[Libs-Or] Oct. 2016 Tuesday Topic: New ALA Privacy Guidelines

Roberta Richards rrichard at pcc.edu
Tue Oct 11 13:28:20 PDT 2016 

October 2016 Tuesday Topic:  New ALA Privacy Guidelines


Welcome to Tuesday Topics, a monthly series covering topics with
intellectual freedom implications for libraries of all types. Each message
is prepared by a member of OLA's Intellectual Freedom Committee
<http://www.olaweb.org/index.php?option=com_content&view=article&id=159>
(IFC). Questions can be directed to the IFC member who sent the message or
to one of the IFC chairs.



New ALA Privacy Guidelines


On June 24th, the American Library Association released comprehensive new
privacy guidelines focused on protecting patron data.  According to a press
release
<http://www.ala.org/news/press-releases/2016/08/new-library-privacy-guidelines-offer-strategies-protecting-patron-data>
from
ALA’s Office for Intellectual Freedom:

The American Library Association's Intellectual Freedom Committee has
approved four new library privacy guidelines that outline strategies and
best practices for protecting patron privacy in the digital environment.
The guidelines address onlineprivacy and data security and are intended to
assist librarians, libraries, schools and vendors in developing policies
and procedures that safeguard library users' data.  The new guidelines
include:

   -

   Library Privacy Guidelines for Public Access Computers and Networks
   <http://www.ala.org/advocacy/library-privacy-guidelines-public-access-computers-and-networks>
   -

   Library Privacy Guidelines for Library Websites, OPACs, and Discovery
   Services
   <http://www.ala.org/advocacy/library-privacy-guidelines-library-websites-opacs-and-discovery-services>
   -

   Library Privacy Guidelines for Library Management Systems
   <http://www.ala.org/advocacy/library-privacy-guidelines-library-management-systems>
   -

   Library Privacy Guidelines for Data Exchange Between Networked Devices
   and Services
   <http://www.ala.org/advocacy/library-privacy-guidelines-data-exchange-between-networked-devices-and-services>

The IFC Privacy Subcommittee developed the documents, with input from
additional ALA committees, divisions, interest groups, and roundtables with
an interest in privacy.  The guidelines augment the previously released Library
PrivacyGuidelines for E-book Lending and Digital Content Vendors and Library
Privacy Guidelines for Students in K-12 Schools.

These guidelines address the new reality that libraries’ commitment to
protecting privacy depends on the security of our networks and the
practices of the third party vendors we contract with for so many of our
services.

How should libraries respond to these new guidelines?  The documents make
clear that the devil is in the details.  Living up to our values requires
not only sound policies and practices, but also extensive technological
expertise and eternal vigilance in ensuring that vendors who we entrust
with confidential data live up to our standards.  ALA’s Office of
Intellectual Freedom Privacy Subcommittee had indicated that additional
resources and trainings “to help libraries put the principles outlined in
these documents into practice” will be forthcoming.

In the meantime, here are a few possible first steps for responding to the
guidance that that ALA has provided:

*Read and familiarize yourself with the guidelines
<http://www.ala.org/advocacy/privacyconfidentiality>.*  Some sections are
most relevant for public service staff, others for systems and technology
staff members, and all will be of interest to managers and directors.  One
or more of the guidelines could be an agenda item for an upcoming staff
meeting.

*Look for low hanging fruit.*  While parts of the guidelines, and certainly
their totality, can be intimidating, there are many places to start for
better privacy protection.  Here are a few examples from the guidelines
that are more easily followed:

   -

   “The library should provide browsers and plugins that offer privacy
   protections when surfing the Web.”
   -

   “The library should establish policies for how long to retain different
   types of data and methods for securely destroying data that is no longer
   needed.”
   -

   “Library staff who manage the library's websites and services should
   receive training on the library's privacy policies and best practices for
   safeguarding patron privacy. Library staff that negotiate contracts with
   vendors that provide websites and services should also receive privacy
   training.”

*Use the guidelines in negotiations with vendors and administrators* These
guidelines provide leverage in our interactions with partners as we demand
high standards for data protection.  The commitments we are asking for are
not the quirky preferences of an individual library, but the professional
standards of our national organization.

As library staff digest these guidelines and decipher how to make them
operational, the old adage to not let the perfect be the enemy of the good
comes into play.  Libraries are committed to protecting patron data in an
environment  where sophisticated agents, some malicious and others our
trusted partners, are using every tool at their disposal to collect and use
that data.  The new ALA privacy are of both aspirational and practical
value as libraries make incremental steps in support of our professional
values.


Questions or comments?  Contact the OLA Intellectual Freedom Committee.
<http://www.olaweb.org/intellectual-freedom-contact-us>

-- 
Roberta Richards (pronouns:  she/her/hers)
Faculty Reference Librarian
971-722-4962
rrichard at pcc.edu
Southeast Library Research Desk: 971-722-6289
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/libs-or/attachments/20161011/643382d4/attachment.html>

More information about the Libs-Or mailing list