Today’s ALA/Booklist webinar, Why Your Library’s Policy Matters, was led by Cherie L. Givens, author of Information Privacy Fundamentals for Librarians and Information Professionals. The webinar seemed almost like a commercial for the book, because Givens only spoke generally, pointing listeners to the book for further detail. In fairness, it would be difficult to cover the topic of library privacy policies in depth in an hour, but I was still hoping for something slightly more concrete and practical. Nevertheless, here are the points she covered:
*Particularly the Children’s Online Privacy Protection Act (COPPA), Family Education Rights and Privacy Act (FERPA), Protection of Pupil Rights Amendment (PPRA), No Child Left Behind (NCLB), the PATRIOT Act, Foreign Intelligence Surveillance Act (FISA), and National Security Letters (NSLs). (If your library does receive an NSL, the lawyers at ACLU would love to hear about it.)
- The Federal Trade Commission (FTC) is a good resource for consumer protection (“We collect complaints about hundreds of issues from data security and deceptive advertising to identity theft and Do Not Call violations”).
- People should have control over their Personally Identifiable Information (PII), including sensitive personal data such as Social Security Numbers. People should know when, how, and what PII is being communicated to others. It’s always best to collect as little information as possible, only what is necessary; minimize data collection and retention.
- Perform a privacy audit/assessment: what information do you collect and how do you use it?
- Look at other libraries’ privacy policies, and the privacy policies of small/medium-sized businesses.
- Privacy is important not just for intellectual freedom, but intellectual curiosity.
*I haven’t seen the contract language, but I would imagine this is much more difficult than it sounds, especially if a library is working with Overdrive, which allows patrons to check out Kindle books through Amazon. Amazon is a data-hungry beast.
These fair information practice principles I copied directly from slide 10 of Givens’ presentation:
- Notice/Awareness: Provide notice of information collection practices before information is collected.
- Choice/Consent: Give the subjects of data collection options about whether and how their personal information may be used.
- Access/Participation: Provide access to an individual’s personal information so that the individual can review and correct it.
- Integrity/Security: The data collector must take reasonable steps to make sure the data is accurate and secure.
- Accountability or Enforcement/Redress: There must be a mechanism for addressing and resolving complaints for failing to abide by the above four principles.
Lastly, this great article was cited by one of the webinar participants. I remember reading it before (it was a Library Link of the Day on 10/4/14): “Librarians won’t stay quiet about government surveillance,” Washington Post, Andrea Peterson, 10/3/14.