August 4, 2015

New Privacy Guidelines Encourage Libraries and Vendors to Work Together to Protect Reader Privacy

By Michael Robinson
Chair, IFC Privacy Subcommittee
Head of Systems at the Consortium Library
University of Alaska – Anchorage

Crossposted from Choose Privacy Week

Libraries have a tradition of protecting the privacy of readers as the cornerstone of intellectual freedom. We recognize that freedom of thought and expression begins with freedom of inquiry, the ability to read and explore ideas without the chilling effect of government surveillance or societal disapproval. We clearly saw the Patriot Act as a threat to library users’ privacy and have earned a reputation for our efforts to reform it. However, that reputation may be in danger. A gap has grown between our tradition of protecting privacy and common practices that libraries have developed as they strive to deliver digital content, embrace the modern Web, and provide personalized services to library users. The October 2014 revelations disclosing what Adobe’s Digital Editions collects about users and their reading habits brought this gap into center stage.

ALA’s Intellectual Freedom Committee (IFC) has been concerned about online privacy for years. They worked with the Office of Intellectual Freedom to establish the annual Choose Privacy Week campaign in 2010 and recently published an updated version of the Privacy Toolkit, an extensive resource that covers the myriad of threats to privacy in a modern library. One of the goals of the IFC Privacy Subcommittee is to use the toolkit as a resource to produce a series of more concise and accessible guidelines focused on specific areas of concern about library users’ privacy.

Given the Adobe revelations, we decided to start by developing privacy guidelines for ebook lending and digital content vendors. During the process of developing the document, the Privacy Subcommittee shared it with a range of individuals and groups for review and comments. This included ALA’s Digital Content Working Group (DCWG), the LITA Patron Privacy Technologies Interest Group, and the group developing the NISO Consensus Framework to Support Patron Privacy in Digital Library and Information Systems. Online privacy is a large issue that touches on many areas of library service, and it is important that the different groups in ALA work together to develop a common set of principles and best practices that protect reader privacy. By the end of ALA’s 2015 Annual Meeting in San Francisco, the Intellectual Freedom Committee and the Digital Content Working Group both endorsed the document, entitled “Library Privacy Guidelines for E-book Lending and Digital Content Vendors.

Library Privacy Guidelines for E-book Lending and Digital Content” are intended to start a conversation within the library community and with vendors and content providers. We expect that the guidelines will need to be revised as we receive more feedback. On the whole, the guidelines represent our attempt to balance the need to protect reader privacy with the needs of libraries to collect user data and provide personalized services, while respecting and protecting the individual’s right to make their own informed decisions in regards to the privacy of their data, particularly in regard to how much privacy they are willing to trade for convenience or added benefits. That’s an ambitious goal, but if libraries and vendors can work together to develop practices based on these guidelines, it can serve as a model for how it can be done. It’s time for librarians to take up this task and to live up to our reputation as privacy defenders.

Library Privacy Guidelines for E-book Lending and Digital Content Vendors

Protecting user privacy and confidentiality has long been an integral part of the intellectual freedom mission of libraries. The right to free inquiry as assured by the First Amendment depends upon the ability to read and access information free from scrutiny by the government or other third parties. In their provision of services to library users, librarians have an ethical obligation, expressed in the ALA Code of Ethics, to preserve users’ right to privacy and to prevent any unauthorized use of patron data (see note below). Librarians and libraries may also have a legal obligation to protect library users’ data from unauthorized disclosure.

Libraries enter into licenses or agreements with commercial vendors in order to provide library users access to digital information, including e-books, journals, and databases. Access to these resources is most often provided via networks and the internet. In the course of providing these services, most e-book and digital content vendors collect and use library patron data for a variety of reasons, including digital rights management, consumer analytics, and user personalization. Libraries and vendors must work together to ensure that the contracts and licenses governing the provision and use of digital information reflect library ethics, policies, and legal obligations concerning user privacy and confidentiality.

These guidelines are issued to provide vendors with information about appropriate data management and security practices in respect to library patrons’ personally identifiable information and data about their use of digital content.

Agreements, Ownership of User Data, and Legal Requirements
Agreements between libraries and vendors should address appropriate restrictions on the use, aggregation, retention, and dissemination of patron data, particularly information about minors. Agreements between libraries and vendors should also specify that libraries retain ownership of all data and that the vendor agrees to observe the library’s privacy policies and data retention and security policies.

Vendors are strongly encouraged to implement the principles of privacy by design, i.e. products and services should have privacy concerns “built in, not bolted on.” In addition, agreements between libraries and vendors should reflect and incorporate restrictions on the potential dissemination and use of library patrons’ records and data imposed by local, state, and federal law.

Clear Privacy Policies
Library users should be notified about vendor privacy policies when accessing a product or service. The privacy policies should be made easily available and understandable to users. Safeguarding user privacy requires that individuals know what information is gathered about them, how long it is stored, who has access to it and under what conditions, and how it is used. There should be a way to actively notify ongoing users of any changes to the vendor’s privacy policies.

User Consent
The vendor should give users options as to how much personal information is collected from them and how it may be used. Users should have choices about whether or not to opt-in to features and services that require the collection of personal information. Users should also have the ability to opt-out and have their personal information erased if they later change their minds.

Access to Personal Data
Users should have the right to access their own personal information and contest its accuracy. Verifying accuracy helps ensure that vendor services that rely on personal user information can function properly. Guidance on how the user can access their personal data should be clear and easy to find. Patrons should also have the ability to download their personal data into an open file format such as CSV for their own use.

Access to personal information should be restricted to the user and conform to the applicable state laws addressing the confidentiality of library records as well as other applicable local, state, and federal law.

Data Integrity and Security
Whenever patron data is collected, the vendor must take reasonable steps to ensure integrity and security, including compliance with applicable statutory requirements.

Security: Security involves both managerial and technical measures to protect against loss and the unauthorized access, destruction, use, or disclosure of data. Security measures should be integrated into the design, implementation, and day-to-day practices of the vendor’s entire operating environment as part of its continuing commitment to risk management. The vendor should seek compliance with published cybersecurity standards from organizations such as National Institute of Standards and Technology (NIST).

Encryption: The use of data encryption helps enhance privacy protection. All online transactions between client applications (web browsers, mobile apps, etc.) and server applications should be encrypted. In addition, any user data housed by the vendor off site (cloud-based infrastructure, tape backups, etc.) should use encrypted storage.

Anonymization: Data used for customer analytics and other types of analysis should be anonymized by removing or encrypting personally identifiable information. While data anonymization is a good practice, it is not foolproof (re-identification analysis has been used to identify individuals from anonymized data sets); therefore access should still be restricted.

Retention: User data should not be retained in perpetuity. The vendor should establish policies for how long to retain different types of data and methods for securely destroying data that is no longer needed. For example, accounts that are expired or inactive for a certain amount of time should be purged. Retention policies should also cover archival copies and backups.

Data Sharing: User data should not be shared with third-party vendors and other business associates without user consent. Most state statutes on the confidentiality of library records do not permit release of library patrons’ personally identifiable information or data about their use of library resources and services without user consent or a court order. In addition, ALA policy forbids sharing of library patron information with third parties absent a court order.

Government Requests: The vendor should develop and implement procedures for dealing with government and law enforcement requests for library patrons’ personally identifiable information and use data. The vendor should consider a government or law enforcement request only if it is issued by a court of competent jurisdiction that shows good cause and is in proper form. The vendor should inform and consult with the library when it believes is obligated to release library patrons’ information unless prevented from doing so by the operation of law. The vendor should also inform users through its privacy policies about the legal conditions under which it might be required to release personally identifiable information.

Company Sale, Merger, or Bankruptcy: In the event that the vendor is sold to another company, merges with another company, or is dissolved through bankruptcy, all personally identifiable information should be securely destroyed, or libraries and their end users must be notified and given the opportunity to request that their data be securely destroyed.

User Devices
Privacy protections for library patrons’ personally identifiable information and use data should extend to the user’s device, including the web browser or any applications provided by the vendor. All communications between the user’s device and the vendor’s services should be encrypted. If the vendor wishes to employ personalization technology such as persistent cookies on its website or allows third-party web tracking, it should inform the user and give them the chance to opt-in before initiating these features for the user. If a vendor-provided application stores personally identifiable information or use data on the user’s device, it should be encrypted. The user should be able to remove a vendor-provided application and delete any data stored on the device.
Audit and Notification
Vendors should establish and maintain effective mechanisms to enforce their privacy policies. They should conduct regular privacy audits to ensure that all operations and services comply with these policies. The results of these audits should be made available upon request to libraries that are customers or potential customers. A vendor that suffers a breach in its privacy policies through inadvertent dissemination or data theft must notify the effected libraries and users about this urgent matter as soon as the vendor is aware of the data breach.

Note: Patron data” or “user data” is any data or record that identifies the library patron or the patron’s use of library information systems and resources.

Approved by the Intellectual Freedom Committee 6/29/2015

The guidelines are now available online on the ALA website. The IFC Privacy Subcommittee encourages anyone with comments or questions to send correspondence to its ALA staff liaison, Deborah Caldwell-Stone, at

July 22, 2015

OIF webinar featuring Pat Scales and Jamie LaRue


New Webinar! Mark your calendars for August 19th @ 1pm CST.

Angry and Alarmed: Embracing the Concerned Parent

We’re told that Step One for addressing any challenge or concern expressed about a book is listening.

Which sounds easy enough but I’ve heard and seen librarians shut down the conversation with defensiveness and self-righteousness. I’ve BEEN that librarian. You feel protective of your books and your collection and how dare someone criticize them. But we can encourage a happy ending for everyone if we change our attitude towards a concerned parent.

Just as your patrons and students have a right to read, individuals also have a right to express their opinions about library resources and services.  If we change the dynamic of the interaction, it’s possible that an “expression of concern” can be resolved after the individual has had the opportunity to express personal feelings about a library resource. Maybe the person only wanted to be heard and have his opinions acknowledged.

Isn’t learning how to have that conversation be successful worth it to avoid a formal book challenge? empathy

Pat Scales and James LaRue, both acclaimed writers and librarians, will talk about difficult conversations with parents. Parents are often coming from an emotional place that has less to do with a book they’re upset about and more to do with a changing world and a loss of control as their children grow up. They will share insights to guide the response from defensive to embracing, empathetic, and educational.

June 23, 2015

On Data and Confidentiality

This week a freelance journalist questioned ALA Office for Intellectual Freedom’s reputation and professionalism, because he was denied access to OIF’s proprietary database of challenge information.   It appears that his goal was to confirm his conclusion that And Tango Makes Three is the “most challenged book in America” and he believed that OIF should provide him access to its proprietary database to corroborate his belief.

It should be understood at the outset that it is OIF policy to not provide access to the raw data in the challenge database to any person, for a number of reasons.   Probably most important is the fact that the database is compiled from news items and challenge reports voluntarily submitted by librarians and teachers, sometimes in confidence.  We’re acutely aware that the data we compile doesn’t have the statistical validity demanded by social scientists and researchers, because OIF doesn’t  proactively seek information through questionnaires, phone surveys, and the like, does not attempt statistical sampling or related techniques, and does not track the progress or eventual outcome of each censorship attempt.

In some cases we get numerous details about the challenger, the nature of the complaint, the backstory, and the current status of the book. And in some cases we get very little. Sometimes we receive information during the challenge event, sometimes many years later. These factors affect the total number of challenged books for any given year and how we inform the public about challenges.

And we know for a fact that we do not hear of every challenge.  One telling example:  in 2012, journalism students working with University of Missouri Professor Charles Davis served every public school district in Missouri with a FOIA request for records of challenges as a class project, and learned that there were 51 challenges to books in Missouri schools between 2008 and 2012.  When we compared their results to the information in our database, only 6, or 12%, of those challenges had been previously reported to OIF.

anonymous In a nutshell, it would be impossible to determine with any amount of confidence “the most challenged book in America” from the database. It’s why we limit our discussion about challenges to the limited time frame of one year, and make sure that we include a disclaimer that notes that the most challenged book list for a particular year only reflects a snapshot of activities based on voluntary reports concerning documented requests to remove materials from schools or libraries.

More important is our promise of confidentiality; the database includes identifiable details provided to us in confidence by the librarians and teachers who come to us for help and we are simply not confident that we can safely anonymize the data so that their privacy is preserved.

Because the office does get many requests for raw data, the office has developed a statement to be given out to those who make such requests. The article quoted selectively from that statement; here it is in its entirety:

Thank you for your inquiry to the Office for Intellectual Freedom. We compile information from news reports, individuals, libraries, schools, and other organizations about challenges to materials. OIF does not always track the progress or eventual outcome of each censorship attempt reported to it nor can it assure that data items are consistent across each report.  In addition, not every challenge is reported to OIF.

 As a result, the information that we maintain is a snapshot of requests to remove or restrict books from libraries and classrooms and is not a complete or exhaustive source of data on such activities.  OIF maintains the database for internal staff use, as a means of encouraging libraries to report challenges, and to create awareness of the importance of protecting and celebrating the freedom to read.  Because the censorship database does not have the statistical validity demanded by many social scientists and researchers and may be vulnerable to misinterpretation and misuse, we must deny any request asking OIF to share raw data.

We have always been clear in our press statements about what is added to the database.  Recorded challenges are documented requests to remove materials from schools or libraries or to restrict other library users’ access to those materials.

As we remind requestors, any discussion of challenges in a particular year can only be a snapshot of a particular time frame.   Fifteen years ago, the Harry Potter series was frequently challenged; then Tango became a target of censors; and now Sherman Alexie’s The Absolutely True Diary of a Part-Time Indian often appears on our most frequently challenged book list.   Our goal is not to focus on the numbers, but to educate the community that censorship is still a very serious problem.   The fact is, parents and community members have sought to remove And Tango Makes Three from libraries and schools, with the intent of denying others the right to read that book.   In some cases, the challengers succeed in doing so.

Our responsibility, as a professional organization, is to our members and the librarians we serve and support. We promise professionalism, assistance, and most of all confidentiality. We are not obliged to journalists who claim we owe them a duty of transparency and unrestricted access based solely on their curiosity about a particular book.   If anyone truly wants to find out what is the “most challenged book in America,” they can follow the lead of the Mizzou journalism students or the example of researchers in Massachusetts and conduct their own research and compile their own data.

We are not sorry that we protect the professionals who fight for the freedom to read and the First Amendment. We will not be changing our policy.

June 11, 2015

Deadline Extended: Send a photo of yourself with a banned book and win a registration to ALA!

You now have one more week to put your face out there in support of the freedom to read!


We are delighted to announce that the deadline for the Banned Books Photo Contest has been extended. From now through June 19, 2015, SAGE and ALA’s Office for Intellectual Freedom invite you to send a picture of yourself holding your favorite Frequently Challenged Book to show the world that you believe in the freedom to read.

All photo entries will be broadcast for ALA attendees at the 2015 ALA Annual Conference in San Francisco, CA and three entries will be pulled at random to win a prize.

Prizes include:

1st place: A free registration to the 2016 American Library Association Midwinter Conference, January 8th through 12th, in Boston, MA OR the 2016 ALA Annual Conference, June 23rd through 28th in Orlando, FL.

Two 2nd place winners: $100 credit to purchase SAGE book(s) of your choice and up to 2 banned books, selected by ALA’s Office for Intellectual Freedom.

Here’s how it works…

Send an email to with:

  • Your name
  • The name of the library where you work(ed) or the library school you attend
  • A title for your photo (no more than 10 words)
  • An attached photo depicting you with a “Frequently Challenged Book” (find several lists with examples here)

Incomplete entries will be disqualified. By sending in an entry, you agree to the Contest Rules.

Want more?

If you are attending the 2015 ALA Conference in San Francisco, don’t forget to RSVP to read from your favorite banned book at the Banned Books Readout Booth. More details here.

May 21, 2015

Send us a photo of yourself with your favorite banned book and win a registration to ALA

(Cross posted from SAGE Publications)

Photo credit Amy Stieve

Photo credit Amy Stieve

Are you a librarian who believes in wide access to literature? Are you willing to add your face to those who believe in the freedom to read? Would you also appreciate a free registration to an ALA conference? Then show us your enthusiasm and you could win!


From now through June 12, 2015, SAGE and ALA’s Office for Intellectual Freedom invite you to send a picture of yourself holding your favorite Frequently Challenged Book to show the world that you believe in the freedom to read. All photo entries will be broadcast for ALA attendees at the 2015 ALA Annual Conference in San Francisco, CA and three entries will be pulled at random to win a prize. Prizes include:

1st place: A free registration to the 2016 American Library Association Midwinter Conference, January 8th through 12th, in Boston, MA OR the 2016 ALA Annual Conference, June 23rd through 28th in Orlando, FL.

Two 2nd place winners: $100 credit to purchase SAGE book(s) of your choice and 2 (or more) banned books, selected by ALA’s Office for Intellectual Freedom.

Here’s how it works…

Send an email to with:

  • Your name
  • The name of the library where you work(ed) or the library school you attend
  • A title for your photo (no more than 10 words)
  • An attached photo depicting you with a “Frequently Challenged Book” (find several lists with examples here)

Miguel Figueroa_Sherman Alexie book

Incomplete entries will be disqualified. By sending in an entry, you agree to the Contest Rules.


Want more?

If you are attending the 2015 ALA Conference in San Francisco, don’t forget to RSVP to read from your favorite banned book at the Banned Books Readout Booth. More details here.

May 13, 2015

Your Child and Scary Books: Perspectives for Parents

By Rhona Campbell

A photograph showing a mushroom cloud rising over a destroyed city. A poem that mentions Emmett Till. An illustration of a naked boy touching his penis. A character conceived in incest.  A monkey-like caricature of an ethnic stereotype. Osama bin Laden. The “n”-word.

If you are a parent, you have probably encountered the situation in which your children have read, or seen, something that is difficult for you to talk about with them. Maybe they’re not mature enough to understand the context, or that a piece is intended as satire. Maybe it is such a scary thing that you are sure they will have nightmares. Maybe the implicit bias of an author is subtly preaching prejudices you find abhorrent.

As a school librarian and former public children’s services librarian, a reviewer of children’s literature, an avid reader of parenting advice, and a parent of two, I have encountered this situation more times than I can count. Here are some suggestions:

1)      Keep calm. When you make a big deal out of something, your child is confirmed in his/her notions that this thing is a big deal. If you calmly say, “hey, I heard that there are some scary things that happen in this book. Did you know that when you checked it out?” your child is much more likely to be open with you. The converse: “This is disgusting! I forbid you to read this!” Guess what usually happens when that is the reaction?

2)      Think about it from your child’s point of view. What your child gets out of a book may not be the same thing you do. I once had a fourth grader who read the entire Harry Potter series, and loved to talk at length about the spells, characters, and foods at Hogwarts. But when I asked her how she felt about a character’s death in the 4th book, she looked blankly at me and said, “he died?”

Some will say that if a child is not comprehending everything in a text, he/she is “reading too high,” and that the book is therefore “too difficult.” Pause for a minute before going down this path, and remember that there are many more reasons to read than merely comprehension. A child who is reading is improving vocabulary, fluency, metacognition, cultural awareness, reasoning, questioning, and conceptual abilities. He/she is developing a sense of self-efficacy, imagination, wonder, identity, and often opening doors to social inclusion.

The difference between your understanding and your child’s is especially relevant when it comes to images. Today’s non-fiction is chock-full of imagery. Younger children often love to look at pictures and diagrams in books written for an older audience, such as pictures of guns, comic-book-style human bodies, and scary monsters. Rarely will they read even the captions, much less the text.

3)      Consider why your child is attracted to that book/topic. Be careful about assuming your child is genuinely curious and really wants to engage with the book/topic. Kids often feel pressure by peers, older siblings, or even teachers to try reading more mature books because others are. Or, alternately, they’ve been told that something is “inappropriate” for them, and they yearn to prove themselves. Perhaps they simply like the cover image.

Do any of these things mean your child really wants to engage with that book or topic? Or is it enough for him/her to walk around with that book, feeling mature? To flip through it, and say they read it? To read it lightly, enough to be able to casually throw out a character’s name amidst a group of peers? To be one of the kids who crosses their fingers when a Wimpy Kid-reading friend’s mom declares “no cheese touch!” at a sleepover?

4)      Is this is a learning opportunity… or not? This will, of course, depend on your child, your family values, the topic, the book in question, the way in

Photo by Peter Merholz

Photo by Peter Merholz

which the information was encountered, and how completely your child has comprehended what he/she read or saw.

Gauge your child. Ask probing questions to assess understanding and attitudes about the topic. Be sure to listen to his/her answers. This will help you determine what he/she is ready to learn, and how much of your own lens to impart.

This can be especially tough when it comes to encountering cultural biases in books. Your five-year-old will not immediately understand that Pippi Longstocking’s South Sea Islanders are portrayed stereotypically as a childlike culture in need of European paternalism. Do you gloss over it, or go ahead and explain this as well you think he/she can understand? In these types of cases, I recommend going for it; only by constantly facing prejudice in our world can we ever hope to eradicate it.

But also remember that learning is cumulative: this encounter may be his/her first with the topic in question, but it will not be the last. You will have time later to come back and build upon his/her current level of understanding. Sometimes a child who doesn’t fully comprehend why his/her parent became upset over a book will nonetheless internalize enough so that the next time he/she encounters something similar, he/she will remember that something there just isn’t quite right.

5)      Give your child the option of an “out” without losing face. The very definition of seeking information is that the seeker is in a position of not fully knowing something. Sometimes, finding the answer means finding something you don’t want to know. Your child should know that it is always OK to stop reading a book, just as you would allow him/her to turn off a computer game, or encourage him/her to tell a babysitter that ghost stories are too scary at bedtime.

As a parent, there’s nothing wrong with simply asking, “Do you really want to learn about this now? Could we come back to this later?” Often a child will be glad to have that option spelled out for him/her. The book wasn’t what he/she thought it would be, anyway.

6)      Children’s attention spans are a lot shorter than ours, and they are resilient. There’s no doubt, it is hard to guide children into this big, scary world. It is not possible to be in complete control of when and where your child will encounter something you think they won’t understand, or that you yourself fear. Although there are ratings on movies and recommended ages on books, those are merely guidelines. Each child is different, each book is different, each person’s experience of life is different.

At the time your child encounters something difficult, you may wish it had been censored from them. It might be a painful learning experience. It might test your ability to parent in the way you wish. At these times, it might help to remember that for your child, this is just one experience within the context of all the other things they are learning at the time. For you it may be traumatic, but for a child, something that happened yesterday is old news… unless, of course, the experience is discussed and repeated, or made especially memorable (see item 1 above).

In conclusion, consider the “worst case scenario.” Your child really wants to read something he/she fully comprehends and which is a) something they know you disagree with, b) something antithetical to your ideas of what he/she should be learning, and/or c) total trash. And he/she rebuffs your involvement in the reading process. Perhaps this is a good time to ask yourself if you believe in the principles of Intellectual Freedom. Do you believe in free speech? Do you have faith that ultimately, “the right to receive ideas is a necessary predicate to the recipient’s meaningful exercise of his own rights of speech, press, and political freedom,” as stated in the Supreme Court’s decision in Board of Education vs. Pico in 1982? Is it at all possible that your child is, actually, ready to make this decision for him/herself?

As adults, our job is to teach our children how to live in our world. Books are a window – and a mirror – to that world, in all its many facets. Encountering horrible things in books is much safer than encountering them in real life. If you think of books this way, it is likely that your child will embrace their learning potential as well.

Rhona Campbell is a Lower Middle School Librarian at Georgetown Day School in the District of Colombia. She has been a youth librarian for 15 years and is a regular contributor to School Library Journal. She is on Twitter at @rcampbellmls

May 7, 2015

Choose Privacy Week 2015: Creating a Digital Privacy Literacy Game to Create Safe and Secure Online Personas

by Erin Berman and Jon Worona

Ready player one? Click “Start” to begin your quest. You will venture deep into the realm of online privacy where you’ll have to navigate through an ever shifting landscape, into pools of murky policies, and across tangled webs of surveillance networks. As you begin your journey you are filled with trepidation, anxiety, and fear. You think, “How can anyone live in peace and harmony here?” So much is unknown that it is hard to know whom to trust and where to start.

Moving cautiously on the path in front of you a box drops down from the sky. Carefully, you jump and hit it to unveil its contents. Words tumble down revealing information about social media and online sharing. Digesting the information makes you feel stronger and more confident. You run forward, filled with a new zeal, and leap up to open the next box. This time a question appears. It asks you about your online needs, wants, and desires. It asks how you want to share your information on social media sites and how you want to operate in this connected world.

After careful consideration, you select an answer and a bright pulsating icon activates above you. You click on it and a bag of holding opens and out tumbles several action items. The bag is packed with resources to help you create the online identity you most desire. Each item is tailored based on your needs; the more of the world you traverse, the more questions you answer, the bigger the bag becomes. Closing the bag, you continue on this privacy adventure, leveling up and becoming a privacy expert, armed with the confidence to live in this digital universe.

With such a tumultuous online environment, San Jose Public Library (SJPL) began exploring ways to empower its users; giving them the courage to use the Internet without fear. As we began our research we discovered that people have different definitions of privacy and a wide range of needs and desires for their online personas. A small business may want to share openly and widely, while another user may want to try and remain as anonymous as possible. There is no “one size fits all” privacy path. Armed with the appropriate tools, everyone can become privacy literate and share with confidence.

In order to give people access to these tools, SJPL sought to prototype a solution and secured a grant from the Knight News Foundation for this work. Since privacy can be an intimidating topic we looked for ways to present the information to people in a non-threatening, fun, and engaging way. Our brainstorming lead us to the “platform game,” similar in style to the classic Mario games. To ensure we provide the best possible content and resources, we partnered with a team from the International Computer Science Institute in Berkeley. They have been working on the Teaching Privacy project which “aims to empower K-12 students and college undergrads in making informed choices about privacy.” We also wanted to create an amazing gaming experience and are collaborating with students from San Jose State University’s Game Development Club to create a stellar platform educational game.

Everyone deserves to live a full and rich life online. While there are many things beyond our control, we do have the ability to share and connect safely and smartly. The only way to do this is to become educated and learn best practices which are suited to each of us individually. SJPL hopes that our game will provide an outlet for people to learn about online privacy, to become empowered, and continue a discussion about privacy with their family, friends, and coworkers. Ready player one? Click “Start” to begin your quest.


Erin Berman is the Community Programs Administrator for Technology and Innovation at San Jose Public Library and Jon Worona is the Division Manager for Technology and Innovation at San Jose Public Library. Their proposal to create an online privacy literacy prototype for San Jose Public Library users won a Knight News Challenge for Libraries grant.

May 6, 2015

Wanted: Bloggers

Bloggers Wanted

Blog Sample Required to be Considered

The Office for Intellectual Freedom (OIF), of the American Library Association (ALA), is seeking bloggers! The OIF Blog is undergoing a few updates and we are taking this opportunity to increase the quality, quantity, and variety of the content we share. We are composing a volunteer group that will consist of several members that alternate responsibility for creating blog content. Responsibilities include:

* Each person will submit original content for one week every other month for a total of 6 weeks a year.

* Guest bloggers can be recruited for your assigned week.

* Minimum of 3-5 posts during your assigned week but there is no maximum. The sky’s the limit.

* Each post will be vetted by OIF staff.

* The editorial board will be composed of ALA members but guest bloggers can be recruited from other relevant connections.

* We’d like to be creative with the variety of post ideas. Priority is given to TIMELY CURRENT RELEVANT news. Our goal is to inform in an engaging yet amusing way. Think “shareable”.

* We’ll compose a one-year schedule. Weeks can be traded by individuals. Posts can be written and submitted in advance. We’re asking for a one-year commitment.

Ideas: interviews, infographics, historical essays, book reviews, celebration weeks, international reach, anniversaries, programming ideas, tips, policies, frontline experiences, , skill development, question and answers, technology, state chapters, community engagement, trends, best practices, etc.

We are striving for volunteers from a wide variety of backgrounds and professions.

Interested parties should email an original sample blog post to be considered. Please include your name, contact information, and brief bio. Send emails to Nanette at by May 31, 2015.

We’ll be in touch around the middle of June. 

May 6, 2015

Choose Privacy Week 2015: Toward A Set of Best Practices to Protect Patron Privacy in Library 2.0

by Michael Zimmer

In today’s information ecosystem, libraries increasingly incorporate interactive, collaborative, and user-centered features of the so-called “Web 2.0” world into traditional library services, thereby creating “Library 2.0”. Examples include: providing patrons the ability to evaluate and comment on particular items in a library’s collection through discussion forums or comment threads; creating dynamic and personalized recommendation systems (“other patrons who checked out this book also borrowed these items”); using blogs, wikis, and related user-centered platforms to encourage communication and interaction among/between library staff and patrons; and interfacing various library collections and services with relevant Web 2.0 platforms, such as Wikipedia, GoodReads, and even Facebook.

Along with these user-centered technological enhancements, many libraries also commonly face challenges on how to provide the most powerful and efficient library management systems to help inform data-driven decision-making. Thus, libraries are increasingly turning to rapidly evolving cloud computing solutions to satisfy their technological needs in order to best serve patrons, while taking advantage of new opportunities for cost savings, flexibility, and enhanced data management. These cloud services are typically provided by third parties who have built robust solutions to help libraries deliver resources, services, and expertise efficiently, and encourage patrons to participate in a network that empowers them to socialize and leverage the power of the community of users. Examples of cloud computing platforms for libraries include OCLC WorldShareEx Libris Alma, and BiblioCommons.

The transition to cloud computing in libraries, however, has the potential to disrupt longstanding ethical norms within librarianship dedicated to protecting patron privacy. Traditionally, the context of the library brings with it specific norms of information flow regarding patron activity, including a professional commitment to patron privacy. In the library, users’ intellectual activities are protected by decades of established norms and practices intended to preserve patron privacy and confidentiality, most stemming from the ALA’s Library Bill of Rights and related interpretations. As a matter of professional ethics, most libraries protect patron privacy by engaging in limited tracking of user activities, having short-term data retention policies (many libraries actually delete the record that a patron ever borrowed a book once it is returned), and generally enable the anonymous browsing of materials (you can walk into a public library, read all day, and walk out, and there is no systematic method of tracking who you are or what you’ve read). These are the existing privacy norms within the library context.

The move towards cloud computing platforms threatens to disrupt these norms. Much of cloud computing is based upon—indeed, built upon—encouraging increased information flows and the tracking, capturing, and aggregating of data about users’ activities. The prevalence of open flows of personal information on and across cloud and Web 2.0 platforms have prompted general concerns over the impact on user privacy. In order to take full advantage of Web 2.0 and cloud-based platforms and technologies to deliver services, libraries will inevitably need to capture and retain personal information from their patrons.

Writing nearly 20 years ago, before Library 2.0 could have been contemplated, Leigh Estabrook argued that retaining patron data could help libraries improve their services: “in the name of one good—keeping patron records confidential—we are sacrificing another: targeted and tailored services to library users.” More recently, Peter Brantley has argued, perhaps provocatively, that: “In today’s digital world, libraries cannot guarantee the absolute privacy of our users. But, more importantly, for our own purposes, we shouldn’t want to.”


Media and cultural critic Neil Postman warned, “Technology giveth and technology taketh away,” and I suspect he would view the emergence of Library 2.0 and related cloud-based library represent a modern-day Faustian bargain: these powerful Web 2.0-based tools hold the promise to enhance traditional library services with innovative and personalized features, while at the same time, they pose a potential threat to the library’s traditional protection of patron privacy. Thus, it appears that libraries are at a crossroads on how to best leverage Web technology to enhance their services and whether to loosen restrictions on collecting and retaining patron data to enhance these services.

Anecdotally, many librarians appear divided on how to address this tension between preserving traditional librarian ethics and offering Library 2.0 services. My own discussions with librarians and staff at a major U.S. library system on the development of Library 2.0 platforms revealed considerable disagreement on whether collecting and using patron data was an acceptable tactic in order to provide enhanced patron services, and participants at a recent symposium on Library 2.0 shared unease on how to balance the two sides of this dilemma (for example, view the presentations at the 2009 Library 2.0 Symposium hosted by the Yale Information Society project here and here). For some, like the developers of the prototype LibraryCloud, a multi-library data service that aggregates and delivers library metadata from various partner institutions, the potential of Library 2.0 should lead libraries to make use of all available and permitted data in order to help further the interests of their users, as argued by David Weinberger: “They will do this because it advances the values core to the mission of libraries, and thus advances the value of libraries.”

While pursuing Library 2.0 might provide a path to advancing many of the core values of the mission of libraries, such as access to information, other core values, such as privacy, necessarily become imperiled. No clear and simple resolution to this ethical dilemma has been forthcoming, and professional guidance has been minimal. My analysis of over 630 professional trade press articles discussing Library 2.0 and related services revealed privacy was only discussed substantively in 47 (7.5%) articles, and of those, fewer than 10 (1.6%) had in depth discussion or suggested possible solutions to mitigating the inherent concern. Thus, we are left with little guidance on how to address the new ethical and policy challenges that arise with the emergence of Library 2.0.


Where does this leave us? As an information policy and ethics scholar, my first reaction is to point to the need for a comprehensive assessment of the motivations, design, deployment, and impact of Web 2.0-based tools and technologies within library settings. At the Center for Information Research at the University of Wisconsin-Milwaukee, we have started just such a project. Earlier this year we launched a pilot research study to help us understand how libraries are implementing third-party cloud computing services, how these implementations might impact patron privacy, and how libraries are responding to these concerns. The results of the research will include a summary report of findings, and the development of a set of best practices to guide future implementations of cloud computing in public library settings, with the goal of finding a suitable balance between the need to provide cost-effective technology-based services while also protecting patron privacy.

But more than just scholarly research, we need a more pragmatic approach. For those familiar with my broader research agenda, you’ll know that I’m very dedicated to an approach called Values-in-Design, a pragmatic intervention within design communities and environments to ensure particular ethical values – such as privacy, autonomy, justice, and freedom – are considered in the initial design of new media and information technologies, rather than retrofitted after deployment. With a Values-in-Design approach, ethical values like privacy are translated and considered in relation to various technical variables and choices, through a combined exploration between technical designers, practitioners, and ethicists. Engaging directly with developers and managers of Library 2.0 systems can provide greater clarity of how the ethical value of privacy is conceptualized and operationalized within these systems and their use.

This is why I’m extremely happy to be a collaborator on a project managed by the National Information Standards Organization (NISO), a non-profit standards organization that develops, maintains and publishes technical standards related to publishing, bibliographic and library applications, to develop a Consensus Framework to Support Patron Privacy in Digital Library and Information Systems. The project, funded by the Andrew W. Mellon Foundation, supports a series of community discussions with advocates, practitioners, and technologists, on how libraries, publishers, and information systems providers can build better privacy protection into their operations. The grant will also support creation of a draft framework to support patron privacy and subsequent publicity of the draft prior to its advancement for approval as a NISO Recommended Practice.

Through these activities — combining scholarly research with pragmatic collaborations among practitioners and designers — we can work towards creating best practices for protecting patron privacy in the Library 2.0 era. Together, we can provide greater understanding of any gaps in how issues of patron privacy are understood and addressed within the broader implementation of cloud computing within libraries. The results of these types of projects will be applicable to the entire library and information professional community, providing conceptual clarity to issues of patron privacy in the Web 2.0 era, while promoting the innovative use of technology to facilitate discovery of knowledge.


Michael Zimmer, PhD, is a privacy and Internet ethics scholar. He is an Associate Professor in the School of Information Studies at the University of Wisconsin-Milwaukee, where he also serves as Director of the Center for Information Policy Research. With a background in new media and Internet studies, the philosophy of technology, and information policy & ethics, Zimmer’s research focuses on the ethical dimensions of new media and information technologies, with particular interest in online privacy, social media & Web 2.0, Library 2.0, and internet research ethics.

May 5, 2015

Choose Privacy Week Brief: Tell Congress to Support Real Privacy and Surveillance Law Reform

The time is long past for Section 215 to be meaningfully reformed to restore the civil liberties massively and unjustifiably compromised by the USA PATRIOT Act.

~~ALA President Courtney Young

 Very nearly from the day the USA PATRIOT Act was signed into law in 2001, librarians raised concerns about the scope of surveillance authorized under the provisions of the USA PATRIOT Act.  In particular, librarians protested the low or non-existent legal thresholds for obtaining Section 215 court orders and the lack of judicial review for secret subpoenas that provided federal agents with the authority to obtain records and information about individuals’ most sensitive First Amendment activities, seeing an enormous potential for abuse in such broad authority to peer into individuals’ lives.  The 2013 revelation that the PATRIOT  Act and similar laws were used to justify mass surveillance of innocent U.S. citizens’ digital communications confirmed librarians’ fears about the law.

As a result, the American Library Association continues to support legislation that amends or repeals those portions of the USA PATRIOT Act that pose a threat to library users’ civil liberties and right to privacy.

This week, May 4 – 8, 2015,  the ALA Washington Office is calling on librarians, library trustees, library patrons, and library supporters to participate in Virtual Library Legislative Day during the week of May 4 by calling and/or emailing their elected officials on May 5, or any time the week of May 4-8.

Currently, the ALA is urging passage of the USA FREEDOM Act of 2015, which bans the “bulk collection” of Americans’ personal communications records under the pen register statutes and National Security Letters; brings the “gag order” provisions of the USA PATRIOT Act into compliance with the First Amendment; and makes important “first step” reforms to privacy-hostile provisions, including Section 702, of the FISA Amendments Act.

ALA also urges passage of  the Electronic Communications Privacy Act (ECPA) Amendments Act (S. 356) and Email Privacy Act (H.R. 699) which  would bring about real reform to the ECPA (last revised in the 1986, long before the internet and digital communications were a reality.)   The reforms would  require government authorities to get a warrant to compel access to the emails, documents, photos, texts, and other files that comprise Americans’ “digital lives,” whether on the network or stored for an indefinite period of time.  (H.R. 699 already has been cosponsored by a bipartisan super-majority of all Members of the House,  as it was in the 113th Congress).   Full information can be found in the ALA Washington Office’s privacy and surveillance issue brief (.doc download);  you can communicate with your Congressional representatives via this link.

ALA actively works with coalitions like Fight 215! and Digital Due Process to end mass suspicionless surveillance and oppose legislation that: effectively creates new, or expands existing, government surveillance authorities.