Minimize Your Library’s Future Data Breach

Privacy, Professional Ethics

By: John Mack Freeman

You remember the story about the big recent data breach? The one that was all over the news? Of course, anyone could be forgiven for not knowing what I was referring to. In the last few year, with a minimum of searching, there have been data breaches at:

Wikipedia even has a handy list of major data breaches that you can sort by year or number of people affected. And in this week’s Intellectual Freedom News, there was a story of a library having its data breached.

PrivacyI am not an IT person, and I don’t have a working technical knowledge of cybersecurity. However, it does seem that for many institutions, data breaches are not necessarily a matter of if they will happen, but when.

Because those breaches don’t have to even be especially sophisticated. With the rise of web-based ILS that can be accessed from anywhere with an internet connection, any past disgruntled employee or non-logged off computer left at an outreach event can be ripe for a data breach.

There are probably numerous technology solutions, both high tech and low, that can help to stop these situations from arising. However, when thinking about these issues, it is also a good time to consider how much information the library needs from individuals in the first place. Many libraries acquire a large amount of information about people to set up their cards; is all this information truly necessary? When was the last time these policies were looked at and truly evaluated for their efficacy? Can libraries look at their information policies to see if there are elements that can be made optional or eliminated altogether from the required set of information needed from each user?

It goes without saying that every library should do everything they can to safeguard each user’s privacy. But in the event that a breach or data theft occurs, it will be better if the information that is there isn’t more comprehensive than is absolutely necessary. ALA has an interpretation of the Library Bill of Rights regarding Privacy that states, “Library users expect and in many places have a legal right to have their information protected and kept private and confidential by anyone with direct or indirect access to that information.”

In the modern connected world, no one can guarantee 100% digital safety. The free flow of information has come with the caveat that bad actors may try to steal and misuse that information. However, if libraries can minimize the information they collect because of their beliefs in intellectual freedom and privacy, that is a practice that can help protect everyone, no matter what the technology looks like.


mackJohn “Mack” Freeman is a branch manager for Gwinnett County Public Library. He is a past recipient of the Freedom to Read Foundation’s Conable Scholarship, and he was a 2015 ALA Emerging Leader. He currently co-chairs the GLBTRT’s Stonewall Book Award Committee and is the Vice President for Membership of the Georgia Library Association. He is interested in privacy, self-censorship, new frontiers of IF, and services to under-served communities. You can find out more about him at When not in library world, he enjoys walking Bess, the most awesome boxer in the world, going on adventures with his husband Dale, and cooking Italian food from unintentionally snobby mid-century cookbooks. Find him on Twitter @johnmackfreeman.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.