Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Policies & Your Library: Perfect Together?

Published byTamsin Crawford Modified over 6 years ago

Similar presentations

Presentation on theme: "Privacy Policies & Your Library: Perfect Together?"— Presentation transcript:

1 Privacy Policies & Your Library: Perfect Together?
Luis Rodriguez Montclair State University VALE Users Conference 2005

2 Privacy policies can deal with more than library records
Policies for appropriate use of computers in library Insuring privacy of use of library computers and other equipment (privacy screens, “cookie management” and other strategies) Working with IT and other campus units Protecting PII from hacking Working with database vendors

3 Privacy and Confidentiality
Privacy & Confidentiality* Privacy: right to use library resources and services without examination or scrutiny by others Confidentiality: when a library keeps personably identifiable information (PII) about users private on their behalf *Privacy: An Interpretation of the Library Bill of Rights

4 PII can be found in more than circulation records
Database search records Interlibrary loan records Reserve and e-reserve use records Reference interviews Computer sign-up sheets Log files in ILS, proxy servers, etc. Back-up tapes Database vendor records Electronic and digital records generated while using library computers RFID Library assessment and survey instruments Ask a librarian Personalized web pages (“My Library” web site concept)

5 Professional Codes & Ethics
ALA Code of Ethics Article III: We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted. Database search records, reference interviews, circulation records, interlibrary loan records, and other personally identifiable uses of library materials, facilities, or services. Library Bill of Rights Privacy: An Interpretation of the Library Bill of Rights ALA Code of Ethics ( Deals with such records as database search records, reference interviews, circulation records, interlibrary loan records, and other personally identifiable uses of library materials, facilities, or services. Library Bill of Rights (

6 Federal Legislation US Supreme Court has established a broad but not unlimited interpretation of the right of privacy Lack of a unifying federal law on privacy FERPA Section 18A: "Library," library record" defined. For the purposes of this a-2)ct: a. "Library" means a library maintained by any State or local governmental agency, school, college, or industrial, commercial or other special group, association or agency, whether public or private. b. "Library record" means any document or record, however maintained, the primary purpose of which is to provide for control of the circulation or other public use of library materials. Section 18A: Confidentiality; exceptions. Library records which contain the names or other personally identifying details regarding the users of libraries are confidential and shall not be disclosed except in the following circumstances: a. The records are necessary for the proper operation of the library; b. Disclosure is requested by the user; or c. Disclosure is required pursuant to a subpena issued by a court or court order. Introduced: Assembly, No. 545 (January 13, 2004) Status: Referred to Assembly Education Committee (1/13/04) Sponsors: Myers Note: An identical bill in the legislature died in committee. Synopsis: Provides access to the library record of a minor by the minor's parent or legal guardian under certain circumstances. Be It Enacted by the Senate and General Assembly of the State of New Jersey: 1. Section 1 of P.L.1985, c.172 (C.18A: ) is amended to read as follows: 1. For the purposes of this act: c. "Minor" means a person 16 years of age or less. (cf: P.L.1985, c.172, s.1) 2. Section 2 of P.L.1985, c.172 (C.18A: ) is amended to read as follows: 2. Library records which contain the names or other personally identifying details regarding the users of libraries are confidential and shall not be disclosed except in the following circumstances:

7 State Legislation NJ State Law on Confidentiality of library records (18A: ) Assembly Bill 545 (referred to the Assembly Education Committee) This bill provides a parent or legal guardian with access to the library record of the parent's or legal guardian's minor child, defined in the bill as a person 16 years of age or less, upon presentation by a parent or legal guardian of a valid form of identification which identifies the person as the parent or legal guardian of the minor child.

8 ALA Privacy Tool Kit Table of Contents Introduction Privacy Policy
Guidelines for Developing a Library Privacy Policy Privacy Procedures

9 Parameters of a privacy policy
Notice and Openness Choice and Consent Access by Users Data Integrity and Security Enforcement and Redress

10 Notice and Openness Provide notice to users of their rights to privacy and confidentiality and of the policies of the library on these issues Types of information gathered and purposes for and limitations to its use

11 Choice and Consent Give users options as to how PII collected from them may be used Opt-in vs. opt-out options

12 Access by users Give users the right to access their own PII and mention this in your privacy policy

13 Data Integrity and Security
Insure the integrity of data where PII is available Regularly purge PII no longer needed Shared data: policies and practices to assure that data shared with other units is protected and reliable Security: technical and administrative measures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data.

14 Data Integrity and Security (continued)
Administrative measures to limit access to data and to make sure those with access do not misuse the data Electronic Tracking – Internally: avoid collecting PII with logging or tracking. Externally: Let users know about limits to privacy when using remote sites

15 Data Integrity and Security (continued)
Data retention – Purge or shred PII that is no longer needed (including back-up tapes, videos from security cameras) Encryption – negotiate with vendors to include encryption tools for certain functions. Make these tools available to users who would need them for special functions.

16 Enforcement and Redress
Develop a mechanism to enforce privacy policies Conduct privacy audits Provide redress to patrons and procedures for investigating complaints Develop educational materials to alert users to privacy issues while using library and in general

17 ALA Privacy Principles
Avoid creating unnecessary records. Only record a user's personally identifiable information when necessary for the efficient, effective operation of the library. Avoid retaining records that are not needed for efficient operation of the library. Check with your local governing body to learn if there are laws or policies addressing record retention and in conformity with these laws or policies, develop policies on the length of time necessary to retain a record. Assure that all kinds and types of records are covered by the policy, including data-related logs, digital records, and system backups. Restrict access to personally identifiable information closely and reveal it only with appropriate authority. Tell your users what information you are keeping and why, and how to ask you for more clarification. Be aware of library practices and procedures that place information on public view, e.g., the use of postcards for overdue notices or requested materials, staff terminals placed so that the screens can be read by the public, sign-in sheets to use computers or other devices, and the provision of titles of reserve requests or interlibrary loans provided over the telephone to users' family members or answering machines. Avoid creating unnecessary records. Only record a user's personally identifiable information when necessary for the efficient, effective operation of the library. Avoid retaining records that are not needed for efficient operation of the library. Check with your local governing body to learn if there are laws or policies addressing record retention and in conformity with these laws or policies, develop policies on the length of time necessary to retain a record. Assure that all kinds and types of records are covered by the policy, including data-related logs, digital records, and system backups. Restrict access to personally identifiable information closely and reveal it only with appropriate authority. Tell your users what information you are keeping and why, and how to ask you for more clarification. Be aware of library practices and procedures that place information on public view, e.g., the use of postcards for overdue notices or requested materials, staff terminals placed so that the screens can be read by the public, sign-in sheets to use computers or other devices, and the provision of titles of reserve requests or interlibrary loans provided over the telephone to users' family members or answering machines.

18 Fair Information Principles (from the Privacy Act of 1974)
There should be no records whose very existence is private; An individual must be able to discover what information is contained in his or her record and how it is used; An individual must be able to prevent information collected for one purpose from being used for another purpose without consent; An individual must be able to correct or amend erroneous information; and Any organization creating, maintaining, using or disseminating records of identifiable personal data must assure the reliability of that data for its intended purpose and must take precautions to prevent misuse. K.A. Coombs, “Walking a Tightrope: Academic Libraries and Privacy, J. of Academic Librarianship, 30 (6)

19 OECD Privacy Principles
Openness  Purpose specification  Collection limitation  Use limitation  Individual participation  Quality Security safeguards  Accountability A Checklist of Responsible Information-Handling Practices Privacy Rights Clearinghouse Openness. There should be a general practice of openness about practices and policies with respect to personal information. Means should be available to establish the existence and nature of personal information and the main purposes of its use.   Purpose specification. The purpose for collecting personal information should be specified at the time of collection. Further uses should be limited to those purposes.   Collection limitation. The collection of personal information should be obtained by lawful and fair means and with the knowledge and consent of the subject. Only that information necessary for the stated purpose should be collected, nothing more.   Use limitation. Personal information should not be disclosed for secondary purposes without the consent of the subject or by authority of law.   Individual participation. Individuals should be allowed to inspect and correct their personal information. Whenever possible, personal information should be collected directly from the individual.   Quality. Personal information should be accurate, complete and timely, and be relevant to the purposes for which it is to be used.   Security safeguards. Personal information should be protected by reasonable security safeguards against such risks as loss, unauthorized access, destruction, use, modification or disclosure. Access to personal information should be limited to only those within the organization with a specific need to see it.   Accountability. Someone within the organization, such as the Chief Privacy Officer or an information manager, should be held accountable for complying with its privacy policy. Privacy audits to monitor organizational compliance should be conducted on a regular basis, as should employee training programs. (11)

20 Conducting a privacy audit
Useful sites SOPAG Privacy Audit and Guidelines Privacy Audit Checklist

21 USA PATRIOT Act ALA resources on the Act
Guidelines to assist libraries with requests for confidential library records (NJLA)

22 Educating staff and users
What have you done to handle this?

23 Sample library privacy policies
Privacy Tool Kit links Indiana University – Purdue University John Carroll University Syracuse University University of Michigan

24 Checklist of Questions About Privacy and Confidentiality*
See handout for list of questions to ask about how your library deals with privacy and confidentiality *From the “Privacy Tool Kit”

Download ppt "Privacy Policies & Your Library: Perfect Together?"

Similar presentations

I Choose Privacy! Intellectual Freedom: Addressing the Privacy Issue in the Academic Library.

I Choose Privacy! Intellectual Freedom: Addressing the Privacy Issue in the Academic Library.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.

1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.
USA PATRIOT Act and Libraries Eric Johnson & Rodney Clare Jackman Sims Memorial Library.

USA PATRIOT Act and Libraries Eric Johnson & Rodney Clare Jackman Sims Memorial Library.
Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.

Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.
2/16/2010 The Family Educational Records and Privacy Act.

2/16/2010 The Family Educational Records and Privacy Act.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
707 KAR 1:360 Confidentiality of Information. Section 1: Access Rights 1) An LEA shall permit a parent to inspect and review any education records relating.

707 KAR 1:360 Confidentiality of Information. Section 1: Access Rights 1) An LEA shall permit a parent to inspect and review any education records relating.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Similar presentations

Ads by Google