The Institute of Museum and Library Services (IMLS), in partnership with the American Library Association (ALA), recently sponsored the development and publication of a series of seven Privacy Field Guides. Designed to offer practical information and hands-on exercises for public, academic, and K–12 librarians, the seven guides cover digital security basics, how to talk about privacy with patrons, non-tech privacy, data lifecycles, privacy audits, privacy policies, and vendors and privacy.

Patron privacy—as well as consumer privacy more broadly—has been a longstanding concern within the library field, and many library-specific books, articles, workshops, and other resources are available on the topic. However, as project co-leads Bonnie Tijerina, founder of the Electronic Resources & Libraries conference and fellow at the Data & Society Institute, NY; and Erin Berman, division director, Learning Group, Alameda County Library, CA, and current chair of ALA’s Intellectual Freedom Committee (IFC) Privacy Subcommittee, wrote in their grant proposal: “While a plethora of information exists about how to institute privacy policies and procedures in libraries, it is difficult to navigate and hard to use.” Much of the content “is too dense and academic to be useful to frontline staff. The Privacy Advocacy Guides seek to eliminate the barriers libraries face when trying to create a privacy conscious organization.”

“We have information overload,” said Becky Yoose, founder and library data privacy consultant at LDH Consulting Services, WA, and one of the authors of the guides. “You have people who want to do something with privacy at their library, they just don’t know where to start. They don’t know which topics to start with, how to start, and more importantly, how to communicate things about privacy to coworkers, administrators, the public, partners, [or] vendors. These field guides are primarily…practical introductions into key privacy topics for all library types.”

Another author, Emily Ray, electronic resources librarian for the University of North Florida, added that many articles on privacy point out problems and troubling developments without offering practical solutions, while others that offer solutions are often targeted at an audience with technical expertise.

“From my point of view, looking for articles about privacy, there are lots that will tell you how terrible [the current situation] is, how libraries have historically taken a strong position on protecting patron privacy, and how we need to do more now,” Ray said. “And then there are some articles that tell you things you can do, but they are very specific and some of them are very techy…. We wanted to provide guides to people in academic, public, [and] school libraries—a variety of places—that are very user friendly, with small, manageable steps that you can do even if you don’t feel that you know everything about privacy.”

For example, the privacy policies guide begins with a section on how to read privacy policies, defining and breaking down commonly used phrases and terms and highlighting “red flags” that should prompt librarians to ask for additional information from vendors. Completing a series of short exercises will result in a first draft of a privacy policy for the user’s own library. The digital security basics guide features succinct, one-page explanations of topics including password managers, multi-factor authentication, phishing, malware, ransomware, network privacy, and more, paired with “quick tips” and short exercises. The data lifecycles guide takes a deeper dive into securing patron data that is collected by libraries, but it also breaks down the cycle of collection, storage, access, reporting, retention, and deletion, with one page for each topic, including exercises and tips.

“They’re really engaging in a way that I haven’t seen in other guides,” Berman told LJ. The creation of the guides involved a thorough editorial process, she added. After the initial drafts were written, members of ALA’s IFC Privacy Subcommittee conducted textual reviews of all submitted content. With the help of a professional graphic designer, the project team then formatted the guides and sent them to “a broad spectrum” of almost 30 test libraries, according to Berman.

“We had pre-tests and post-tests, sending them surveys [asking], ‘Did you make a change? If so, what kind of change? Did this guide teach you a lot? A little?” Tijerina explained. “We worked with a UX advisor who put together these surveys and then wrote up a report about her findings, so we were able to see the value [of the guides] at these test libraries, and the impact they may have made.”

Berman added, “We did find that a lot of people [at the test libraries] took action of some kind or planned to take action of some kind, which is really our goal.”

After seeing a notice about the project in a newsletter from the Washington Library Association, Priya Charry, adult services librarian for Kitsap Regional Library (KRL), WA, applied and was accepted to be part of the test library cohort using the draft versions of the guides and offering feedback.

“On a personal level, I thought that [the guides] would be really useful for me, so that I could have more information—more knowledge under my belt—and feel a bit more equipped to have these conversations” about privacy with patrons and colleagues, Charry told LJ. KRL takes patron privacy “extremely seriously, as any library does, and we do have many standard practices to protect personal information, and also to preserve our patrons’ confidence in us to do so,” she said. But the guides offered reminders that something as simple as “talking with colleagues, saying, ‘I’m working on this book bundle for patron A’…that’s a way of sharing patron information that you don’t think about. Where are we having these conversations? How loud are they? Do we write them down and leave notes for colleagues who are working on the same project? Little things like that, we don’t often recognize as ways that we may be sharing patron information.”

In addition, “we get a lot of technology questions—creating email accounts, accessing personal documents, filling out applications and forms,” Charry said. “A lot of that, I don’t know that patrons feel super-confident asking us those questions, or whether they might have a bit of suspicion. We’re public; they’re signing on to a public computer. So having a more confident base to talk about those questions with them, or help them feel reassured that their information is safe when they come into the library, is really crucial.”

The guides are currently available for free on libraryprivacyguides.org and as PDF downloads on ALA’s website. The project has also sent print versions of the guides to other privacy advocates within the field, and will have some physical copies available during presentations about the guides at upcoming national and regional conventions this year. Up next, on Wednesday, March 23 at 2 p.m. (PST), Berman will be presenting in person during the “Privacy Field Guides: Take Action on Privacy in Your Library” session at the Public Library Association’s conference in Portland, OR.