1. Protecting Patron Information in a Consortial Environment Issues and Strategies Jennifer Kuntz fcljjk@cns.ufl.edu

2. FCLA Mission http://www.fcla.edu “The Florida center for library automation (FCLA) provides automation services that assist the libraries of Florida’s publicly-funded universities in meeting their teaching and research objectives for students and faculty…..”

3. Consortial Issues What patron data needs to be retained for the business operations of supported libraries? What patron data needs to be retained for data integrity in event of a system failure? How long must such data be retained? What data is necessary to provide value-added services desired by patrons? How should patrons be educated regarding how their personally identifiable data is used and retained, and what role should FCLA play in their education?

4. NOTIS Mainframe-based integrated library management system Libraries access only their own patron data Link to patron removed when loans returned, unless a charge is incurred Bills/fines exported to university bursar; Export files age off weekly Daily change log maintained in event of system failure; May contain some links no longer present in primary data

5. WebLUIS Web-based interface to NOTIS – serves as OPAC and portal to electronic resources Users assigned session id for tracking – not linked to personally identifiable patron information Apache logs contain IP address, session id, query and return code Patron services such as online renewal and ILL requests do not require retention of identifiable patron data

6. ALEPH Client-server architecture means lots more places data could potentially be retained Personally identifiable patron data retained in multiple Oracle tables must be explicitly removed Patron features that allow saving and retrieval of searches and records contain personally identifiable data Web server logs contain a session id and query but actual results not retained

7. Electronic Resources FCLA does not sign vendor licenses requiring patron information for basic services Vendors receive only a range of valid IP addresses University libraries “own” their patron data, and can therefore choose to provide to vendors for additional services if desired Web logs contain IP address, URL of database queried, and vendor server response

8. Proxy Server Patrons authenticated against library management system patron data – yes/no response and institution returned Apache access logs contain IP address, query, and server response Error logs may contain invalid userids; retained only long enough for troubleshooting

9. At Each Institution Each university’s policies determine how patron data is used and retained outside of systems run by FCLA Individual library policies determine how patrons are educated regarding the use and retention of personally identifiable data

10. Future Challenges Should FCLA play more of a role in patron education regarding retention of patron data by systems we run? Will later versions of ALEPH retain patron data differently? What value-added features will patrons want and what data will this require to be retained?