Privacy and security 815
Transcript of Privacy and security 815
Future Privacy & Security Concerns in Libraries
Kyrsten Crowe, Rachel Hodges, Emily Stockdale
USA PATRIOT Act
Uniting and Strengthening America act
Provide Appropriate Tools Required to Intercept and Obstruct Terrorism act
Passed after 9/11 to gain information to prevent future terrorist attacks and protect innocent Americans.
Allows gov’t seizure of personal information of patron’s from libraries in paper or electronic form.
(Fifarek, 2002)
Patron Records“Confidentiality relates to the possession of personally identifiable information [PII], including such library-created records as closed-stack call slips, computer sign-up sheets, registration for equipment or facilities, circulation records, Web sites visited, reserve notices, or research notes (ALA Privacy and Confidentiality).”
All libraries should have a records retention policy for paper and electronic records with Personal Identifiable Information (PII) (Vaughn, 2007).– EDI alerts such as “If you liked this book, then you will like these…”
relies on PPI (Fifarek, 2002).
ALA Code of Ethics
III. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.
VI. We do not advance private interests at the expense of library users, colleagues, or our employing institutions.
ALA: Code of ethics. (1995). ALA: American Library Association. Retrieved July 30, 2010, from http://www.ala.org/ala/issuesadvocacy/proethics/codeofethics/codeethics.cfm
Privacy Statement
The Sonoma County, CA Library’s Privacy Statement:
– We are committed to preserving the privacy of our visitors and patrons. We do not collect personal information about you just because you visit this site. We will not share any information you give us with anyone unless required by cour t order. We do not collect or sell your information for commercial purposes. Your patron information is confidential (Falk, 2004).
Libraries can use the ALA Privacy Toolkit to help create their own policy: http://www.ala.org/ala/aboutala/offices/oif/iftoolkits/toolkitsprivacy/privacy.cfm
How to Protect Patron PrivacyLimit the monitoring, collection, disclosure, and distribution of personally identifiable information (PII).
Avoid creating unnecessary records. Only record a user's PII when necessary for the efficient operation of the library.
Avoid retaining records that are not needed for efficient operation of the library. Assure that all kinds and types of records are covered by the policy, including data-related logs, digital records, vendor-collected data, and system backups.Avoid library practices and procedures that place information on public view
– using postcards for overdue notices or requested materials; – using patron names to identify self-pickup holds; – placement of staff terminals so the screens can be read by the public; – using sign-in sheets to use computers or other devices;– providing titles of reserve requests or interlibrary loans over the telephone to users'
family members or answering machines).(ALA Privacy ToolKit, 2004)
RFID Concerns
Risks to Borrower
Tracking materials
Hotlisting materials
Profiling
Risks to Collection
Disarm/alter tag
Switching tag data
Digital vandalism
RFID Changes for Library UseLibraries should not use RFID tags for borrower cards
Limit the amount of data recorded on the tag to just the primary item number
Only staff should have access to bibliographic searching using the tag number.
Inform the community about your local RFID project.
Review security procedures for staff.
Lobby vendors for improved security solutions.(Butters, p. 437)
Library Public Access Computer Privacy/Security
Information Age
Computer Centers in libraries are booming.
Libraries promote information literacy, but technology exacerbates risks to privacy and confidentiality.
How much responsibility does a library have when it comes to privacy and security risks on public access computers?
Keeping Public Info Safe
Several software options.
4 things– Temp. Internet Files– Browsing History– Cookies– Form Memory/”autocomplete”
Keeping Public Info Safe
Consult ALA Guidelines for Developing Privacy Policy.Do so often, to keep up with technology advances.Modify library privacy policy to address your patrons.No chat rooms, no games, no flashdrives.
Social Networking and Web 2.0 Privacy & Security Issues: Implications for Librarians
Privacy in the Web 2.0 World
While privacy is a core value of libraries, Web 2.0 tools are about sharing information. As librarians, to what degree are we responsible to educate our users on privacy and security in the use of these tools?How can these tools be used to enhance library services and meet user’s needs?
Library 2.0
Library 2.0 is a new way of providing library service through new Internet technologies, with emphasis on “user-centered” change and interaction. Library services are frequently evaluated and updated to meet the changing needs of library users. The active and empowered library user is a significant component of Library 2.0.
Libraries can harness the power and popularity of these tools to reach out to their users.
In using these tools, librarians must be aware of ever-changing privacy policies and use these tools in accordance with their own ethical standards.
While educating users on privacy is not the responsibility of the librarian, information and guidance can be offered.
Questions for Users to Consider:
Who can see my information?
Is my information safe?
How is my information being used?
How can I protect my privacy?
Web 2.0 Security Vulnerabilities
Web 2.0 sites are more prone to attack since they have more interactions with the browser and require running complex Javascript code on user machines. Malicious content could easily be introduced without the user’s knowledge.
What can librarians do?
Have an up-to-date understanding of popular social networking sites and Web 2.0 tools and potential privacy issues
Ensure that the tools the library uses do not violate ethical privacy standards
Provide information to educate users on potential privacy & security threats
ReferencesALA code of ethics. (1995). ALA: American Library Association. Retrieved July 10, 2010, from
http://www.ala.org/ala/issuesadvocacy/proethics/codeofethics/codeethics.cfmALA privacy and confidentiality. (n.d.). ALA: American Library Association. Retrieved July 23, 2010, from
http://www.ala.org/ala/aboutala/offices/oif/ifissues/privacyconfidentiality.cfmALA privacy toolkit (2004). ALA: American Library Association. Retrieved July 23, 2010, from
http://www.ala.org/ala/aboutala/offices/oif/iftoolkits/toolkitsprivacy/privacy.cfmBatt, C. (1995, August 20). The library of the future: public libraries and the internet. Retrieved from http://archive.ifla.org/IV/ifla61/61-batc.htmBen-Itzhak,Y. (2007, September 10). Tackling the security issues of web 2.0. Retrieved from http://www.scmagazineus
.com/tackling-the-security-issues-of-web-20/article/35609/Blyberg, J. (2006, January 9). 11 reasons why library 2.0 exists and matters [Web log]. Retrieved from
http://www.blyberg.net/2006/01/09/11-reasons-why-library-20-exists-and-matters/Butters, A. (2007). RFID systems, standards and privacy within libraries. The Electronic Library, 25(4), 430-439 Retrieved July 26, 2010 from the
EBSCOhost database.Cottrell, J. (1999). Ethics in an age of changing technology: familiar territory or new frontiers? Library Hi Tech, 17(1), 107-113. Courtney, N. (2007). Library 2.0 and beyond: Innovative technologies and tomorrow's user. Santa Barbara, CA: Libraries Unlimited. Cvetkovic, M. (2010, August 1). Making Web 2.0 Work—From ‘Librarian Habilis’ to ‘Librarian Sapiens’. Retrieved from
http://www.infotoday.com/cilmag/oct09/Cvetkovic.shtml Evers, J. (2006, July 28). The security risk in web 2.0. Retrieved from http://news.cnet.com/The-security-risk-in-Web-2.0/2100-1002_3-6099228.html Fernandez, P. (2009, March). Online social networking sites and privacy: Revisiting ethical considerations for a new generation of technology.
Library Philosophy and Practice, 1-9. Fifarek, A. (2002). Technology and privacy in the academic library. Online Information Review, 26(6), 366-374. Retrieved July 23, 2010, from the
Emerald full text database. Litwin, R. (2006, May 22). The central problem of library 2.0: Privacy [Web log]. Retrieved from http://libraryjuicepress.com/blog/?p=68Mullan, J. (2009, February 25). Social networking: Privacy and other issues [Web log].Retrieved from
http://www.therunninglibrarian.co.uk/2009/02/social-networking-privacy-and-other.htmlSauers, M. (2005, October 19). Protecting patron privacy on public pcs. Retrieved from
http://www.webjunction.org/pc-protection/-/articles/content/435260. Saunders, A. (2008, January 8). A privacy manifesto for the web 2.0 era. Retrieved from http://gigaom.com/2008/01/08/a-privacy-manifesto-for-the-
web-20-era/ Sturges, P. (2003). User privacy in the digital library environment. Library Management, 24(1/2), 44-50. Vaughan, J. (2007). Toward a record retention policy. The Journal of Academic Librarianship, 33(2), 217-27. Retrieved July 23, 2010, from the
Library Literature and Information full text database.