Make Sure You Are Privacy Literate
Three librarians explore this controversial act and how you can protect patron privacy without breaking the law
By Karen Coyle -- Library Journal, 10/01/2002
| The USA PATRIOT Act By Mary Minow |
Make Sure You Are Privacy Literate By Karen Coyle |
New Encroachments Recall Old Ones By Paula Kaufman |
The renewed awareness of privacy issues sparked by the Patriot Act creates an opportunity to take stock of policies and procedures. How effectively is your library protecting privacy? Are your policies and procedures up-to-date with current technology? Since library records are now almost exclusively in machine-readable form, the data in these systems could be used to violate the privacy of patrons, not only to learn their reading habits but to obtain personal information like addresses and phone numbers. Librarians have become the caretakers of a significant data bank of personal information. This responsibility can come into conflict with our desire to provide better service through personalization. We may put users more at risk of privacy violations. Our systems, like all computer systems, are susceptible to intrusion and to misuse. All librarians need to guard against these threats through system security and data practices. While we cannot promise to provide absolute privacy for our users, we must ensure that we take privacy into account whenever information about individuals is gathered and stored. The best way to find out how well we protect patron privacy is to perform a privacy audit.
A review of the legal and policy context begins with a look at your state law related to library records. You may find that this law, like many, was written before the use of computers in libraries. Until these laws are revised or re-interpreted by the courts, the determination of what we mean by user privacy is somewhat up to us.
Most libraries are part of a larger institution or jurisdiction, such as a college or a city or county. That larger body undoubtedly has policies on record keeping and records management. Look in particular to policies on electronic records. Records management policies will not only inform you about records you must retain, but they also often contain statements on privacy practices.
Last, yet hardly least, is your library's privacy policy. It may need to be revised to cover new systems and services. If you haven't already done so, set yourself a task to review this policy on a regular basis, such as every three or five years.
Systems auditAn actual systems audit is a lengthy process and shouldn't be attempted as a single task. Instead, divide it into logical and reasonable steps and schedule these over a period of 12 or 18 months. For each aspect of your library system (see sidebar at right) do the following:
- Determine what data are stored that could identify an individual patron. This is not limited to names and addresses. Other information, like borrower card number, phone number, or e-mail address, can be linked back to an individual quite easily.
- Decide how long the library actually needs to keep the data. This is where librarians' tendency to keep data around 'just in case' actually puts patrons at risk. If you do need to keep information for future uses, such as management reports, extract the particular statistical data that you need and discard the raw data that contain information on individual users.
- Review your timetables and procedures for deleting inactive records in patron files and other files.
- Review who on staff has access to the data, and make sure that only those who must have access.
The most obvious files that carry personal information on users are the patron database and circulation files. If you do have privacy procedures in place, they are probably focused on these files. Less obvious data files are in the logs produced by the web server and system transaction logging. It is very common for computer systems to log transactions, and each system varies in how easy it is to extract information about and identify individuals. However, clearing these files on a regular basis (after the extraction of needed statistics) is advised; it also saves disk space. This is not ususally automatic, though some software might facilitate it. Once again, resist the temptation to keep raw data on hand 'because you never know.' You also never know when it could be used by the wrong people for the wrong reason.
Although many of our newer offerings make use of personalization to provide a wealth of desirable services, personalization also often means linking an individual to an activity. Privacy risks exist any place where patrons log in, give an e-mail address, or participate in requesting documents. Computer systems can mitigate these risks through functions like encryption of stored data, but these features are often not available on library systems. If you cannot be sure that you have protected the data itself, then at least inform users that there is some risk involved when they use these services This is another area where regular removal of 'dead' accounts matters.
Records of patron use of library systems can also be of the low-tech variety, such as the informal paper sign-up sheets that many libraries employ for their Internet access stations. These potentially can be used to correlate a particular person to activity at that station at a given time and therefore must be given the same consideration as other logs of activity and discarded once their function (reserving time) has been completed. At the user end of a transaction is the public access workstation that caches user activity in a variety of ways. Fortunately, there are tools available that make clearing this data automatic. The Web4Lib Reference Center (see links) lists a number of them.
Most libraries have myriad partnerships with vendors of databases, consortium members, and interlibrary loan cooperatives. Privacy planning must include these partners to the extent possible. Contracts with outside vendors can specify that no data can be gathered relating to individual users as outlined, for example, in the ICOLC privacy guidelines (see links). This restriction can still allow vendors and librarians to take advantage of aggregate data to track overall usage and trends.
Within the library
|
A key step that you can take today is to designate your library's privacy officer. Many corporations today have a position called chief privacy officer. In a library, this is not a full-time position, and it doesn't require formal training in law. It gives a staff member the task of keeping up with privacy issues (e.g., the Patriot Act) that affect the library and its operations. The privacy officer oversees the revision of the library's privacy policy and procedures, probably manages the privacy audit, and makes sure that staff and public training takes place at appropriate intervals. This person also needs to know what to do if a privacy incident occurs, from who to call in an institution's legal department to how to handle press queries.
Promote privacy literacyIf you were to poll your patrons you would probably find that very few of them are aware that the library has policies relating to privacy. Generally, libraries don't post such notices, and few library web sites carry privacy statements (common today on commercial web sites). If you haven't told patrons about your policy, you should. Make it available at multiple contact points: on the web site and with signs at the circulation desk and on bulletin boards.
In today's world, everyone needs to know about the privacy implications of everyday activities like using a grocery store discount card or visiting the doctor. There are some excellent resources such as the Fact Sheets (in English and Spanish) from the Privacy Rights Clearinghouse (see links). Libraries are the focal point for modern literacy needs, from reading to computer use, and they can play a key role in promoting 'privacy literacy' by making information on privacy issues available.
| Author Information |
| Karen Coyle is Digital Library Specialist, California Digital Library. Her articles can be found at www.kcoyle.net |
|
