Protecting Library Users' Privacy in a Digital Age Swedish Library Association May, 2014 Barbara Jones, American Library Association

The Shifting Landscape of Privacy

Privacy Myths

People Care About Their Privacy

Our Data –Who we are –What we read and think –Where we go and when we go there –Who we talk to, and what we say to them –What we earn, how we manage it, what we spend it on

Privacy and Pointillism

In February, 2010 advertising and marketing startup Clearsight Interactive announced that it had purchased enough personally identifiable information about individuals to enable it to link 65 million home IP addresses with their actual users. —Daily Online Examiner, February 25,

Every day, collection systems at the National Security Agency intercept and store 1.7 billion s, phone calls and other types of communications. —"A hidden world, growing beyond control," The Washington Post, July 19,

Privacy Means Many Things Confidentiality Limits on information use Freedom from surveillance Personal choice and control

Protecting What Matters Personal privacy Consumer privacy Online privacy Youth and privacy Government surveillance Reader privacy

Privacy in the Library “In a library (physical or virtual), the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others.” Privacy: An Interpretation of the Library Bill of Rights

Privacy in the Library “Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.” Privacy: An Interpretation of the Library Bill of Rights

ALA Code of Ethics “ We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” Article III, ALA Code of Ethics

Laws That Protect Library Users' Privacy First Amendment Fourth Amendment Court Opinions

In New York, any library record that contains the name or other personally identifying details of a library user, including (but not limited to) circulation records, computer database searches, interlibrary loans, reference queries, photocopies of library materials, and hold or reserve requests is confidential and shall not be disclosed. ~~ NY CLS CPLR § 4509 See also In the Matter of Quad/Graphics, Inc.v. Southern Adirondack Library System, 174 Misc. 2d 291, 664 N.Y.S.2d 225 (1997)

Federal Laws and Reader Privacy – Video Privacy Protection Act – Electronic Communications Privacy Act – USA PATRIOT Act

USA PATRIOT Act & Libraries – Section 215 – Foreign Intelligence Surveillance Act Orders – Section 505 – National Security Letters

PATRIOT Act Gag Orders Gag Orders attached to these orders prohibit recipients from disclosing the existence of the warrant, or the fact that records were turned over to the FBI. Exceptions: – legal counsel – persons needed to comply with the order

NSA and The PATRIOT Act Section 215 used to authorize the bulk collection of U.S. phone call metadata on the grounds that the data, when queried, may produce information relevant to an investigation. Section 702 of the Foreign Intelligence Surveillance Act used to authorize the collection and examination of stored communications and other Internet data from ISPs. (PRISM)

Impact on Library Users

Privacy in the Library: Law Enforcement Inquiries

– Subpoena – Search Warrant – Electronic Communication Orders – FISA Orders and National Security Letters Forms of Court-Authorized Orders

– Request for voluntary cooperation – Exigent Circumstances (threat to life or physical safety) – Evidence in plain view Informal or Warrantless Inquiries

Legal Limits on Law Enforcement Inquiries Statutes Bill of Rights Court-ordered limitations

It can happen anywhere The one-room Deming Public Library, part of the rural Whatcom County Library System was served with an FBI subpoena that sought the names and addresses of persons who borrowed a biography of Osama Bin Laden.

Vs. What should you keep confidential?

Tips and Reminders –Library records are not “public records” subject to inspection –Only FBI agents are permitted to serve and use a FISA order or NSL –Establish a cordial working relationship with local law enforcement authorities –Law enforcement should be left to the police

Privacy in the library: Ensuring privacy for library users Scimus Quae Legis, Et Non Dicimus (We know what you read, and we're not telling)

Crafting Privacy Policies – Communicate the library’s commitment to protecting library users’ personal information – Explain how users’ personal information is used, stored, and protected – Explain when library records might be disclosed to third parties and law enforcement

ALA Privacy Policies Intellectual Freedom Manual, 8 th ed. Policy on the Confidentiality of Library Records Policy Concerning Confidentiality of Personally Identifiable Information about Library Users Resolution on the Retention of Library Users’ Records

Conducting a Privacy Audit –What data is recorded? –Where is it located? –Who has access? –How long is data kept? –Evaluate existing privacy policy Resource: Karen Coyle, Library Privacy Audits

Policy: Records Retention –Retention plan –Destruction schedules –Purging personally identifiable information –State laws (New York Freedom of Information Law and associated statutes as well as any local records act)

Policy: Law Enforcement –Identify who is responsible for responding to requests for library records and information –Describe the scope of employees’ and volunteers’ authority to respond to requests for library records or for information about library users –Identify circumstances under which the library will release library records or information about library users

Self-Service Holds

--Lusty Reader blog August 11, 2010 lustyreader.wordpress.com/

Consider using systems employing obscurity or anonymity for self-serve holds

User Data the Library Doesn’t Control Library Consortia Internet Service Providers Resource: ICOLC Privacy Guidelines for Electronic Resources Vendors

Arizona Privacy of user records; violation; classification; definition A.Except as provided in subsection B OF THIS SECTION, a library or library system supported by public monies shall not allow disclosure of any record or other information which, INCLUDING E BOOKS, THAT identifies a user of library services as requesting or obtaining specific materials or services or as otherwise using the library. B. Records may be disclosed: 1.If necessary for the reasonable operation of the library. 2.On written consent of the user. 3.On receipt of a court order. 4.If required by law. C. Any person who knowingly discloses any record or other information in violation of this section is guilty of a class 3 misdemeanor. D. FOR THE PURPOSES OF THIS SECTION, "E-BOOK" MEANS A BOOK COMPOSED IN OR CONVERTED TO DIGITAL FORMAT FOR DISPLAY ON A COMPUTER SCREEN OR HANDHELD DEVICE.

California Government Code Section 6267 All patron use records of any library which is in whole or in part supported by public funds shall remain confidential and shall not be disclosed by a public agency, or private actor that maintains or stores patron use records on behalf of a public agency, to any person, local agency, or state agency except as follows: a)By a person acting within the scope of his or her duties within the administration of the library. b)By a person authorized, in writing, by the individual to whom the records pertain, to inspect the records. c)By order of the appropriate superior court.

Questions? Want More Information? x4224