Protecting Patron Information in a Consortial Environment Issues and Strategies Jennifer Kuntz...
-
Upload
bertram-austin -
Category
Documents
-
view
213 -
download
1
Transcript of Protecting Patron Information in a Consortial Environment Issues and Strategies Jennifer Kuntz...
Protecting Patron Information in a Consortial Environment
Issues and Strategies
Jennifer Kuntz
FCLA Missionhttp://www.fcla.edu
“The Florida center for library automation (FCLA) provides automation services that assist the libraries of Florida’s publicly-funded universities in meeting their teaching and research objectives for students and faculty…..”
Consortial Issues What patron data needs to be retained for the business
operations of supported libraries? What patron data needs to be retained for data integrity
in event of a system failure? How long must such data be retained? What data is necessary to provide value-added
services desired by patrons? How should patrons be educated regarding how their
personally identifiable data is used and retained, and what role should FCLA play in their education?
NOTIS Mainframe-based integrated library management
system Libraries access only their own patron data Link to patron removed when loans returned, unless a
charge is incurred Bills/fines exported to university bursar; Export files
age off weekly Daily change log maintained in event of system failure;
May contain some links no longer present in primary data
WebLUIS Web-based interface to NOTIS – serves as OPAC and
portal to electronic resources Users assigned session id for tracking – not linked to
personally identifiable patron information Apache logs contain IP address, session id, query and
return code Patron services such as online renewal and ILL
requests do not require retention of identifiable patron data
ALEPH Client-server architecture means lots more places data
could potentially be retained Personally identifiable patron data retained in multiple
Oracle tables must be explicitly removed Patron features that allow saving and retrieval of
searches and records contain personally identifiable data
Web server logs contain a session id and query but actual results not retained
Electronic Resources FCLA does not sign vendor licenses requiring patron
information for basic services Vendors receive only a range of valid IP addresses University libraries “own” their patron data, and can
therefore choose to provide to vendors for additional services if desired
Web logs contain IP address, URL of database queried, and vendor server response
Proxy Server Patrons authenticated against library
management system patron data – yes/no response and institution returned
Apache access logs contain IP address, query, and server response
Error logs may contain invalid userids; retained only long enough for troubleshooting
At Each Institution Each university’s policies determine how
patron data is used and retained outside of systems run by FCLA
Individual library policies determine how patrons are educated regarding the use and retention of personally identifiable data
Future Challenges Should FCLA play more of a role in patron
education regarding retention of patron data by systems we run?
Will later versions of ALEPH retain patron data differently?
What value-added features will patrons want and what data will this require to be retained?