Protecting Patron Information in a Consortial Environment

Issues and Strategies

Jennifer Kuntz

fcljjk@cns.ufl.edu

FCLA Missionhttp://www.fcla.edu

“The Florida center for library automation (FCLA) provides automation services that assist the libraries of Florida’s publicly-funded universities in meeting their teaching and research objectives for students and faculty…..”

Consortial Issues What patron data needs to be retained for the business

operations of supported libraries? What patron data needs to be retained for data integrity

in event of a system failure? How long must such data be retained? What data is necessary to provide value-added

services desired by patrons? How should patrons be educated regarding how their

personally identifiable data is used and retained, and what role should FCLA play in their education?

NOTIS Mainframe-based integrated library management

system Libraries access only their own patron data Link to patron removed when loans returned, unless a

charge is incurred Bills/fines exported to university bursar; Export files

age off weekly Daily change log maintained in event of system failure;

May contain some links no longer present in primary data

WebLUIS Web-based interface to NOTIS – serves as OPAC and

portal to electronic resources Users assigned session id for tracking – not linked to

personally identifiable patron information Apache logs contain IP address, session id, query and

return code Patron services such as online renewal and ILL

requests do not require retention of identifiable patron data

ALEPH Client-server architecture means lots more places data

could potentially be retained Personally identifiable patron data retained in multiple

Oracle tables must be explicitly removed Patron features that allow saving and retrieval of

searches and records contain personally identifiable data

Web server logs contain a session id and query but actual results not retained

Electronic Resources FCLA does not sign vendor licenses requiring patron

information for basic services Vendors receive only a range of valid IP addresses University libraries “own” their patron data, and can

therefore choose to provide to vendors for additional services if desired

Web logs contain IP address, URL of database queried, and vendor server response

Proxy Server Patrons authenticated against library

management system patron data – yes/no response and institution returned

Apache access logs contain IP address, query, and server response

Error logs may contain invalid userids; retained only long enough for troubleshooting

At Each Institution Each university’s policies determine how

patron data is used and retained outside of systems run by FCLA

Individual library policies determine how patrons are educated regarding the use and retention of personally identifiable data

Future Challenges Should FCLA play more of a role in patron

education regarding retention of patron data by systems we run?

Will later versions of ALEPH retain patron data differently?

What value-added features will patrons want and what data will this require to be retained?