Library Patron Privacy in Jeopardy An analysis of the privacy policies of digital content vendors ASIS&T General Meeting 2015 April Lambert, Michelle Parker.

Slides:

Advertisements

Similar presentations

I Choose Privacy! Intellectual Freedom: Addressing the Privacy Issue in the Academic Library.

Advertisements

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Birnhack & Elkin-Koren, Feb Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

A Model for IT Policy Development Marilu Goodyear & Beth Forrest Warner University of Kansas Educause 2001October 29, 2001.

Jesper Klein The Swedish Library of Talking Books and Braille The Swedish talking book model

HMIS Fundamentals HMIS Data Standards for VA Community Contract Programs.

Developing a Records & Information Retention & Disposition Program:

American Library Association (ALA) Standard 5: The information literates student understands many of the economic, legal and social issues surrounding.

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Professional Codes of Ethics Professionalism and Codes of Ethics.

The Social Context of Computing Foundation Computing Never underestimate the power of human stupidity.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.

C4- Social, Legal, and Ethical Issues in the Digital Firm

This work was supported by the TRUST Center (NSF award number CCF ) Introduction In 1995 Mary J. Culnan stated that ‘fair information practices.

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

>>APMG 8119: DIGITAL ENTERPRISE. Copyright ??  Copyright is a exclusive right that gives the right to owner for ownership, transfer or sell to others.

Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.

Human Research Ethics and Obtaining Ethics Approval

2 1.Client protection principles 2.Principle #6 in practice 3.Two components of protecting client data 4.Participant feedback 5.Practitioner lessons and.

1 Spyware Ryan Myers Andrew Sullivan ECE 4112 – Spring 2005.

Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.

The Significance and Evolution of End User Privacy Julie Earp College of Management North Carolina State University WISE 2010 Sponsored by TRUST June 21-24,

Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

HOT TOPIC: ARE E-BOOKS THE FUTURE: July 23, 2012 American Association of Law Libraries 2012 Marshall Breeding Independent Consult, Author, Founder and.

Privacy BBA361 Business Ethics and Corporate Governance Lecture 4 Department of Business Administration Chapter 6, “Ethics and the Conduct of Business”,John.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Family Educational Rights and Privacy Act (FERPA) UNION COLLEGE.

EXAMINING AND EVALUATING REFERENCES SOURCES Determine the need, then devise an effective strategy to locate the information before evaluating and prescribing.

Digital Content, Libraries, and Ethics Sarah Houghton LibrarianInBlack.net Director, San Rafael Public Library.

12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

The Data Protection Act [1998]

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

Privacy Engineering for Digital Rights Management Systems By XiaoYu Chen.

Patron Privacy Issues Cindy Cunningham – OHSU. Overview Balancing demands (academic environment) Privacy in Libraries System Privacy  Vendor  Institution/Library.

ITGS Databases.

Front Page Title Name Introduction Appropriate Images The Legal Issues -Personal Data -Freedom of Information -Computer Crimes Ethical Issues -

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Lecture 8 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS (continued) © Prentice Hall

WELCOME to the TULANE UNIVERSITY HUMAN RESEARCH PROTECTION OFFICE WORKSHOP for SOCIAL/BEHAVIORAL RESEARCH (March 2, 2010) Tulane University HRPO Uptown.

Protecting your Managed Services Practice: Are you at Risk?

Sharing Information (FERPA) FY07 REMS Initial Grantee Meeting December 5, 2007, San Diego, CA U.S. Department of Education, Office of Safe and Drug-Free.

Our conclusions: 1.It is in the best interest of both faculty and students for faculty to inform students of their classroom recording policies. 2.Recording.

Banned Books Week (Sept 25 – 29) Library Media Center CPHS.

CRAP ~ WEBSITE EVALUATION. Common Core ~ Students will be able to: To be ready for college, workforce training, and life in a technological society, students.

Data protection—training materials [Name and details of speaker]

St Bernadette RC Primary School WELCOME.

From Facebook to Mugshots Facebook/MySpace EDD: Legal, social & ethical issues in use of modern personal posting technologies in law enforcement and academic.

Visibook is instant, simple, and dynamic appointment booking We're headquartered in San Francisco, California "Visibook is awesome. My entire studio was.

Nassau Association of School Technologists

Legal and Ethical Issues in E-Commerce

Latest Updates on BlackHawk Mines Music : Privacy Policy

Privacy Policies & Your Library: Perfect Together?

Professional Codes of Ethics

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Current Privacy Issues That May Affect Your Credit Union

Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.

The Issues with Technology in education

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

Student Privacy in the age of big data

Code of Conduct By Leo Coroneos

Presentation transcript:

Library Patron Privacy in Jeopardy An analysis of the privacy policies of digital content vendors ASIS&T General Meeting 2015 April Lambert, Michelle Parker & Masooda Bashir

Introduction Patron privacy has long been a core value for librarians. Privacy is fundamental for intellectual freedom. Privacy is essential for free speech, thought and association. “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and references consulted, borrowed, acquired, or transmitted.” ALA Code of Ethics

Introduction Library patron privacy is not just about protecting borrower records. Many patrons now view and borrow digital materials through library websites.

Patron Privacy for Digital Materials Patrons may download e-magazines, borrow e-books, view videos, and listen to music. Most libraries offer digital material services through third party sites. This creates multiple points where library patrons’ personal identifying information (PII) may be gathered.

Patron Privacy for Digital Materials How is patron privacy being protected at these multiple sites for information gathering? Do public library patrons have any way of knowing if their privacy is being protected?

Research Questions Are digital content vendor privacy policies accessible and understandable to public library patrons? - Do they even have a privacy policy? Do digital content vendor privacy policies meet the standards of the library community? Do these privacy policies meet other industry standards?

Methodology Visited websites of the top 25 American public libraries and gathered list of all digital resources linked on those sites The top 25 American public libraries were determined by population served data available on the website of the American Library Association Differentiated between digital vendors and digital resources – examined privacy policies of most-used digital vendors

Methodology - Vendors

Methodology - Codebook Based primarily on codebook used by Trina Magi in her review of academic library vendors (Magi, T. J. (2010). A content analysis of library vendor privacy policies: do they meet our standards?. College & Research Libraries, 71 (3), ) Revised after test run; added questions re: security and software platforms Two of the authors reviewed each policy The small number of coders made it difficult to calculate intercoder reliability index, but any question with less than 80% agreement was thrown out

Methodology - Sources Library profession standards American Library Association's Code of Ethics & supporting policies International Coalition of Library Consortia guidelines International Information Protection Standards Fair Information Practices (FIPs)

Methodology - Criteria American Library Association Code of Ethics Libraries should adopt policies to keep patron Personal Identifying Information in library records confidential Patrons should be informed of why Personal Identifying Information is collected and how it is being kept confidential Libraries should limit the information they collect, avoid creating unnecessary records, and maintain the privacy of records Libraries should conduct regular privacy audits

Methodology - Criteria International Coalition of Library Consortia Guidelines (2002) Echoes most of the American Library Association’s guidelines Specifically states that standards apply to library vendors Requires vendors to specifically state compliance with American Library Association’s Code of Ethics Vendors must limit data collection and regularly review privacy policies to comply with American Library Association’s standards Library patrons must be able to access sites even if they decline to allow Personal Identifying Information to be collected Vendors must maintain full control over their sites so that third parties, including advertisers, cannot violate patron privacy

Methodology - Criteria Fair Information Practices Fair Information Practices are internationally recognized practices relating to the privacy of an individual’s information. (1) Notice/Awareness (2) Choice/Consent (3) Access/Participation (4) Integrity/Security (5) Enforcement/Redress

Analysis – Accessibility & Comprehension ” easily understood by an average 11-year old, easily understood by year old, 0-30 best understood by university graduates

Analysis – Reasons for Collecting PII

Analysis – Reasons for Sharing PII Reasons for SharingNumber of Vendors To monitor compliance4 To protect the safety of employees and/or the public4 To process commercial transactions3 In relation to a legal proceeding3 In connection with a sale or merger3 For advertising and promotion2 For research and/or development2 To administer or protect the website and/or the server1 Other general reasons1

Analysis – User Consent and Access # of Vendors % of Vendors % Intercoder Agreement Contact information provided5100 States that provision of PII is voluntary User may view PII held by vendor User may contest accuracy or completeness of PII held by vendor User may delete all PII held by vendor Vendor allows access when user denies permission to distribute PII 12080

Analysis – Enforcement Number of Vendors% of Vendor s Intercod er Agreem ent Explanation of how policy enforced Affirmation of ALA Code of Ethics Vendor states that they conduct privacy audit Vendor regularly reviews enforcement of privacy policy Yes Doesn’t say480 Vendor states which media platforms are compatible Vendor references privacy policy of a media platform 00100

Analysis – Security & Data Storage 4 of the 5 policies claimed to take steps to protect patron PII, but none specified where data was stored 1 of the 5 policies referenced transmittal of records across borders (to comply with European Union’s safe harbor requirements for transborder information transfers) 4 of the 5 policies stated that data was encrypted; 3 specifically mentioned SSL Some vendors may address these topics in separate security related policies

Conclusions Public library digital content vendors’ privacy policies are generally easily accessible, though difficult to comprehend. Digital content vendors are more likely to meet industry FIPs guidelines, which focus on notice and consent, and less likely to meet the library profession guidelines, which require positive actions to protect library patrons’ privacy.

Limitations and Future Directions Repeat the study with a larger sample size Have more coders on the project Development of a publically available code book. Make the transitions between library websites and vendor websites more apparent. Develop negotiation guidelines for use by libraries and vendors

Acknowledgments Thank you to Trina Magi for sharing her work with us. Questions? Michelle Parker April Lambert Dr. Masooda Bashir