A Toolkit to Audit Your Library’s Privacy Practices
by Sarah Houghton
Director, San Rafael Public Library (California)
Crossposted from ChoosePrivacyWeek.org
In this brave new world do you find yourself wondering how to ensure that your library is protecting your users’ privacy to the best of your ability? Not sure where to start? Check out the Library Patron Privacy Checklists, a joint effort from LITA’s Patron Privacy Interest Group and the ALA Intellectual Freedom Committee’s Privacy Subcommittee.
No matter what kind of library you work in, how big it is, or how much control you have over your IT infrastructure, these checklists can help you conduct a comprehensive audit of library user data collection, retention, submission, and security. This set of seven checklists will help your library take practical steps to implement the principles that are laid out in the ALA Library Privacy Guidelines.
Better yet, each checklist is organized into three priority groups. Priority 1 are actions that hopefully all libraries can take to improve privacy practices. Priority 2 and Priority 3 actions can be achieved by most libraries, but may depend on your organizational structure, control over infrastructure, technical expertise of staff, and resources.
The checklists cover:
- data exchange between networked devices and services
- e-book lending and digital content vendors
- library management systems/integrated library systems
- library websites, OPACs, and discovery services
- public access computers and networks
- students in K-12 schools
You’ll find simple and practical tips like destroying any documents with user data on them, making sure your library actually has a privacy policy, and changing default passwords. But you’ll also find very technical and specific guidelines like encrypting data communications between client and server applications, specific terms to look for in license agreements, and installing plugins on public computers to limit third party tracking.
Better yet, each checklist includes a list of resources to help you achieve each goal if you need some help getting pointed in the right direction. Basically, it’s privacy best practices in a box!