Notes
Slide Show
Outline
1
Privacy and Library Systems
  • Karen Coyle
  • November, 2001
2
Steps in Updating your Library Privacy Policy
  • Review legal & policy context
  • Review current policies
  • Conduct assessment of library systems data (privacy audit)
  • Determine & implement desired practices
  • Designate privacy officer
  • Educate staff
  • Inform users through library privacy policy
3
Laws, Regulations
  • Your state law (Ca. Government Code Section 11015.5)
    • all states except: Hawaii, Kentucky, Ohio, and Texas
  • Local ordinances, i.e. "sunshine laws"
4
Policy
    • ALA Policy on Confidentiality (ALA Code of Ethics 54.15 pt. 3)
    • Your institution's policy
    • Your library's general policy on privacy
5
Circulation & Borrower Records
  • Circulation Records
  • Patron registration
  • Circulation transaction logs
  • Overdue and billing records


  • Restrict access to records and logs that reveal what was borrowed by a patron, to library staff who have a legitimate need to see the records.
  • Delete patron registration records after expiration of borrower privileges.
6
Server Logging
    • Web server logs
    • Library system transaction logs
  • Restrict access to server logs to library staff who have a legitimate need to consult.
  • Set limits on length of time stored
  • Created aggregate statistics to replace individual transactions
7
Personalization
  • User log-ins
  • E-mail features
  • Saved sets
  • SDI-like functions
  • Document delivery
  • MyLibrary


  • Notify users whenever personally identifiable information will be stored on the system.
  • Remove data from dormant accounts
  • Pay attention to system security
8
Remote Systems
  • Vendor databases
  • ILL partners


  • Advise users of limits to library privacy protection when using remote sites.
  • Negotiate for proper and secure logging practices and procedures in contracts
9
Define System Rules
  • What data will be retained
  • How user data that is stored on the system protected from unauthorized use
  • Who has access to the data
  • How long is the data retained
10
Designate Library Privacy Officer
  • Keep up-to-date on privacy issues
  • Oversee & coordinate library practices
  • Educate staff
  • Coordinate public education
  • Handle privacy incidents
11
Educate the Public
  • Make library privacy policy available at multiple contact points (web site, circulation desk, etc.)
  • Consider library role in public “privacy literacy”
12
Importance of Library Staff Education
  • Library policies are only good if correctly implemented
  • Staff are the front line in protecting library users
13
Some Links
  • ALA Policy on Confidentiality of Library Records http://www.ala.org/alaorg/policymanual/libserve.html
  • American Library Association OIF/Privacy
    • http://www.ala.org/alaorg/oif/privacy.html
  • Privacy Rights Clearinghouse
    • http://www.privacyrights.org