Expert Tips for Protecting Patron Privacy


privacy keyboard

Patron privacy is an ongoing issue in the library world. In the modern library, data collection is a reality, and customer information is a double-edged sword. On the one hand, data collection allows libraries to understand their patrons better and personalize services. On the other hand, collecting and using patron data is a serious challenge to the library profession's ethical commitment to protecting patron privacy. And it gets even more complicated when this data is handled by a third-party vendor, such as an integrated library system or an online catalog.

For our June webinar, we invited two privacy experts to explore these issues and discuss tips and resources.

The Evolution of Library Privacy

Why is privacy so important to libraries? Deborah walked through the history of challenges to privacy of libraries and outlined how the topic of privacy has evolved.

"The freedom to read and receive information can't exist when a person's library use is monitored and their individual reading habits are made known to the public," she said.  

Historically, librarians have been fiercely committed to protecting the freedom to read. Deborah provided a few examples, including a grad student who had been accused of terrorism for simply reading a book on the history or terrorism at his college library.  

In 2005, Connecticut's Library Connection, Inc., a statewide library co-op, received a National Security Letter from the FBI demanding library patrons' records. George Christian, executive director of Library Connection, and three members of the executive committee of the board engaged the ACLU to file suit to challenge the constitutional validity of the NSL. On June 26, 2006, the FBI abandoned the lawsuit entirely.

Changing Times for Libraries

Deborah explained that maintaining privacy used to be a much simpler task because it was kept in-house in the library in paper records and library checkout cards.

"The digital revolution has changed the library," she said. Libraries now rely on third-party vendors that host integrated library systems, catalogs, e-book platforms, and so on. The use of these services generates a lot of patron data, which the library doesn't have full control of.  

Deborah outlined some tasks libraries should do to protect patron privacy in the digital age.

  •  Affirm the role of the library in protecting users' privacy
  • Adopt and use Fair Information Practice Principles (FIPPs)
  • Adopt and use encryption standards
  • Require vendors to adhere to the same privacy and record retention standards used by libraries
  • Commit to obtaining users' truly informed consent to the collection and use of their personal data and information
  • Train and educate librarians and users alike about privacy rights and best practices online

Library Privacy and Commercial Surveillance

Michael Robinson named some of the online privacy threats libraries face: national security, law enforcement, criminals and hackers, and perhaps the most prevalent, commercial surveillance. Companies collect data about customers through social media data, activity tracking in mobile apps, personalization options, and more.

Libraries have rushed to embrace the modern web, said Michael, but haven't thought through customer privacy in the hands of third-party vendors.

Safeguards for Privacy

Michael said that the number one thing all libraries can do to protect patron privacy is to conduct a privacy audit. The ALA has a privacy audit toolkit, but here are a few places to start examining.

  • Your library's existing privacy policies
  • Library catalogs and websites
  • E-books and digital content
  • All tech provided by the library

Another safeguard that libraries can enact right away — awareness. Education is the key to making patrons aware of commercial surveillance. Classes, workshops, pamphlets, and other materials can help patrons make informed choices about the personal data they share. Libraries should also be as transparent as possible with their privacy policies.

"Libraries have a trusted brand around privacy," said Michael. "We can be the privacy experts in our communities."

Watch the full webinar and share how your library protects patron privacy in the comments.