Wednesday, May 27, 2015

NISO: Patron Privacy in Library Systems

Patron privacy is becoming more of a concern as data gets easier to collect and retrieve. A spotlight highlighted a few months ago when it was found that Adobe Digital Editions wasn't encrypting the information that it was sending of readers' habits to its central servers. The library profession has tried to protect patron privacy throughout the years. As Section III of the (American Library Association) ALA Code of Ethics states:
We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.
Thanks to an Andrew W. Mellon Foundation grant, the National Information Standards Organization (NISO) set out to produce a Consensus Framework to Support Patron Privacy in Digital Library and Information Systems. The goal of the project is to figure out how to provide better privacy protection on systems used by libraries, information system providers, and publishers. To get "Feature rich, yet neutral, system that respects the user's privacy," as stated in one of the Twitter #nisoprivacy chats.

The discussion was broken down into four phases: patron privacy in library systems, patron privacy in vendor systems, patron privacy in publisher systems, and legal framework for patron privacy. More information is available on the web page on NISO's website.
Privacy w/ lock image
Privacy of information (image at Pixabay)
As libraries collect more information and data on patrons to try and provide better service, the importance of maintaining patron privacy increases. There is a balancing act to improve service through data analyzation and protecting patrons'  privacy, while also making sure the public is aware of their rights concerning privacy (though Pew Research shows that public opinion on online privacy is complex).

One slide in particular during the library systems webinar listed questions that maybe not every library thinks about but should start contemplating:
  • Why collect data?
  • What do we do with data once we have it?
  • Options: opt in/opt out, all in, not at all
These questions should be discussed between librarians, vendors, and those in charge of information systems. It should be discussed within each group and between groups to makes sure that everything that is collected serves a purpose, and to also make sure that the purpose is not at the sacrifice of patron privacy.

After the online lightning talks and discussion, the groups will meet at the ALA in San Francisco to summarize the ideas from the conversations. This will then be put down as 5-10 principles that will be shared to the library and information community.

The recording of the library systems discussion can be found here.

The recording of the vendor systems discussion can be found here.

The recording of the publisher systems discussion can be found here.

Written by:
Ryan Claringbole, Public Library Development Team