patron privacy issues cindy cunningham – ohsu. overview balancing demands (academic environment)...
TRANSCRIPT
Patron Privacy Issues
Cindy Cunningham – OHSU
Overview
Balancing demands (academic environment) Privacy in Libraries System Privacy
Vendor Institution/Library
Privacy checklist Resources
Balancing Competing Demands in the Academic Environment
Intellectual freedom Unrestricted access to resources Network security Data-share - research Protect proprietary information Statistics
Open records vs. privacy statutes Record retention requirements Manage institutional risk
Privacy in Libraries
User privacy is an integral library mission ALA - Library Code of Ethics
"We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.”
Responsibility to develop local policies and procedures Protect patron confidentiality Comply with institutional policies Respond to legal challenges
Acquiring, Storing and Analyzing Data
ILS – patron and transactional data, notes E-resources - retained search histories, required
cookies Email, web-based service forms Services with IP tracking, user authentication Conventional education and distance education Statistics
ILS System Privacy Issues - Vendor Controls
Formal privacy policy Accountability Oversight
Data access Permissions Protection of stored data - INNKeeper service
Audit trails
Patron Privacy - Library Controls
System security Firewalls Requirements for logins, strong passwords Required password changes Wireless network protections Staff laptop secure logins
System data storage Backup, retention Proxy access tracking Audit trails
Patron Privacy - Library Controls
What PII is collected/stored? Name, address, phone numbers, email, ID’s (SSN-
based?) Last patron check out Notes (orders, fines, reserves, gifts, claims returned,
suggestions) MARC displays Patron record access Permissions
Who has access What content is displayed
System generated emails, override reports, etc. Paging slips
Patron Privacy - Library Controls
Staff training Patron education - reading history, saved
searches (disabled by default) Response Coordination
Institutional policies and proceduresLibrary policies and procedures
Regular Review
Summit Privacy Practices
Discarding paging slips - home address, phone number "Send it back clean.” Remove any materials that may be left in
item before returning it to Owning site, including the paging slip which is no longer necessary, and compromises confidentiality of patrons borrowing materials.
http://www.orbiscascade.org/staffhome/matrls_processing.htm
New agreement - patron names not used on summit-circ list (http://www.orbiscascade.org/staffhome/patron_confid_agrmt.htm)
Privacy Checklist
Assess your institutional and library system security
Determine vendor, institutional and library practices affecting data access, storage and retention Develop management procedures Review regularly
Develop staff and patron training on privacy issues
Privacy Checklist
Develop and link to your privacy policy ALA resources - Developing a Confidentiality Policy
http://www.ala.org/ala/oif/iftoolkits/toolkitsprivacy/guidelinesfordevelopingalibraryprivacypolicy/guidelinesprivacypolicy.htm
Examples OHSU’s policy http://www.ohsu.edu/library/privacy.shtml University of Michigan Law Library http://www.law.umich.edu/library/
libinfo/security.htm
Develop a library-specific response to legal challenges
Resources
Thanks to Kara Phillips, Barbara Engstrom, Susan Kezele & Jan Hartley (Seattle University Libraries) presentation on privacy issues– NWIUG 2005
Enstrom, B.S. et al, “Evaluating Patron Privacy on Your
ILS” AALL Spectrum, April 2006, http://www.aallnet.org/products/pub_sp0604/pub_sp0604_ProDev.pdf (accessed July 24, 2006).
Adams, H.R. et al (2005) Privacy in the 21st Century. Westport: Libraries Unlimited.
Resources
Breeding, M., “Defending your ILS Against Security Threats” Computers in Libraries, May, 2003, at 38.
ALA “Code of Ethics,” “Library Bill of Rights” http://www.ala.org/ala/oif/statementspols/statementsif/librarybillrights.htm
ACRL “Intellectual Freedom Principles for Academic Libraries” http://www.ifla.org/faife/ifstat/acrlprin.htm