a blog by john m. jackson
“I am no particular fan of genealogy. But it certainly produces more substantial knowledge than ranking academics and universities and persecuting students who are held to a standard of originality by which their professors manifestly do not abide.”
Peter Stallybrass, “Against Thinking.” PMLA 122(5), p. 1585.
As an academic librarian, what do you need to know about your library’s privacy and confidentiality policy?
Today’s move by the U.S. House of Representatives to deny extending certain provision of the US Patriot Act (one of which pertains to libraries) and the call for protests leading up to it remind us that privacy is still an important issue for libraries. This caused me to think about my own library’s privacy policies and what we would do if approached by federal officials requesting information.
I’ve spent the last few days looking over the privacy statements of university libraries and reviewing the American Library Association’s stand on privacy. The following is what I consider to be the essential questions that academic librarians should be asking in order to understand where their library stands concerning the privacy and confidentiality of personally identifiable information gathered through everyday library use.
What do I mean by privacy? Is it a right? A condition? Defining privacy is difficult because no matter how you slice it, most claims tend to assume privacy to be essential value. Perhaps it is, but it is tricky to argue that point.
Let us assume for the sake of argument that privacy is indeed an essential value; what does it apply to? I think we can divide privacy into three categories: informational privacy, behavioral privacy, and locational privacy. The first includes information that a person or a society generally assumes to be private. This can include health information, financial data, and personal opinions. The second type of privacy is often equated (one could say, incorrectly) with the right to personal choice and includes the right to abortion, sexual rights, or the right to view pornographic material. The third refers to activities that, because they function within a private space, are themselves considered to be private and include those activities violated by invasions into one’s home or office space.
As academic librarians, we are primarily concerned with the first of these: information privacy (though many of us are advocates for certain behavioral privacy rights as well).
What personally identifiable information does your library collect? In order to set up a borrower’s account, the library usually needs certain pieces of personally identifiable information (PII) from a student,* including his/her name, email address, local address, student ID, and degree level. Where does this information come from? Is it provided by the student or the records department? Does the student need to give consent for the library to use this information or is there a university policy that grants consent?
In the course of daily operations, the library may collect all types of information, including what a user checks out or requests via Inter-library loan, what library websites they navigate to and from, or what items they are searching for in the online catalog. This information is extremely useful to librarians and can be used for collection development, improving online services, and budgeting. But how much of this information is retained, for how long, and how much of it is personally identifiable? These are questions that librarians should have answers to or clearly state in their privacy statements. Many libraries collect a minimum amount of user information, much of it not personally identifiable, and regularly scrub that information from their servers.
What other privacy or confidentiality policies also apply? Whether you are developing a policy for a library or trying to better understand you own, you need to understand other policies that may already be in place. At a federal level, all libraries are affected by the U.S.A. Patriot Act. Universities receiving federal aid are additionally affected by the Federal Educational Rights and Privacy Act of 1974, which regulates what student information is considered private and who is permitted to access that information. Some states, like Illinois and North Carolina, have laws specifically referencing the confidentiality of library records. Librarians should also consider any university statements on student privacy and the privacy policies of the American Library Association.
What data are vendors collecting? Vendors are the wildcard in any privacy policy. While you have some wiggle room when negotiating contracts, ultimately librarians cannot control how vendors and other third-party information providers use the data they acquire. This is especially true in cases where vendors have set up Web 2.0 functions that allow users to set up personal profiles and share info (e.g. CQ Press, Wilson Web, Ebsco, Elsevier, CSA, to name a few).
In a 2010 College & Research Libraries article, Trina Maji of the University of Vermont concluded that
the privacy policies of major vendors of online library resources fail to express a commitment to many of the standards articulated by the librarian profession and information technology industry for the handling and protection of user information. […] They are unspecific in disclosing how they protect that information from unauthorized access or disclosure, and they offer no clear recourse for users who feel the terms of the policy have been violated.
This conclusion is based on content analysis of vendor privacy statement and not a reached by examining actual practice. Nonetheless, I think we are wise to be wary of any company that does not publicize its stance on the confidentiality of user data, especially given the rising value of personal information in a market partially based on behavioral targeting practices. We should advise our students that the library has little or no control over what data they share online once they move to a third-party site.
What if someone requests personally identifiable information? Nine times out of ten, the answer to this question is “Don’t give it to them!” but there are some exceptions. Through a subpoena or court order, records can be accessed by state and federal officials. Currently under the provisions of the U.S. Patriot Act (unless they are allowed to expire), federal officials can demand access to library user data. There is nothing that restricts libraries from scrubbing the PII beforehand, unless there are state laws in place demanding the retention of “public records,” which can include any email sent to and from librarians (state employees) or via the campus network, server logs, and data submitted via online forms.
In short, it can get sticky. That’s why it’s important for librarians to know who is the appropriate authority (usually the University Librarian) to make the decision whether or not the data should be handed over in legitimate circumstance. But additionally, librarians and student workers alike should have a strong knowledge of local policies, practices and privacy expectations.
To quickly sum things up, here are my recommendations for academic libraries that have yet to develop a privacy statement or are thinking to revise their current one.
Magi, T. (2010). A content analysis of library vendor privacy policies: Do they meet our standards? College & Research Libraries, 71(3), 254–72.
*To make things simple, I’ll just use the term student, but I’m actually referring to anyone who uses an academic library: students, staff, faculty, visiting scholars, international students, and non-enrolled, non-staff patrons.
“The point is that authority has migrated from critics to ordinary folks, and there is nothing – not collusion or singleness of purpose or torrents of publicity – that the traditional critics can do about it. They have seen their monopoly usurped by what amounts to a vast technological word-of-mouth of hundreds of millions of people.” Source: Neal Galber
This month, I’ll be focusing my off-the-clock reading habits on issues of privacy in academic libraries. The term “privacy” carries a lot of baggage and calls to mind many different issues. In the context of the internet and social networks, the discourse tends to focus on regulation (who should do it, how much should be done) and advertising (esp. behavioral targeting). In the context of health or medical privacy, there are concerns over access to patient records, both print and electronic. On the whole, privacy discussions in the popular media tend to focus on information collection, storage, and use and the difficulty of determining which information should be public and which should be private.
Some of these issues relate to academic libraries, though many do not. In future posts, I’ll be looking at the privacy statements of academic libraries, issues in the blogosphere, and ALA’s official stance on current issues related to individual and consumer privacy, especially online and through mobile devices. In the meantime, I’ve put together a short list of useful resources for learning more about privacy in today’s cultural environment.
What resources on privacy do you recommend? What issues on privacy are most important to academic librarians? Share your thoughts in the comments!
I’m a huge advocate for building and engaging in online communities. Recently, I wrote an article for the SLIS Descriptor, a publication of San Jose State University’s ALA Student Chapter, detailing how and why LIS students should get involved in communities online.
The mind can discover some remarkable things when moved beyond the pressures of the classroom and the compulsion to perform. All it requires is space in which to play and other minds with which to engage. As students in an online program that favors asynchronous communication and lacks a physical, communal space, how can we recreate these experiences?
Online communities offer surrogate spaces for these interstitial moments by providing some of the benefits of physical information commons (or “information grounds” as they are sometimes called) , but in digital form: a shared space (the software or platform), a shared culture (interests, hobbies, or in our case, LIS studies), and a shared language (netiquette). Just as a physical campus has predefined pathways between buildings that can facilitate chance meetings and conversations, online communities provide various opportunities for serendipitous discovery through shared links, shared digital interfaces, and common connections (e.g. friends of friends).
You can read the full article at the SLIS Descriptor blog.
“Perhaps in the futility of undergraduate careerism lie the seeds of a new vocational outlook in higher education. It is worth remembering that monasteries were the first institutions in the West that allowed people to explore options beyond the circumstances into which they were born. […] Why not bring together a core group of serious-minded but underemployed academics—who already have adopted a life of poverty, more or less—to form a college that has none of the superfluities that have made higher education the equivalent of a four-year Carnival cruise?”
Source: “Getting Medieval on Higher Education” by Thomas H. Benton, the Chronicle of Higher Education.
I finally started reading The Brief Wondrous Life of Oscar Wao. In the first few pages there are two references to Tolkien (even a deep cut reference to the Silmarillion) within the context of adolescent romance and bloody dictatorships. I think I’m going to enjoy this book =)
“The sciences are most successful when they seek to move from the diversity and particularity of their observations toward as high a degree of unity, uniformity, simplicity, and necessity as their materials permit. The humanities, on the other hand, are most alive when they reverse this process, and look for devices of explanation and appreciation that will enable them to preserve as much as possible of the variety, the uniqueness, the unexpectedness, the complexity, the originality, that distinguish what men are capable of doing at their best from what they must do, or tend generally to do, as biological organisms or members of a community…”
From Crane, R.S. “The Idea of the Humanities.” The Idea of the Humanities and Other Essays Critical and Historical. Chicago: University of Chicago Press, 1967.
And for tonight’s schedule, we have a variety of wheat beers and applications for home loans. Let the house buying begin!
Not everyone who wears a bow tie is an overgrown republican frat boy. Some of us are commie-loving, tree-hugging liberals with occasional extremist tendencies… we just can’t grow facial hair. Just sayin.’ Fuck you, Tucker Carlson.