Presentation is loading. Please wait.

Presentation is loading. Please wait.

Library Patron Privacy in Jeopardy An analysis of the privacy policies of digital content vendors ASIS&T General Meeting 2015 April Lambert, Michelle Parker.

Published byVirgil Cox Modified over 8 years ago

Similar presentations

Presentation on theme: "Library Patron Privacy in Jeopardy An analysis of the privacy policies of digital content vendors ASIS&T General Meeting 2015 April Lambert, Michelle Parker."— Presentation transcript:

1 Library Patron Privacy in Jeopardy An analysis of the privacy policies of digital content vendors ASIS&T General Meeting 2015 April Lambert, Michelle Parker & Masooda Bashir

2 Introduction Patron privacy has long been a core value for librarians. Privacy is fundamental for intellectual freedom. Privacy is essential for free speech, thought and association. “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and references consulted, borrowed, acquired, or transmitted.” ----- ALA Code of Ethics

3 Introduction Library patron privacy is not just about protecting borrower records. Many patrons now view and borrow digital materials through library websites.

4 Patron Privacy for Digital Materials Patrons may download e-magazines, borrow e-books, view videos, and listen to music. Most libraries offer digital material services through third party sites. This creates multiple points where library patrons’ personal identifying information (PII) may be gathered.

5 Patron Privacy for Digital Materials How is patron privacy being protected at these multiple sites for information gathering? Do public library patrons have any way of knowing if their privacy is being protected?

6 Research Questions Are digital content vendor privacy policies accessible and understandable to public library patrons? - Do they even have a privacy policy? Do digital content vendor privacy policies meet the standards of the library community? Do these privacy policies meet other industry standards?

7 Methodology Visited websites of the top 25 American public libraries and gathered list of all digital resources linked on those sites The top 25 American public libraries were determined by population served data available on the website of the American Library Association Differentiated between digital vendors and digital resources – examined privacy policies of most-used digital vendors

8 Methodology - Vendors

9 Methodology - Codebook Based primarily on codebook used by Trina Magi in her review of academic library vendors (Magi, T. J. (2010). A content analysis of library vendor privacy policies: do they meet our standards?. College & Research Libraries, 71 (3), 254-272.) Revised after test run; added questions re: security and software platforms Two of the authors reviewed each policy The small number of coders made it difficult to calculate intercoder reliability index, but any question with less than 80% agreement was thrown out

10 Methodology - Sources Library profession standards American Library Association's Code of Ethics & supporting policies International Coalition of Library Consortia guidelines International Information Protection Standards Fair Information Practices (FIPs)

11 Methodology - Criteria American Library Association Code of Ethics Libraries should adopt policies to keep patron Personal Identifying Information in library records confidential Patrons should be informed of why Personal Identifying Information is collected and how it is being kept confidential Libraries should limit the information they collect, avoid creating unnecessary records, and maintain the privacy of records Libraries should conduct regular privacy audits http://www.ala.org

12 Methodology - Criteria International Coalition of Library Consortia Guidelines (2002) Echoes most of the American Library Association’s guidelines Specifically states that standards apply to library vendors Requires vendors to specifically state compliance with American Library Association’s Code of Ethics Vendors must limit data collection and regularly review privacy policies to comply with American Library Association’s standards Library patrons must be able to access sites even if they decline to allow Personal Identifying Information to be collected Vendors must maintain full control over their sites so that third parties, including advertisers, cannot violate patron privacy http://icolc.net

13 Methodology - Criteria Fair Information Practices Fair Information Practices are internationally recognized practices relating to the privacy of an individual’s information. (1) Notice/Awareness (2) Choice/Consent (3) Access/Participation (4) Integrity/Security (5) Enforcement/Redress

14 Analysis – Accessibility & Comprehension 90-100” easily understood by an average 11-year old, 60-70 easily understood by 15 -15 year old, 0-30 best understood by university graduates

15 Analysis – Reasons for Collecting PII

16 Analysis – Reasons for Sharing PII Reasons for SharingNumber of Vendors To monitor compliance4 To protect the safety of employees and/or the public4 To process commercial transactions3 In relation to a legal proceeding3 In connection with a sale or merger3 For advertising and promotion2 For research and/or development2 To administer or protect the website and/or the server1 Other general reasons1

17 Analysis – User Consent and Access # of Vendors % of Vendors % Intercoder Agreement Contact information provided5100 States that provision of PII is voluntary 12080 User may view PII held by vendor240100 User may contest accuracy or completeness of PII held by vendor 36080 User may delete all PII held by vendor 120100 Vendor allows access when user denies permission to distribute PII 12080

18 Analysis – Enforcement Number of Vendors% of Vendor s Intercod er Agreem ent Explanation of how policy enforced 00100 Affirmation of ALA Code of Ethics 00100 Vendor states that they conduct privacy audit 00100 Vendor regularly reviews enforcement of privacy policy Yes120100 Doesn’t say480 Vendor states which media platforms are compatible 12080 Vendor references privacy policy of a media platform 00100

19 Analysis – Security & Data Storage 4 of the 5 policies claimed to take steps to protect patron PII, but none specified where data was stored 1 of the 5 policies referenced transmittal of records across borders (to comply with European Union’s safe harbor requirements for transborder information transfers) 4 of the 5 policies stated that data was encrypted; 3 specifically mentioned SSL Some vendors may address these topics in separate security related policies

20 Conclusions Public library digital content vendors’ privacy policies are generally easily accessible, though difficult to comprehend. Digital content vendors are more likely to meet industry FIPs guidelines, which focus on notice and consent, and less likely to meet the library profession guidelines, which require positive actions to protect library patrons’ privacy.

21 Limitations and Future Directions Repeat the study with a larger sample size Have more coders on the project Development of a publically available code book. Make the transitions between library websites and vendor websites more apparent. Develop negotiation guidelines for use by libraries and vendors

22 Acknowledgments Thank you to Trina Magi for sharing her work with us. Questions? Michelle Parker miparke2@illinois.edu April Lambert adlambe2@illinois.edu Dr. Masooda Bashir mnb@illinois.edu

Download ppt "Library Patron Privacy in Jeopardy An analysis of the privacy policies of digital content vendors ASIS&T General Meeting 2015 April Lambert, Michelle Parker."

Similar presentations

I Choose Privacy! Intellectual Freedom: Addressing the Privacy Issue in the Academic Library.

I Choose Privacy! Intellectual Freedom: Addressing the Privacy Issue in the Academic Library.
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Birnhack & Elkin-Koren, Feb. 20041 Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center.

Birnhack & Elkin-Koren, Feb Privacy Practices of Israeli Public Web Sites February 2004 Dr. Michael Birnhack & Dr. Niva Elkin-Koren Haifa Center.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
A Model for IT Policy Development Marilu Goodyear & Beth Forrest Warner University of Kansas Educause 2001October 29, 2001.

A Model for IT Policy Development Marilu Goodyear & Beth Forrest Warner University of Kansas Educause 2001October 29, 2001.
Jesper Klein The Swedish Library of Talking Books and Braille 2008-08-24 The Swedish talking book model 2.0 -----------------------------------------------------------

Jesper Klein The Swedish Library of Talking Books and Braille The Swedish talking book model
HMIS Fundamentals HMIS Data Standards for VA Community Contract Programs.

HMIS Fundamentals HMIS Data Standards for VA Community Contract Programs.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
American Library Association (ALA) Standard 5: The information literates student understands many of the economic, legal and social issues surrounding.

American Library Association (ALA) Standard 5: The information literates student understands many of the economic, legal and social issues surrounding.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006.

Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006.
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Professional Codes of Ethics Professionalism and Codes of Ethics.

Professional Codes of Ethics Professionalism and Codes of Ethics.
The Social Context of Computing Foundation Computing Never underestimate the power of human stupidity.

The Social Context of Computing Foundation Computing Never underestimate the power of human stupidity.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.

Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.
C4- Social, Legal, and Ethical Issues in the Digital Firm

C4- Social, Legal, and Ethical Issues in the Digital Firm
This work was supported by the TRUST Center (NSF award number CCF-0424422) Introduction In 1995 Mary J. Culnan stated that ‘fair information practices.

This work was supported by the TRUST Center (NSF award number CCF ) Introduction In 1995 Mary J. Culnan stated that ‘fair information practices.

Similar presentations

Ads by Google