Governance, privacy & data

A consultancy model designed for schools that want strong digital systems without giving away control of their data.

Core data governance principles

School‑owned data

Schools retain full ownership and control of their student information. Where possible, databases and storage remain within school‑controlled environments.

Minimal data models

Systems are designed to collect only the information required to support educational workflows, with a strong emphasis on data minimisation.

Privacy‑by‑design

Privacy considerations are embedded into system architecture from the beginning, not added at the end as an afterthought.

Transparent architecture

System structure, hosting choices, and data flows are documented so leadership and IT teams can understand how everything fits together.

Architecture & hosting model

Systems are typically designed so that the application layer sits on top of a school‑owned data environment.

In most implementations:

  • Teachers and staff use an application or workflow interface
  • The interface connects securely (e.g. HTTPS) to a school‑controlled data environment
  • Student information is stored in databases or cloud services managed by the school or system
  • The consultant does not centrally store student data outside of agreed environments

Hosting environments may include Microsoft 365 / SharePoint, school‑managed cloud (such as Azure or Google Cloud), or school‑hosted databases and servers.

Alignment with privacy expectations

Australian privacy frameworks

System design is informed by Australian Privacy Principles, state education department requirements, and individual school privacy policies.

Information security practices

Designs typically incorporate secure authentication, role‑based access control, encrypted connections, restricted database permissions, and separation between application and data layers, drawing on widely recognised information security principles.

Cybersecurity training

Google Cybersecurity Professional Certificate badge

Formal cybersecurity training underpins decisions about how systems are architected and deployed, including authentication models, access control, and protection of school‑owned data environments.

Roles & responsibilities

Consultant responsibilities

Learning Systems Studio is responsible for system architecture design, configuration of software tools, technical documentation, and supporting schools through implementation, training, and refinement.

School responsibilities

Schools remain responsible for hosting environments, day‑to‑day management of student data, access permissions, and compliance with their organisational privacy policies and regulatory obligations.

Detailed governance document

A more detailed technical overview of data governance, privacy, and security is available for leadership, IT, and governance teams.

Download Data Governance, Privacy & Security Overview (PDF)