinburne.edu.au/ict/schools - Swinburne University
>
--
--
Roland Gesthuizen - eLearning Coordinator - Keysborough Secondary College
"Never doubt that a small group of thoughtful, committed citizens can
change the world; indeed it is the only thing that ever has." --Margaret
Mead
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/itapps/attachments/20120909/69f16e76/attachment-0001.html
More information about the itapps
mailing list