In her 2005 article, Karen A. Coombs recounts her experiences developing and implementing a privacy policy for the SUNY Cortland library. Coombs begins by highlighting three general points about privacy regulations: 1) there is ample legislation at the federal and state levels that apply to library user's privacy issues, 2) the Library Bill of Rights and ALA Code of Ethics both state definitively the responsibilities of librarians for users' privacy, and 3) libraries should be concerned about the privacy concerns and policies inherent in Internet usage. After surveying privacy issues in general, Coombs turned to her own library. She noted the various library systems that record user data, what kinds of user data they recorded, and which user data was necessary to retain. During this process, Coombs discovered that her library was collecting and storing much user data that was not needed for library functionality. She then examined each system individually, evaluated what information was necessary, and implemented programs and practices which would remove unnecessary user data. The library systems included the ILS, OPAC, ILL, website, proxy server and public computers. Several of the policies she put into place were simple, while others required more in-depth development or requests to the offices authorized to make changes.
Coombs presents many practical examples of how to protect user data through simple adjustments to library policies and systems. Her primary aim was to remove unnecessary user data collected by library systems: "The issue with having information about library users that you don't need is that the more data you have, the more data you need to protect" (p. 18). Coombs also developed a list of important points she realized during her work developing privacy policies at SUNY Cortland:
"1. A privacy policy is more than a written document.
2. Data can be stored in places you didn't think of.
3. How you purge user data can affect your library's ability to function.
4. You don't always control the systems where your user data is being stored.
5. Privacy policies and procedures are dynamic, living things" (p. 20).
Point three refers to the importance of keeping some user data for statistical purposes. Coombs worked to filter the user data kept in systems so statistical information was retained, but user-specific information was removed. Point five refers to the need to re-evaluate or create new policies as systems are added or change. For example, as Coombs was finishing her project, her director announced that the library would be getting security cameras. The security system would be collecting user data, and privacy policies regarding this data would then need consideration.
No comments:
Post a Comment