Privacy and Library Systems
Karen Coyle
Outline of talk given, February, 2002
Steps in Updating your Library Privacy Policy
- Review legal & policy context
- Review current library policies
- Conduct assessment of library systems data (privacy audit)
- Determine & implement desired practices
- Designate privacy officer
- Educate staff
- Inform users through library privacy policy
Laws, Regulations
- Your state law
(all states except: Hawaii, Kentucky, Ohio, and Texas)
- Local ordinances, i.e. "sunshine laws"
Policy
- ALA Policy on Confidentiality (ALA Code of Ethics 54.15 pt. 3)
- Your institution's policy
- Your library's general policy on privacy
Privacy "Zones"
- Library & library records
- Institutional network
- World Wide Web
Circulation & Borrower Records
- Circulation Records
- Patron registration
- Circulation transaction logs
- Overdue, billing and payment records
Circulation & Borrower Records
- Restrict access to records and logs that reveal what was borrowed by a patron,
to library staff who have a legitimate need to see the records.
- Delete circulation records from patron's file once the item is returned.
- Delete patron registration records after expiration of borrower privileges.
Personalization
- User log-ins
- E-mail features
- Saved sets
- SDI-like functions
- Document delivery
- MyLibrary
Personalization
- Notify users whenever personally identifiable information will be stored
on the system.
- Remove data from dormant accounts
- Pay attention to system security
Server Logging
- Web server logs
- Library system transaction logs
Server Logging
- Restrict access to server logs to library staff who have a legitimate need
to consult.
- Set limits on length of time stored
- Created aggregate statistics to replace individual transactions
Remote Systems
- ILL partners
- Database vendors
- World Wide Web
Remote Systems
- Advise users of limits to library privacy protection when using remote sites.
- Negotiate for proper and secure logging practices and procedures in contracts
Define System Rules
- What data will be retained
- How user data that is stored on the system protected from unauthorized use
- Who has access to the data
- How long is the data retained
Designate Library Privacy Officer
- Keep up-to-date on privacy issues
- Oversee & coordinate library practices
- Educate staff
- Coordinate public education
- Handle privacy-related incidents
Importance of Library Staff Education
- Library policies are only good if correctly implemented
- Staff are the front line in protecting library users
Educate the Public
- Make library privacy policy available at multiple contact points (web site,
circulation desk, etc.)
- Consider library role in public ""privacy literacy"
Some Links
- ALA Policy on Confidentiality of Library Records http://www.ala.org/alaorg/policymanual/libserve.html
- American Library Association OIF/Privacy http://www.ala.org/alaorg/oif/privacy.html
- http://www.kcoyle.net
©Karen Coyle, 2002
This work is licensed under a Creative Commons License.