Patron privacy is an ongoing issue in the library world. In the modern library, data collection is a reality, and customer information is a double-edged sword. On the one hand, data collection allows libraries to understand their patrons better and personalize services. On the other hand, collecting and using patron data is a serious challenge to the library profession's ethical commitment to protecting patron privacy. And it gets even more complicated when this data is handled by a third-party vendor, such as an integrated library system or an online catalog.
For our June webinar, we invited two privacy experts to explore these issues and discuss tips and resources.
- Deborah Caldwell-Stone (ALA Office of Intellectual Freedom)
- Michael Robinson (Intellectual Freedom Committee, Alaska Library Association)
The Evolution of Library Privacy
Why is privacy so important to libraries? Deborah walked through the history of challenges to privacy of libraries and outlined how the topic of privacy has evolved.
"The freedom to read and receive information can't exist when a person's library use is monitored and their individual reading habits are made known to the public," she said.
Historically, librarians have been fiercely committed to protecting the freedom to read. Deborah provided a few examples, including a grad student who had been accused of terrorism for simply reading a book on the history or terrorism at his college library.
In 2005, Connecticut's Library Connection, Inc., a statewide library co-op, received a National Security Letter from the FBI demanding library patrons' records. George Christian, executive director of Library Connection, and three members of the executive committee of the board engaged the ACLU to file suit to challenge the constitutional validity of the NSL. On June 26, 2006, the FBI abandoned the lawsuit entirely.
Changing Times for Libraries
Deborah explained that maintaining privacy used to be a much simpler task because it was kept in-house in the library in paper records and library checkout cards.
"The digital revolution has changed the library," she said. Libraries now rely on third-party vendors that host integrated library systems, catalogs, e-book platforms, and so on. The use of these services generates a lot of patron data, which the library doesn't have full control of.
Deborah outlined some tasks libraries should do to protect patron privacy in the digital age.
- Affirm the role of the library in protecting users' privacy
- Adopt and use Fair Information Practice Principles (FIPPs)
- Adopt and use encryption standards
- Require vendors to adhere to the same privacy and record retention standards used by libraries
- Commit to obtaining users' truly informed consent to the collection and use of their personal data and information
- Train and educate librarians and users alike about privacy rights and best practices online
Library Privacy and Commercial Surveillance
Michael Robinson named some of the online privacy threats libraries face: national security, law enforcement, criminals and hackers, and perhaps the most prevalent, commercial surveillance. Companies collect data about customers through social media data, activity tracking in mobile apps, personalization options, and more.
Libraries have rushed to embrace the modern web, said Michael, but haven't thought through customer privacy in the hands of third-party vendors.
Safeguards for Privacy
Michael said that the number one thing all libraries can do to protect patron privacy is to conduct a privacy audit. The ALA has a privacy audit toolkit, but here are a few places to start examining.
- Your library's existing privacy policies
- Library catalogs and websites
- E-books and digital content
- All tech provided by the library
Another safeguard that libraries can enact right away — awareness. Education is the key to making patrons aware of commercial surveillance. Classes, workshops, pamphlets, and other materials can help patrons make informed choices about the personal data they share. Libraries should also be as transparent as possible with their privacy policies.
"Libraries have a trusted brand around privacy," said Michael. "We can be the privacy experts in our communities."
Watch the full webinar and share how your library protects patron privacy in the comments.
- ALA Office of Intellectual Freedom
- ALA Privacy Toolkit
- Choose Privacy Week
- Let's Encrypt
- ALA Library Privacy Guidelines for E-book Lending and Digital Content Vendors
- ALA Code of Ethics
- ALA Policy on Confidentiality of Library Records
- Privacy: An Interpretation of the Library Bill of Rights
- FTC Fair Information Practice Principles (FIPP), May 2000
- IFLA Statement on Privacy in Libraries (PDF)
- Protecting Patron Privacy by Matthew Beckstrom
- Healthy Fear, Healthy Habits: Teaching Privacy to Patrons