ISO/IEC 29187-1:2013

INTERNATIONAL ISO/IEC
STANDARD 29187-1
First edition
2013-02-15
Information technology — Identification
of privacy protection requirements
pertaining to learning, education and
training (LET) —
Part 1:
Framework and reference model
Technologies de l'information — Identification des exigences de
protection privée concernant l'apprentissage, l'éducation et la formation
(AÉF) —
Partie 1: Cadre général et modèle de référence

Reference number
©
ISO/IEC 2013
©  ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved

Contents Page
Foreword . vii
0  Introduction . ix
0.1  Purpose and overview . ix
0.2  Benefits of using a multipart ISO/IEC 29187 standard approach . ix
0.3  Informed consent and learning transaction . x
0.4  Use of "jurisdictional domain", jurisdiction, country . xi
0.5  Use of “Person”, “individual”, “organization”, “public administration” and “person” in
the context of a learning transaction . xii
0.6  Importance of definitions and terms . xiii
0.7  Standard based on rules and guidelines . xiv
0.8  Size of document and role of “Part 1 Framework and Reference Model” . xiv
0.9  Use of “identifier” (in a learning transaction) . xv
0.10  Use of “privacy protection” in the context of a commitment exchange and learning
transaction . xv
0.11  Organization and description of document . xv
1  Scope . 1
1.1  Statement of scope – ISO/IEC 29187 multipart standard . 1
1.2  Statement of scope – part 1: Framework and Reference Model . 1
1.3  Exclusions . 1
1.3.1  Functional services view (FSV) . 1
1.3.2  Overlap of and/or conflict among jurisdictional domains as sources of privacy protection
requirements . 2
1.3.3  Publicly available personal information. 2
1.4  Aspects currently not addressed . 3
1.5  IT-systems environment neutrality . 6
2  Normative references . 7
2.1  ISO/IEC, ISO and ITU . 7
2.2  Referenced specifications . 9
3  Terms and definitions . 9
4  Symbols and acronyms . 39
5  Fundamental principles and assumptions governing privacy protection requirements in
learning transactions involving individual learners (external constraints perspective) . 41
5.1  Introduction and sources of requirements . 41
5.2  Exceptions to the application of the privacy protection principles . 43
5.3  Fundamental Privacy Protection Principles . 44
5.3.1  Privacy Protection Principle 1: Preventing Harm . 44
5.3.2  Privacy Protection Principle 2: Accountability . 44
5.3.3  Privacy Protection Principle 3: Identifying Purposes . 48
5.3.4  Privacy Protection Principle 4: Informed Consent . 48
5.3.5  Privacy Protection Principle 5: Limiting Collection . 50
5.3.6  Privacy Protection Principle 6: Limiting Use, Disclosure and Retention . 51
5.3.7  Privacy Principle 7: Accuracy . 55
5.3.8  Privacy Protection Principle 8: Safeguards . 56
5.3.9  Privacy Protection Principle 9: Openness . 57
5.3.10  Principle 10: Individual Access . 57
5.3.11  Privacy Protection Principle 11: Challenging Compliance . 59
5.4  Requirement for tagging (or labelling) data elements in support of privacy protection
requirements . 60
6  Collaboration space and privacy protection . 63
© ISO/IEC 2013 – All rights reserved iii

6.1  Introduction .63
6.2  Privacy collaboration space: Role of individual learner, LET provider and regulator .63
6.3  Learning collaboration space (of a learning transaction) .65
7  Public policy requirements of jurisdictional domains .67
7.1  Introduction .67
7.2  Jurisdictional domains and public policy requirements .67
7.2.1  Privacy protection.68
7.2.2  Consumer protection .69
7.2.3  Individual accessibility .70
7.2.4  Human rights .71
7.2.5  Privacy as a right of an “individual” and not right of an organization or public
administration .72
7.2.6  Need to differentiate between “privacy protection” and “confidentiality”, “security”, etc. .72
8  Principles and rules governing the establishment, management and use of identities of
an individual (and “individual learner”) .73
8.1  Introduction .73
8.2  Rules governing the establishment of personae, identifiers and signatures of an
individual .74
8.3  Rules governing the assignment of unique identifiers to an individual by Registration
Authorities (RAs) .80
8.4  Rules governing individual identity (ies), authentication, recognition, and use .80
8.5  Legally recognized individual identity(ies) (LRIIs) .85
9  Person component – individual sub-type .87
9.1  Introduction .87
9.2  Role qualification of a Person as an individual (learner).87
9.3  Persona and legally recognized names (LRNs) of an individual .88
9.4  Truncation and transliteration of legally recognized names of individuals .88
9.5  Rules governing anonymization of individuals in a learning transaction .89
9.6  Rules governing pseudonymization of personal information in a learning transaction .91
10  Process component .93
10.1  Introduction .93
10.2  Planning .93
10.3  Identification .94
10.4  Negotiation .94
10.5  Actualization .94
10.6  Post-Actualization .95
11  Data (element) component of a learning transaction .97
11.1  Introduction .97
11.2  Rules governing the role of Learning Transaction Identifier (LTI) in support of privacy
protection requirements .97
11.3  Rules governing state of change management of learning transactions in support of
privacy protection requirements .98
11.4  Rules governing records retention of personal information in a learning transaction .99
11.5  Rules governing time/date referencing of personal information in a learning transaction .99
12  Conformance statement . 101
12.1  Introduction . 101
12.2  Conformance to the ISO/IEC 29187-1 Reference Model . 102
12.3  Conformance to ISO/IEC 29187-2+ parts . 102
Annex A (normative) Consolidated list of terms and definitions with cultural adaptability:
ISO English and ISO French language equivalency . 103
A.1  Introduction . 103
A.2  ISO English and ISO French . 103
A.3  Cultural adaptability and quality control . 103
A.4  Organization of Annex A - Consolidated list of definitions in matrix form . 104
A.5  Consolidated list of ISO/IEC 29187-1 Definitions and associated terms . 105
Annex B (normative) Learning Transaction Model (LTM): classes of constraints . 149
iv © ISO/IEC 2013 – All rights reserved

B.1  Introduction . 149
B.2  Fundamental components of a learning transaction . 149
B.3  Learning Transaction Model (LTM) and its two classes of constraints . 152
Annex C (normative) Integrated set of information life cycle management (ilcm) principles in
support of information law compliance . 155
C.1  Introduction . 155
C.2  Purpose . 155
C.3  Approach . 156
C.4  Integrated set of information life cycle management (ILCM) principles . 156
Annex D (normative) Coded domains for specifying state change and record retention
management in support of privacy protection requirements . 159
D.1  Introduction . 159
D.2  State Changes . 161
D.2.1  Introduction . 161
D.2.2  Specification of state changes allowed to personal information . 161
D.2.3  Store Change Type . 163
D.3  Records retention . 164
D.4  Records Destruction . 168
Annex E (informative) Use and adaptation of the ISO/IEC 14662 Open-edi Reference Model . 171
E.1  Introduction . 171
E.2  Relevance of Open-edi Reference Model . 172
E.3  Basic aspects of Open-edi collaboration space: Buyer and seller . 174
Annex F (informative) Potential parts 2+ for ISO/IEC 29187 based on results of the
ISO/IEC JTC1/SC 36 Ad-Hoc on Privacy (AHP) . 177
F.1  Introduction . 177
F.2  Purpose . 177
F.3  User requirements and issues identified by the SC36/AHP of sub-types of data in a LET
context requiring privacy protection standard(s) . 178
F.4  User requirements of specific LET needs pertaining to privacy issues . 179
F.5  User requirements for ISO/IEC 29187-1 resulting from JTC1/SC36 resolution. 179
F.6  User requirements for Parts 2+ resulting from responses to JTC1/SC36/WG3 N360 . 179
Bibliography . 181
1)  ISO and ISO/IEC international standards . 181
2)  Other . 181
Figures
Figure 1 — Learning Transaction - Privacy Protection – Framework and Reference Model . xi
Figure 2 — Primary Sources for Privacy Protection Principles . 42
Figure 3 — Privacy collaboration space (of a learning transaction) including the role of a
regulator . 65
Figure 4 — Learning collaboration space (of a learning transaction) including the role of a
regulator (as well as “collective learner’ and/or LET provider “consortium(s)” . 66
Figure 5 — Common public policy requirements, i.e., external constraints, applying to a
learning transaction where the “buyer” is an “individual learner” . 68
Figure 6 — Illustration of relationships of links of a (real world) individual learner to (its)
persona (e) to identification schemas and resulting identifiers to associated
Person signatures — in the context of different learning transactions and
governing rules . 75
Figure 7 — Illustration of range of links between personae and identifiers of an individual
identity (ies) of a learner . 81
Figure 8 — Illustration of two basic options for establishment of a recognized individual
identity (rii) . 84
© ISO/IEC 2013 – All rights reserved v

Figure B.1 — Learning Transaction Model – Fundamental components . 150
Figure B.2 — UML-based Representation of Figure B.1 – Learning Transaction Model . 151
Figure B.3 — Learning Transaction Model: Classes of constraints . 154
Figure E.1 — Open-edi environment – Open-edi Reference Model . 171
Figure E.2 — Learning Transaction – Privacy Protection – Framework Model . 172
Figure E.3 — Summary of 3 key roles in a learning transaction . 173
Figure E.4 — Concept of a Business Collaboration . 175
Tables
Table D.1 — ISO/IEC 15944-5:05 Codes for specifying state changes allowed for the values
of Information Bundles and Semantic Components . 162
Table D.2 — ISO/IEC 15944-5:06 Codes representing store change type for Information . 164
Table D.3 — ISO/IEC 15944-5:02 Codes Representing Specification of Records Retention
Responsibility . 166
Table D.4 — ISO/IEC 15944-5:04 Codes representing retention triggers . 167
Table D.5 — ISO/IEC 15944-5:03 Codes representing disposition of recorded information . 169

vi © ISO/IEC 2013 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 29187-1 was prepared by Joint Technical Committee ISO/IEC JTC1, Information technology,
Subcommittee SC 36, Information technology for learning, education, and training.
ISO/IEC 29187 consists of the following parts, under the general title Information technology — Identification
of privacy protection requirements pertaining to learning, education and training (LET):
 Part 1: Framework and reference model
Further parts may be added in the future.
© ISO/IEC 2013 – All rights reserved vii

[THIS PAGE IS INTENTIONALLY LEFT BLANK]
viii © ISO/IEC 2013 – All rights reserved

0 Introduction
0.1 Purpose and overview
For the purposes of this standard, the use of LET covers learning, education and training. In order to
determine the need and focus of LET standards in support of privacy protection requirements applicable to
personal information of an individual learner, ISO/IEC JTC1/SC36 established an “Ad-Hoc on Privacy
1)
(AHP)” The results of this detailed preparatory work and survey by this JTC1/SC36 AHP the identified user
2)
requirements and serve as the basis for the need for this multipart standard {See further Annex F below}
ISO/IEC JTC1/SC36 considers it important that international standards which facilitate the use of information
and communication technologies (ICT) be structured to be able to support legal requirements of the
jurisdictional domains in which they are to be implemented and used. This is particularly so where such
standards are used to capture and manage recorded information for decision-making about individuals.
Common legal and regulatory requirements of this nature, which impact the development of ICT-based
standards, include those of a public policy nature such as those pertaining to consumer protection, privacy
protection, individual accessibility, human rights, etc.
The role of ISO/IEC JTC1/SC36 is to develop ICT-based standards in the fields of learning, education and
training (LET). Since the application and use of a majority of JTC1/SC36 standards involve the role of an
individual as “learner”, i.e. as an “individual learner”, this means that any recorded information on or about an
identifiable individual as a “learner” is subject to applicable privacy/data protection a requirement.
ISO/IEC 29187-1 serves as a “Framework and Reference Model”. Based on a set of (primary) principles, the
“Framework and Reference Model” is composed of a number of conceptual and structural models. These are
3)
represented via “illustrative” figures and associated lexical models in the form of rules.
More specific and detailed “typical models” are to be developed in Parts 2+ of this multipart standard. These
Part 2+ will focus on more detailed specifications of particular components of the Framework and Reference
Model.
0.2 Benefits of using a multipart ISO/IEC 29187 standard approach
There are several benefits from taking an integrated approach: First, a multipart standard approach provides
for a systematic, cost-efficient and effective approach to the creation of robust, (re-)useable components in
support of LET privacy protection requirements, including those needed to facilitate the use of generic global
requirements perspective as well as added requirements of particular jurisdictional domains of human
interface equivalents (HIEs) at any level of granularity.

1)
The majority of JTC1/SC36 P-members represent jurisdictional domains which are governed by privacy/data
protection requirements of a legislative/regulatory nature which apply to “individual learners
2)
The mandate and objectives of this JTC1/SC36 AHP as well as the Survey instrument are stated in document
36N1436
3)
One such lexical model is the key concepts and their definitions of the Framework and Reference Model as presented
in Clause 3.0 below.
© ISO/IEC 2013 – All rights reserved ix

Second, this multipart standard will provide cost savings to those organizations and public administrations,
individual learners and suppliers of LET-based products and services, i.e., “LET providers”. It will do so from a
4 )
multilingual requirements perspective and in support of cultural adaptability, individual accessibility and
diversity.
Third, having a common IT-facilitated approach will: (1) benefit individual users world-wide (doing so in
respect and support of cultural diversity); (b) ensure that requirements of jurisdictional domains (at whatever
level) can be supported in a very cost-effective and efficient manner; and, (3) also benefit suppliers of LET
focused products and services.
The concept of (semantic) collaboration space (SCS), introduced in Clause 7 below is directed at supporting
the implementation of the UN Convention on the Rights of Persons with Disabilities in an ITLET context
including those of a privacy protection nature.
5)
0.3 Informed consent and learning transaction
A key privacy protection requirement is that it requires informed consent of the individual, including in the role
of an individual learner. It also requires the identification of the purpose(s), goal for which the personal
information is to be created/collected, used, managed, shared, deleted, etc. In addition to identifying
purpose(s) and informed consent (presented below) as Privacy Protection principles in Clauses 5.3.3 and
5.3.4. There are also the Privacy Protection Principles of “accountability” of “limiting collection”, “limiting use,
disclosure and retention”, “accuracy”, “openness”, “individual access”, and “challenging compliance”
(presented below Privacy Protection principles in Clauses 5.3.2, 5.3.5, 5.3.6, 5.3.7, 5.3.9, 5.3.10, and 5.3.11
respectively).
Requirements of this nature focus on what might be considered the LET operational view (LET-OV). In
addition, there are ICT technical support requirements for privacy protection principles #8 “safeguards” (see
Clause 5.3.8 below). These include security services, communication services, etc.
Requirements of this nature are not unique to a LET (or ITLET) context. They have already been identified
and addressed in a generic manner in the ISO/IEC 14662 Open-edi Reference Model as being a “transaction”
nature in support of an agreed upon commitment exchange between an individual learner and a LET provider.
Consequently, the “LET Privacy Protection Framework and Reference Model” (presented below in Figure 1) is
based on the “Open-edi Reference Model”. A key construct of the Open-edi Reference Model is that it
recognizes that a commitment exchange, modelled as a transaction needs to be treated and supported as a
whole. At the same time, and from an ICT (including ITLET perspective) it 9is recognized that ICT-based
support service, i.e., functional support services view change as ICT changes on the whole, but those of the
user and operational requirements view remain fairly constant. This operation between the user view and the
ICT view in modelling a transaction and developing standards in support of the same is presented in the
Open-edi Reference Model as the need to differentiate between the business operation view (BOV) and
6)
LET privacy protection Framework and Reference Model uses these two
functional services view (FSV).
views of the Open-edi Reference Model to describe the relevant aspects of a learning transaction:
a) the “Learning Operational View (LET-OV) aspects of a learning transaction; and,
b) the “LET- FSV view of a learning transaction.

4)
Multilingual communications (whatever the supporting IT platform used including the Internet) is already supported by
existing technologies. Many ISO/IEC and ISO standards already exist (or are under development) whose contents can
and will be used as building blocks for the integration of this new LET standard.
5)
Annex E below “Open-edi Reference Model and Learning transaction” provides informative information on the key
modelling constructs introduced in ISO/IEC 29187-1.
6)
See further below, Annex E (informative) titled “Use and adaptation of the Open-edi Reference Model”.
x © ISO/IEC 2013 – All rights reserved

The Learning Operational View addresses the aspects of the context and semantic aspects of personal
information in a learning transaction including data management and interchange aspects. The LET-OV also
can be referred to as the operational and user requirements view.
The LET-FSV addresses the ICT infrastructure and support services meeting the mechanical needs of the
Learning Operational View. Its purpose is to support the demands on the supporting ICT infrastructure of the
Learning Operational View. It focuses on ICT aspects of:
a) functional capabilities;
b) service interfaces;
c) protocols and APIs.
Figure 1 — Learning Transaction - Privacy Protection – Framework and Reference Model
7)
0.4 Use of "jurisdictional domain", jurisdiction, country
Multiple different definitions are currently in use for “jurisdiction”. Some have legal status and others do not.
Further, it is a common practice to equate “jurisdiction” with “country”. Yet, at the time, it is also a common
practice to refer to “provinces”, “states”, “länder”, “cantons, “territories”, “municipalities”, etc., as jurisdictions.
In addition, several UN member states can combine to form a “jurisdiction”, (e.g., the European Union, NAFTA,
etc.).
In this standard:
a) the use of “jurisdictional domain” represents its use as a defined term; and,
b) the use of “jurisdiction(s)” and/or country(ies) represents their use in generic contexts.
Most often in this document “jurisdictional domain” is used as it represents the primary source of external
constraints pertaining to “privacy protection” rights of individuals. It also reflects the fact that in UN member
states which are “federated” in nature, that it is the “province”, “state”, länder, “territory”, in that UN member
state which is often responsible for LET-related activities and thus is the responsible jurisdictional domain.

7)
For more detailed information on this and related matters pertaining to “jurisdictional domain”, see ISO/IEC 15944-
5:2008 (E) Information Technology - Business Operational View - Part 5: Identification and referencing of requirements of
jurisdictional domains as sources of external constraints. This is a freely available ISO/IEC standard.
© ISO/IEC 2013 – All rights reserved xi

This standard incorporates the common aspects of such laws and regulations as pertaining to privacy
protection, applicable at the time of publication only. The concept of “privacy protection” also integrates these
various set of legal and regulatory requirements and does so from a public policy requirements perspective.
{See below Clause 7}
It has to be born in mind that the delivery of “privacy protection” requires action both at the LET operational
level (LET-OV) and technology level of functional service (FSV). Where human beings interact with recorded
information once it has passed through an Open-edi transaction, they may have the potential to compromise
technical controls (FSV) that may have been applied. It is essential that LET models take account of the need
to establish overarching operational processes that address issues that have not been, and/or cannot be
resolved by the technical FSV controls applied so as to provide the overall privacy demands of regulation that
must be applied to personal data, their use, proscribed dissemination and so on. In this regard, the interplay of
the LET-OV and FSV views of all organizations must be taken into account.
0.5 Use of “Person”, “individual”, “organization”, “public administration” and “person” in
the context of a learning transaction
It is important to differentiate an “individual” from the other two sub-types of Person, namely that of an
“organization” and a “public administration”. There are several reasons why this is necessary. These include:
a) the fact that in UN conventions, Charters, treaties, etc., as well as in the laws and regulations of
jurisdictional domains, the word “person” is often used without explicitly specifying whether here “person”
applies only to a human being, a natural person, i.e., as an “individual,” but also other types of persons
8)
recognized in law, i.e., legal persons such as organizations and public administrations
For example, the human right of “freedom of expression” which is stated in the UN Charter as written and
was intended to be a right of human beings (natural persons) only. However, in some well as the
Constitution (and/or Charter of Human Rights) and of most jurisdictional domains was jurisdictional
domains, corporations have been allowed to claim the right of “freedom of expression” since they are also
“Persons” i.e., “legal persons”, with the result that “freedom of expression” rights are applied to
“advertising”.
b) the need to ensure that public policy requirements of jurisdictional domains {see further Clause 6 below}
which are created and intended for human beings continue to pertain to human beings only, i.e.,
“individual”;
c) for the first 20-30 years, the use of ICT was restricted to organizations and public administrations. The
advent of the Internet and the World-Wide Web (WWW) has resulted in “individuals” becoming full
participants in the use of ICT.
Consequently, many, if not most of the ISO/IEC JTC1 standards, as well as other ICT based standards of ISO,
IEC and ITU (and others) do not distinguish whether or not the real end user is: (a) another IT system; or, (b)
a Person, i.e., an entity able to make a commitment; and then whether that entity making a commitment is
doing so on behalf of itself, i.e., as an “individual”, or on behalf of an organization, i.e., as an organization
Person.
8)
The “UN Convention on the Rights of Persons with Disabilities” does not explicitly state or define what a “Person” is.
From its purpose and context, one deduces that these are “natural persons” and not “legal persons”, (e.g., not
organizations or public administrations). In an ICT environment (or the virtual world) one needs to be very explicit here.
xii © ISO/IEC 2013 – All rights reserved

To address these and related requirements, the additional concept and term of “Person” was introduced and
9)
defined in such a way that it is capable of having the potential legal and regulatory constraints applied to it,
i.e., as “external constraints”. In the context of this standard, these include:
a) external constraints of a public policy nature in general and of a “privacy protection” nature in particular
as legal rights of an individual; and,
b) external constraints of a public policy nature in general and of a privacy protection nature in particular,
which apply to organizations or public administrations as legal obligations to be complied with when
providing goods and services to any individual.
In summary, there are three broad categories of a Person as a player in any process involving the making of a
decision; and/or the making of a “commitment” namely: (1) the Person as “individual”; (2) the Person as
“organization”; and, (3) the Person as “public administration”. There are also three basic (or primitive) roles of
Persons in learning transactions, i.e., the making of a commitment of whatever nature, namely “buyer”, “seller”,
and “regulator”.
The reader of this standard should understand that:
a) the use of Person with a capital “P” represents Person as a defined term, i.e., as the entity that carries the
legal responsibility for making commitment(s);
b) “individual”, “organization” and “public administration” are defined terms representing the three common
sub-types of “Person”; and,
c) the words “person(s)” and/or “party(ies)” are used in their generic contexts independent of roles of
“Person” (as defined in the ISO/IEC 14662:2010 and ISO/IEC 15944-1 standards). A “party” to any
decision making process, a commitment making process (including any kind of learning transaction) has
the properties and behaviours of a “Person”.
10)
0.6 Importance of definitions and terms
The ISO/IEC Directives Part 2 provide for “Terms and definitions” as a “Technical normative element”,
necessary for the understanding of certain terms used in the document. A primary reason for having “Terms
and definitions” in a standard is because one cannot assume that there exists a common understanding,
worldwide, for a specific concept. And even if one assumes that such an understanding exists, then having
such a common definition in Clause 3 serves to formally and explicitly affirm (re-affirm) such a common
understanding, i.e., ensure that all parties concerned share this common understanding as stated through the
text of the definitions in Clause 3.

9)
See further Clause 6.2 “Rules Governing the Person component” in ISO/IEC 15944-1:2010 (3rd ed.) titled “Information
technology – Business operational view – Part 1: Operational Aspects of Open-edi for implementation”. [The multipart
ISO/IEC 15944 eBusiness standard, as well as the ISO/IEC 14662 Open-edi Reference Model standard, are "publicly
available” ISO standards, see http://standards.iso.org/ittf/PubliclyAvailableStandards/index.html.
10)
See further, the document titled “Importance of Definitions for Concepts”, (2008-05-20) SC36/WG7 N0129.
© ISO/IEC 2013 – All rights reserved xiii

A primary objective of the ISO/IEC 29187-1 standard on LET privacy protection is the need:
1) to have clear, unambiguous and explicitly stated definitions for the concepts introduced or used;
2) to appreciate and understand that one needs to be careful in the choice of the “label” i.e., term, to be
associated with a concept; and,
3) to understand that (1) and (2) are essential to privacy protection and the creation and provision of
human interface equivalents (HIEs) of the semantics of the content of what is intended to be
communicated. This is required to support the “informed consent” privacy protection requirement.
If one looks at any UN convention, treaty, covenant, any law or regulation of a jurisdictional domain, an
international standard, etc., one will find that their first two chapters, clauses, articles or sections are: (1)
“purpose” or “scope”, and, (2) “definitions”. From an academic and scientific LET perspective, the introduction
of a new concept, its definition, what it “is” (or meant to be understood as), how and where it fits or is to be
used, etc., is the focus of many papers, presentations, etc.
Definitions of concepts form the foundation of research and even more so in a multidisciplinary network
context. As such, it is important that definitions be explicit, unambiguous, and precise with respect to the
semantics conveyed.
This is important because the “definition” and associated label, i.e., “term”, of a concept not o
...