Future Privacy & Security Concerns in Libraries

Kyrsten Crowe, Rachel Hodges, Emily Stockdale

USA PATRIOT Act

Uniting and Strengthening America act

Provide Appropriate Tools Required to Intercept and Obstruct Terrorism act

Passed after 9/11 to gain information to prevent future terrorist attacks and protect innocent Americans.

Allows gov’t seizure of personal information of patron’s from libraries in paper or electronic form.

(Fifarek, 2002)

Patron Records“Confidentiality relates to the possession of personally identifiable information [PII], including such library-created records as closed-stack call slips, computer sign-up sheets, registration for equipment or facilities, circulation records, Web sites visited, reserve notices, or research notes (ALA Privacy and Confidentiality).”

All libraries should have a records retention policy for paper and electronic records with Personal Identifiable Information (PII) (Vaughn, 2007).– EDI alerts such as “If you liked this book, then you will like these…”

relies on PPI (Fifarek, 2002).

ALA Code of Ethics

III. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

VI. We do not advance private interests at the expense of library users, colleagues, or our employing institutions.

ALA: Code of ethics. (1995). ALA: American Library Association. Retrieved July 30, 2010, from http://www.ala.org/ala/issuesadvocacy/proethics/codeofethics/codeethics.cfm

Privacy Statement

The Sonoma County, CA Library’s Privacy Statement:

– We are committed to preserving the privacy of our visitors and patrons. We do not collect personal information about you just because you visit this site. We will not share any information you give us with anyone unless required by cour t order. We do not collect or sell your information for commercial purposes. Your patron information is confidential (Falk, 2004).

Libraries can use the ALA Privacy Toolkit to help create their own policy: http://www.ala.org/ala/aboutala/offices/oif/iftoolkits/toolkitsprivacy/privacy.cfm

How to Protect Patron PrivacyLimit the monitoring, collection, disclosure, and distribution of personally identifiable information (PII).

Avoid creating unnecessary records. Only record a user's PII when necessary for the efficient operation of the library.

Avoid retaining records that are not needed for efficient operation of the library. Assure that all kinds and types of records are covered by the policy, including data-related logs, digital records, vendor-collected data, and system backups.Avoid library practices and procedures that place information on public view

– using postcards for overdue notices or requested materials; – using patron names to identify self-pickup holds; – placement of staff terminals so the screens can be read by the public; – using sign-in sheets to use computers or other devices;– providing titles of reserve requests or interlibrary loans over the telephone to users'

family members or answering machines).(ALA Privacy ToolKit, 2004)

RFID Concerns

Risks to Borrower

Tracking materials

Hotlisting materials

Profiling

Risks to Collection

Disarm/alter tag

Switching tag data

Digital vandalism

RFID Changes for Library UseLibraries should not use RFID tags for borrower cards

Limit the amount of data recorded on the tag to just the primary item number

Only staff should have access to bibliographic searching using the tag number.

Inform the community about your local RFID project.

Review security procedures for staff.

Lobby vendors for improved security solutions.(Butters, p. 437)

Library Public Access Computer Privacy/Security

Information Age

Computer Centers in libraries are booming.

Libraries promote information literacy, but technology exacerbates risks to privacy and confidentiality.

How much responsibility does a library have when it comes to privacy and security risks on public access computers?

Keeping Public Info Safe

Several software options.

4 things– Temp. Internet Files– Browsing History– Cookies– Form Memory/”autocomplete”

Keeping Public Info Safe

Consult ALA Guidelines for Developing Privacy Policy.Do so often, to keep up with technology advances.Modify library privacy policy to address your patrons.No chat rooms, no games, no flashdrives.

Social Networking and Web 2.0 Privacy & Security Issues: Implications for Librarians

Privacy in the Web 2.0 World

While privacy is a core value of libraries, Web 2.0 tools are about sharing information. As librarians, to what degree are we responsible to educate our users on privacy and security in the use of these tools?How can these tools be used to enhance library services and meet user’s needs?

Library 2.0

Library 2.0 is a new way of providing library service through new Internet technologies, with emphasis on “user-centered” change and interaction. Library services are frequently evaluated and updated to meet the changing needs of library users. The active and empowered library user is a significant component of Library 2.0.

Libraries can harness the power and popularity of these tools to reach out to their users.

In using these tools, librarians must be aware of ever-changing privacy policies and use these tools in accordance with their own ethical standards.

While educating users on privacy is not the responsibility of the librarian, information and guidance can be offered.

Questions for Users to Consider:

Who can see my information?

Is my information safe?

How is my information being used?

How can I protect my privacy?

Web 2.0 Security Vulnerabilities

Web 2.0 sites are more prone to attack since they have more interactions with the browser and require running complex Javascript code on user machines. Malicious content could easily be introduced without the user’s knowledge.

What can librarians do?

Have an up-to-date understanding of popular social networking sites and Web 2.0 tools and potential privacy issues

Ensure that the tools the library uses do not violate ethical privacy standards

Provide information to educate users on potential privacy & security threats

ReferencesALA code of ethics. (1995). ALA: American Library Association. Retrieved July 10, 2010, from

http://www.ala.org/ala/issuesadvocacy/proethics/codeofethics/codeethics.cfmALA privacy and confidentiality. (n.d.). ALA: American Library Association. Retrieved July 23, 2010, from

http://www.ala.org/ala/aboutala/offices/oif/ifissues/privacyconfidentiality.cfmALA privacy toolkit (2004). ALA: American Library Association. Retrieved July 23, 2010, from

http://www.ala.org/ala/aboutala/offices/oif/iftoolkits/toolkitsprivacy/privacy.cfmBatt, C. (1995, August 20). The library of the future: public libraries and the internet. Retrieved from http://archive.ifla.org/IV/ifla61/61-batc.htmBen-Itzhak,Y. (2007, September 10). Tackling the security issues of web 2.0. Retrieved from http://www.scmagazineus

.com/tackling-the-security-issues-of-web-20/article/35609/Blyberg, J. (2006, January 9). 11 reasons why library 2.0 exists and matters [Web log]. Retrieved from

http://www.blyberg.net/2006/01/09/11-reasons-why-library-20-exists-and-matters/Butters, A. (2007). RFID systems, standards and privacy within libraries. The Electronic Library, 25(4), 430-439 Retrieved July 26, 2010 from the

EBSCOhost database.Cottrell, J. (1999). Ethics in an age of changing technology: familiar territory or new frontiers? Library Hi Tech, 17(1), 107-113. Courtney, N. (2007). Library 2.0 and beyond: Innovative technologies and tomorrow's user. Santa Barbara, CA: Libraries Unlimited. Cvetkovic, M. (2010, August 1). Making Web 2.0 Work—From ‘Librarian Habilis’ to ‘Librarian Sapiens’. Retrieved from

http://www.infotoday.com/cilmag/oct09/Cvetkovic.shtml Evers, J. (2006, July 28). The security risk in web 2.0. Retrieved from http://news.cnet.com/The-security-risk-in-Web-2.0/2100-1002_3-6099228.html Fernandez, P. (2009, March). Online social networking sites and privacy: Revisiting ethical considerations for a new generation of technology.

Library Philosophy and Practice, 1-9. Fifarek, A. (2002). Technology and privacy in the academic library. Online Information Review, 26(6), 366-374. Retrieved July 23, 2010, from the

Emerald full text database. Litwin, R. (2006, May 22). The central problem of library 2.0: Privacy [Web log]. Retrieved from http://libraryjuicepress.com/blog/?p=68Mullan, J. (2009, February 25). Social networking: Privacy and other issues [Web log].Retrieved from

http://www.therunninglibrarian.co.uk/2009/02/social-networking-privacy-and-other.htmlSauers, M. (2005, October 19). Protecting patron privacy on public pcs. Retrieved from

http://www.webjunction.org/pc-protection/-/articles/content/435260. Saunders, A. (2008, January 8). A privacy manifesto for the web 2.0 era. Retrieved from http://gigaom.com/2008/01/08/a-privacy-manifesto-for-the-

web-20-era/ Sturges, P. (2003). User privacy in the digital library environment. Library Management, 24(1/2), 44-50. Vaughan, J. (2007). Toward a record retention policy. The Journal of Academic Librarianship, 33(2), 217-27. Retrieved July 23, 2010, from the

Library Literature and Information full text database.