TechEssence.info

Concerns about online privacy have recently surfaced again in the news, fueled this type by the meteoric rise of social networking sites like MySpace and disclosure (intentionally or unintentionally) of potentially sensitive information such as that recently by AOL. Libraries have historically been strong advocates of their patrons' right to privacy, as evidenced by the following text appearing as #3 in the ALA Code of Ethics:

We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

Yet, the more data we can collect from our library users, the more powerful services we can provide to them. How do libraries balance good service with appropriate privacy policies?

Certainly not collecting patron information in the first place can help the privacy mission. If you never know who is sitting down at one of your public workstations, you can’t disclose that information to others. Yet not knowing this makes it more difficult to manage waiting lists for computers, time limits, and other practical details of the reality of running a public computer lab. One reasonable approach is to only collect data when you really need it for a defined purpose.

But is that enough? Keeping information that is collected confidential is hardly a foolproof task. Confidentiality can be broken in many ways: through a simple mistake by a staff member, as in the recent AOL case, by a malicious or disgruntled staffer, through malicious action of an individual looking to exploit security holes in your servers, or through a valid subpoena requiring you to turn over information you have collected. Don’t assume confidentiality is absolute—understand the cases in which it can be broken before selecting an approach that involves collection of information but keeping it confidential.

Some attempts at confidentiality aren’t as effective as they might seem at first. Consider the recent AOL information disclosure (story linked above). The AOL search logs didn’t identify individuals, but rather assigned each user a number. This simple substitution unfortunately only provided a small amount of privacy. Numerous analyses of the search data, following subsequent queries by the same user, have led to reasonable identifications of individual users. Further processing of query logs before storage so that each query is represented alone with no connection to others is the next logical anonymizing step. However, this results in a significant loss of benefit a library can glean from these logs—it’s one thing to know what your patrons are searching on, and another to know what they do after they perform a search that results in zero hits.

Sometimes there are ways to both collect the information you need in order to provide a service and still protect patron privacy. The first is to hire bright, creative, and responsible technical staff. These individuals are your first source of ideas for ways in which you can collect data that both meets your goals and appropriately respects patron privacy. Encourage these staff members to take advantage of the many opportunities to share ideas with peers: mailing lists, IRC, blogs, conferences, and the like. Libraries need to share this type of information more freely. I invite TechEssence readers to share techniques tried at their institutions (and how effective they were) in the comments on this blog, on their own blogs, at conferences, and in the published library literature.

Be sure to develop your data collection and privacy policies together with your legal counsel. There are likely legal ramifications to keeping (or not keeping) all sorts of patron information, especially where computers are involved. Work with legal counsel to be sure all of your bases are covered.

Wherever you decide to draw the line between what you collect and what you don’t, it’s imperative to tell your patrons what your policies are. If you store complete borrowing history, your patrons deserve to know that. If you store completely anonymized search logs for your OPAC or Web site, your patrons deserve to know that as well. They even deserve to know if you collect data on number of holds placed, or usage of licensed databases. Develop a written data collection and privacy policy, and make it available to your patrons. Make it your responsibility to raise patron awareness of online privacy issues.