Helping Privacy Survive COVID-19: Inspirational Tidbits from William Marden, NYPL Director of Privacy and Compliance

General Interest, Policies, Privacy

By: Samantha Mairson

Headshot of William Marden, Director of Privacy and Compliance at the New York Public Library.
William Marden, Director of Privacy and Compliance at the New York Public Library.

I’m in Inwood, where the CEO of NYPL, Tony Marx, used to live according to an interesting interview he gave on Yahoo Finance about the NYPL response to COVID-19. William Marden shared the Marx interview with me in advance of our own meeting. When we met in GoogleMeet, I told Marden about my 9-month year old son and my work as a children’s librarian at the Rye Free Reading Room. He told me about his daughter, a teacher of two year olds at a well-known institution. He commented on the upside of the pandemic for many people: being with our families.

He noted the bikes on the wall behind me. He told me about friends in Rye with a perfect view of my library, the Rye Free Reading Room and the Square House Museum. I told him about my library’s use of our Facebook page, the scale of our efforts, what our library is doing, relevance, virtual events, social media controls.

Marden talked about changes caused by the pandemic. He speculated about the virtual realm continuing in a greater capacity than before, echoing the sentiments of NYPL’s CEO. He spoke to NYPL’s plan for reopening gradually and remarked on an important feature of Marx’s interview about new sanitation measures to ensure safe public spaces and virus-free booklending.

We discussed the reality of remote platforms (Zoom, Google Meets). Marden spoke about NYPL’s Tech Connect programs and described NYPL’s use of a third party product which enables participants in the chat group to appear anonymously as User 1, 2, 3, etc. What else is NYPL doing? Virtual book clubs, author talks live streamed on YouTube and Vimeo. Find, for instance, Neil Gaiman, LeVar Burton, Rosario Dawson and Dakota Fanning doing readings of Gaiman’s book “Coraline” as part of an NYPL series on YouTube which took place from May 12 to May 18. NYPL encouraged cardholders to borrow an e-copy of “Coraline” and follow along or read ahead of time.

William Marden says when library patrons participate in library programs, the New York Public Library ensures that patrons see the appropriate disclaimers about any third-party products (such as Google Meet, Zoom, YouTube, etc). NYPL refers them to those companies’ privacy policies for more information. Marden says, to truly help the public we need to lay out user controls at the beginning of any online presentation. Think: on-the-spot training of people. Platforms are constantly updating and changing at lightning speed. 

  • Assume the audience is unfamiliar with the technicalities and use of these platforms and use public programming events to help them become more familiar with them. Think of every virtual exchange as an opportunity to teach. 
  • Keep a pulse on what the third parties are doing. Google, for example, is known for using advanced forms of facial and voice recognition software. We know it’s likely they keep recordings and transmitted content. There are caveats for using anything, he says.

Things people might have said in a classroom space are now being said online. That’s a big difference with our “new normal” during the pandemic. There are new controls (and lack thereof) in the online environment. When you login in, most people understand that implicitly on some level. 

There’s no easy answer for what “doing privacy well” looks like; there is no supreme standard to benchmark against. We are learning as we go, and trusting the competence of our staff. Our chief leadership works closely together to have a cohesive approach, Marden says.

Libraries are deciding on platforms and programs. Marden says that at an organization as big as NYPL, there are normal mechanisms and workflow for deciding on platforms and programs. It’s about bringing the right people to the table such as IT, Digital Operations, Legal and Risk Management. When you can do that with your leadership, all the parts and pieces come together. When you do that well, the effort to choose a platform or program is not scattershot, he says.

Marden characterizes the pandemic period challenges with optimism: yes, staff are anxious, but they’re also being inventive and creative. Erin Berman (head of the ALA’s privacy subcommittee) told William Marden her library is going through large rethinking of programs and resources. Marden says it behooves every library to do that top-to-bottom analysis and assessment of programs. The goal, of course, is offering everything in a safe way and mitigating risk.

Libraries are largely dependent on third-party products. Those products make our everyday life easier: the lending and discovery systems, remote platform technology, databases. You name it. But, there is a spectrum of risks. To Zoom’s credit (and platforms like it), they try to ameliorate risks. Their business depends on it.

Libraries can make it clear to vendors what we need and what patrons need. For example, librarians recently negotiated to ensure that library access to training tutorials does not require users to have a LinkedIn social media account. Members of the ALA’s privacy subcommittee (including Berman and Samantha Lee) led the charge to assure that patrons could still access the products anonymously, without tech giants forcing their participation elsewhere. The opposition campaign even included a visit to LinkedIn headquarters in San Francisco. At first, they were stonewalled. But then the key players seemed to change their mind… where libraries collectively push back, change happens. Librarians can be early opponents to technology changes that force a user’s hand when it comes to sacrificing their own information or making a bigger digital footprint. Library professionals can be advocates, and an important resource for finding answers to tough questions. The profession has collective bargaining power. We get to say what libraries do and don’t want. When it comes to privacy rights, we’re a centerpiece of the conversation.

There are not a lot of laws on the books when it comes to privacy in the United States… COPPA, HIPPA. But there’s no special law just for libraries. The library profession has a long history of pushback on privacy-related law (see FOI, Patriot Act). But we have no big papa consumer protection privacy act like they have in Europe (GDPR).  

People trust libraries to make decisions for them when it comes to using different tools online. Libraries vet resources, and this has long been a feature of library reference work.

According to Marden, librarians can think of three fold criteria to help them vet resources:

  • Is it authoritative? 
  • Is it up-to-date?
  • Does it respect privacy and confidentiality?

On Friday, May 8, Marden served as a panel member for an American Library Association webinar with other privacy leaders in the library profession. He said he looked forward to learning what people around the country are doing to address challenges of the pandemic. He made a special nod to library friends in the academic sector, whose challenges are somewhat unique from his work in the public library space.

Questions he anticipated:

  • What do we say to patrons reluctant to use platforms and programs? 
  • Choices – what is best? 

Marden said it’s important, in a sense, to limit choices. Stick to a vetting process. Test drive products (and share our reviews with the wider profession). The Director of Privacy and Compliance at NYPL says he’s long-advocated for a consumer report of products, and he noted a few reports that have been done. He named one done by Mozilla about various tools people are using, but noted that information is updated very quickly. He showed the report to a colleague and the information’s accuracy was challenged. The Mozilla report mentioned nothing about zoom’s in-process lack of encryption or the recent upgrade to 250 bit encryption. Marden says the intricacies of what’s safe and what’s not can be… confusing, even for people steeped daily in discussion of privacy and security. (Nevermind for those that are not!)

Marden remarks that he thinks things will be different tomorrow, and hopefully in a better way.

He says there’s a trend toward better privacy, not less. “What happens on the backend is not always as fully described as we like,” he said. It’s typical for there to be a fourth party, or marketing companies. “We use a third party to market items we think are useful,” he said about NYPL’s internal approach.

For vendors, there’s often an “open door.” It’s commonplace for vendors to sell information to data brokers, and that can often feel beyond library control. But it’s not all doom and gloom; most vendors realize that their reputation is at stake when it comes to user privacy. Successful companies – famously Apple – profit from privacy bragging rights and reputation. Many third party vendors obscure personal user data as it changes hands.

Marden visualizes privacy and data exchange as being like, “a ripple effect in a pond”. When you think about the “digital universe” (the pond), containment of information is trickier and vastly different. For every action, there is another action. It’s controllable to an extent, he says, but a lot depends on the vigilance of librarians. It’s a lot like the parent-child relationship, he muses. “Make sure the room is childproofed.”

Marden says: “Give people a choice as much as possible. Libraries have a responsibility to make sure… when they invite the public in, that they provide as safe a place as possible.”

William Marden is what some might call a policy pro. I ask him for his advice in this area. He says NYPL’s privacy policy is not yet as FAQ-ish as one might want, and that he still aspires to provide more simplified information. He recommends checking out vendor guidelines recently published by ALA. He recommends talking to peers.

He tells about one NYPL leader (Brian Bannon) coming from Chicago to be the head of library services, and how Brian brought his past experience with Brainfuse to the table. He was able to say that one major U.S. public library has tried it, and share their best practices.

One of Marden’s go-to best practices: be mindful. Doing a Facebook storytime? Tell viewers this program is recorded. When they engage, help them understand that Facebook may be capturing XYZ information. Be mindful of things over which the library doesn’t have any control. This is a place where we – librarians – can all be better citizens in the privacy realm. We make daily choices like async versus synchronous training. That is, meeting live in-conference or offering content pre-produced. “You don’t have to fully replicate what you had before,” he says.

What we’re left with at the end of the day: guidance tips, thoughtful choices around what we use, movement toward a more permanent kind of [virtual] engagement [between] libraries and patrons, helping patrons better understand the use (and caveats) of the products we use. He foresees a world in which library users are empowered by “the fact that I can do this [engage with the library] from home.” That will be great, he says. But he points back to a moment in the Tony Marx video interview where Marx describes a lack of digital access for lower income patrons. 

Again, we must be mindful, Marden says. Reach those people. Continue to think of the library for everything it provides, including wifi access. Marx told a story of encountering a child sitting on the curb outside of one NYPL branch one day several years ago (long before the pandemic). The boy had a very old laptop. When Marx inquired, the boy said he was doing his homework, using the WiFi “bleed” outside the library branch building. William Marden mentions NYPL’s previous program in which hotspots were lent to children in low-income  households for this very reason. He paints a picture with statistics. Some estimates put almost 1 million New Yorkers at home without internet access.

Privacy is one thing, being left behind is another.

Samantha Mairson

Samantha Mairson is a children’s librarian at the Rye Free Reading Room in New York. She is a staunch intellectual freedom fighter. Previously she worked for EveryLibrary, the first national political action committee for libraries. Samantha is a graduate of the Syracuse University MLIS program with a Certificate of Advanced Study in Information Security Management, and the University of Connecticut where she studied Digital Media Design and Spanish. She once walked from North Carolina to Connecticut, and dreams of building a tiny home. She currently resides in New York City with her husband, sister-in-law, newborn baby, and the family dog, Rocky!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.