SUNYergy Archive: Access to All Issues April 2004
Volume 6 Number 2
Page 3

Photo of Michael MatisIt's 2004: Do You Know Where Your Patron Data Is?
by Michael Matis, University at Albany

Cover Story

Library Patron Privacy

Features

"Scrubbing" Your Patrons

Do You Know Where...

Union Catalog

Evidence of SUNYergy

Additional SUNYConnect Updates

How to Contact Us

Linkable Links

Link to the SUNYConnect Committees List

 

 

Since the passage of the USA PATRIOT Act, a great deal of attention has been paid to the possibility of increased surveillance of library records. Library associations around the country are calling for the repeal of sections of the PATRIOT Act that relate to library records. However, libraries do not need to wait for legislative action to take active steps to protect the privacy of their patron records. They can review their data collection practices to assure themselves that data associated with personally identifiable information (PII) will be stored only as long as it serves a legitimate business purpose. The method used to conduct this survey is a privacy audit.

A privacy audit is a systematic review of the data-collection practices of an organization to determine if the practices are consistent with the privacy policies of the organization. It helps to ascertain what the life-cycle of patron data should be, i.e., how data with PII about patrons is collected, how it is used, how long it is stored, and when it should be deleted.

A privacy audit does not mandate the disposal of records. Rather, it is an opportunity for a library to have a structured conversation about when and how library records are stored in furtherance of the library's business needs. It is an opportunity for librarians to discuss the role of data in the library. Photo of Dewey Library at UAlbany

Some may think they do not need to do a privacy audit because they already de-link circulation records when items are returned. However, are they aware if their vendor backs up the circulation data? And what about all other areas where data is collected? Computer sign-in sheets? Email reference questions? Web server logs? Increasingly libraries offer digital services that generate transactional data by default. Conducting an audit allows a library to discover just how much data they are collecting and set retention policies consistent with the mission of the library.

Others may think they do not need to conduct an audit because they destroy any data as soon as any transactions concerning the data are concluded. However, destroying data links is a Draconian measure because it removes a valuable source of data about the trends of the library users. It is possible to "scrub" data such as circulation records and email requests of PII and restructure it to capture some of the demographic data that the records contain. To learn more about this process of "bibliomining" see the article by Scott Nicholson.

To learn more about how to plan for a privacy audit, consult the ALA privacy toolkit.

IT organizations have learned that doing an audit for one purpose has yielded unexpected benefits in another area. Prior to the year 2000, many organizations were very concerned about the "Y2K" problem Exterior photo of Dewey library at UAlbanyand took active steps to prevent any disruptions to their operations by doing a thorough audit of their IT systems. The unexpected benefit that firms who took the Y2K issue seriously and did a thorough audit realized was that with a few adjustments, they had a good blueprint for a disaster recovery plan. Perhaps librarians should rethink their perceptions of the USA Patriot Act. Instead of seeing it only as a threat, it is more helpful to see it as an opportunity to start evaluating their data collection practices and in the process discover new ways of utilizing data without compromising patron's privacy interests.

(Editor's note: Michael will be presenting on the topic of library privacy audits at SUNYLA 2004 in Cortland.)

Go back to page 2Go forward to page 4

Cover Story

Library Patron Privacy

Feature

"Scrubbing" Your Patrons

[Image: Bobby Approved Logo]

Feature

Do You Know Where...

Union Catalog

Evidence of SUNYergy

Additional SUNYConnect Updates

 


How to Contact Us

Linkable Links

 

Link to the SUNYConnect Committees List