ala niso-bisg forum - patron privacy
Post on 08-Jan-2017
227 Views
Preview:
TRANSCRIPT
Nettie Lagace, Associate Director of Programs, NISO @abugseye
Daniel Ayala, Director Information Security, ProQuest @buddhake
Michael Robinson, Head of Library Systems, University of Alaska - Anchorage@mikerobinson_ak
NISO as a “Switzerland”
A meeting place for libraries, vendors, publishers to discuss common issues and create consensus solutions
An Issue of Privacy
ALA code of ethics
Publishers/vendors who serve users are not librarians
Libraries are servers in the cloud and user interactions are managed by third parties
NISO & Patron Privacy Framework Intro
Can libraries and service providers develop valuable services that are based on user activity data, or improve existing services using activity data, in a way that simultaneously protects privacy?
NISO & Patron Privacy Framework Intro
Can we build a framework to protect patron privacy that is based on consensus that simultaneously recognizes the nuances with this issue?
NISO & Patron Privacy Framework Intro
Goal: Establish a consensus framework of principles that prescribe how information systems should respect the privacy of patron data
What we arrived on...OverviewPreamble1. Shared privacy responsibilities2. Transparency & facilitating privacy awareness3. Security4. Data collection and use5. Anonymization6. Options and informed consent7. Sharing data with others8. Notification of privacy policies and practices9. Supporting anonymous use10. Access to one's own user data11. Continuous improvement12. AccountabilityGlossary
Balance of UX & Privacy
Suppliers (Publishers, Service Providers)
TrustBalance privacy and functionality
Metrics on usage
Operational info to keep the service “up”
Multiple customers: creators and users
Libraries
Balance of UX & Privacy
Metrics to fuel funding and buying decisions
Wide array of positions on data use
Assessment mandates
Fundamental privacy tenets as baseline
Expertise
Enablement of users to make informed decisions
Users
Balance of UX & Privacy
ControlPersonalisation and recommendations
Fast, easy, mobile, ubiquitous access
Informed control over own privacy and data
Consumer-like features expected
The Librarians
Both ends of the spectrum...
Legal & Ethical Obligation to Protect Reader Privacy
1st amendment (free inquiry), ALA policy, professional ethics
State laws on confidentiality of library records
The Librarians
Both ends of the spectrum...
Libraries Need to Embrace the Modern Web
E-content, personalization, user experience
Operational needs, business intelligence, educational assessment
The Librarians
Both ends of the spectrum...
False Dichotomies
Privacy is dead vs privacy at all costs
Abandoning ethics vs fettering competitiveness
UX Focus on the Framework
How do you define what gets collected automatically vs explicitly asked for?
PII/Sensitive InformationBrowser/Application Fingerprint
UX Focus on the Framework
How do you define what gets collected automatically vs explicitly asked for?
Persistent Cookies Tracking
Session Cookies Tracking
UX Focus on the Framework
How do you define what gets collected automatically vs explicitly asked for?
User BehaviourReader Behaviour(Free Inquiry)
UX Focus on the Framework
How do you define what gets collected automatically vs explicitly asked for?
US Privacy LawsEU Privacy Laws
UX Focus on the Framework
What does consent look like?
EU Right to be ForgottenFTC Fair Information Practises
Legal
UX Focus on the Framework
What does consent look like?
Notification via Terms of Service
Existing Consent Models are Broken
UX Focus on the Framework
What does consent look like?
Opt-In & Opt-OutNotification via Terms of Service
Existing Consent Models are Broken
UX Focus on the Framework
What does consent look like?
Data sharing disclosures
Existing Consent Models are Broken
UX Focus on the Framework
What does consent look like?
Consent via NagwareData sharing disclosures
Existing Consent Models are Broken
UX Focus on the Framework
What does consent look like?
CHOICENO REAL
Existing Consent Models are Broken
What’s next for the community?
Consensus building / discussion of principles over the past 2 years
NISO Privacy PrinciplesPrivacy Guidelines from ALA Intellectual Freedom Committee & Digital Content Working GroupLITA Patron Privacy Interest GroupLibrary Digital Privacy Pledge
What’s next for the
community?
Now is the time for action
How do we put these principles into practice
Iterative process - implement, learn, change
Expectations & perspectives may change as practices develop
The Next Step
Use the shared partnership amongst the vendors, libraries and users to create a shared ecosystem to build a model
Model language for RFP and Contract
Audit standards and responses
Mapping of principles to local and regional privacy laws
Share implementation best practices amongst libraries and suppliers
Encourage ALA Privacy Summit to move the topic forward
ResourcesNISO Consensus Framework to Support Patron Privacy in Digital Library and Information Systems - http://www.niso.org/topics/tl/patron_privacy/
ALA Code of Ethics - http://www.ala.org/advocacy/proethics/codeofethics/codeethics
ALA Office of Intellectual Freedom - https://chooseprivacyweek.org
ALA Library Privacy Guidelines for e-book Lending and Digital Content Vendors - http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
Library Digital Privacy Pledge - https://libraryfreedomproject.org/ourwork/digitalprivacypledge/
Stock Photography Source: Shutterstock and Stocksnap.io
top related