You are here
Protecting Patron Privacy: A Data Perspective
Posted by Jim Craner on August 27, 2018
Just to reiterate -- US libraries are not subject to that EU law, known as the General Data Protection Regulation ("GDPR"). If you want to learn more about the law, check out this excellent GDPR explainer article by Erin Berman at the San Jose (CA, US) Public Library.
Looking for more information about the principles involved in data protection from a US library perspective? The National Information Standards Organization ("NISO") published a set of principles and definitions for libraries considering patron data privacy. [Note: my Galecia colleague, Lori Ayre, was a member of the Core Working Group that produced this standards document.] The twelve listed principles include several that involve the technology that we support in public libraries, such as data collection, anonymization, and security.
As the developer of the open source "BookPoints" summer reading software, we provide our libraries the ability to add custom privacy policies and legal terms and conditions to the online applications that we build for their patrons. It's been clear after working with dozens of libraries that many librarians aren't familiar with these issues -- so we're careful to let them know about data retention and purging policies, and to collect the minimum amount of data possible. (And of course we also follow technical best practices to meet our own data security standards!)
These issues become even more complicated as libraries have added more data services for our patrons, and as data moves up to the cloud. Our data retention and management techniques and policies have changed drastically over the years -- obviously having a single circulation system on a local network has much different data privacy implications than a fully integrated library system hosted by an off-site provider or regional consortium.
National library leaders are working on these issues and related topics. IMLS recently funded a UWisc-led, ALA-assisted project to convene "library practitioners, privacy advocates, and technology experts to discuss and debate a national roadmap for a digital privacy strategy for libraries." This community and the eventual roadmap will hopefully provide resources to help libraries strengthen their digital privacy policies -- but the time to start studying and working on these issues is now!
Looking for more resources? Check out:
- ALA's webinar: "A Practical Guide to Privacy Audits" is an archived webinar presented in spring 2018 about the privacy audit process
- ALA provides the "Choose Privacy Everyday" website with programming ideas and weekly news updates about library privacy-related issues