Numerical identification system to pseudonymise pupil data

Type: Project | Country:

A numerical identification system using a pseudonymised identity is in the process of begin set up in the Netherlands. Kennisnet has come up with a numerical identification system, in cooperation with school sector representatives and suppliers. Kennisnet is the public organization for Education & ICT, and provides national ICT-infrastructure, advises the sector councils and shares knowledge with the primary education, secondary education and vocational education and training.

The numerical identification system ensures that identification numbers of no further personal significance can be exchanged within the education supply chain without pupils’ personal details being shared with and between providers of educational resources. The number is a pseudonym; in other words, institutions and commercial suppliers cannot trace the number back to any personal information. Among other things, this system makes it possible to restrict the parties that track pupil progress to those authorised to do so (usually the school), with the pupils’ privacy being well protected.

Parents who register their child for primary school provide the child’s Citizen Service Number (BSN). After checking that the BSN is correct, DUO – central government’s executive agency for education – converts it into a Personal Identification Number (PGN) that is identical to the BSN. Those children who do not have a BSN will be assigned a PGN. The PGN is entered into the school’s pupil information management system. This is in fact how the system operates at present. The school is then allowed to use the PGN in all sorts of interactions with government, but not with private parties, for example educational publishers, because there is no statutory basis for doing so. So far, the alternative has been for schools and publishers or other parties to share extensive personal details in order to identify each pupil separately. That is undesirable from the point of view of privacy.

The numerical identification system offers the following solution to this dilemma: from now on, the pupil information management system  will send a message to the numerical identification system  with an encryption of the PGN. The numerical identification system will subject the encrypted number to further encryption, creating a pseudonym in the process . The pseudonym, a random series of number and letters, is then fed back into the pupil information management system. That number can then be used to communicate about a pupil, subject to specific arrangements . It can also be used for such matters as transferring licences and providing feedback on learning and test results. Only those personal details which are needed to deliver a specific educational service and that have been previously agreed upon between the educational institution and the supplier will be provided with the pseudonym.

Kennisnet  has been asked to develop and implement the numerical identification system within the context of the Education & ICT Breakthrough project . The design has already been completed. The system will be implemented in roughly two phases. First, Kennisnet will tackle the statutory basis. The law prohibits the random sharing of a BSN or PGN. At the moment, the process of pseudonymisation described above is subject to the same statutory prohibition. The Ministry of Education will need 18 to 24 months to adopt the legal exemption required to clear the way for the process. In the meantime, after testing the technical specifications, Kennisnet will be building and testing the system in cooperation with practitioners  and suppliers.