• Like
Privacy and security 815
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Privacy and security 815



  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • WORM (Write once read many) No reader authentication


  • 1. Future Privacy & Security Concerns in Libraries Kyrsten Crowe, Rachel Hodges, Emily Stockdale
  • 2. USA PATRIOT Act
    • U niting and S trengthening A merica act
    • P rovide A ppropriate T ools R equired to I ntercept and O bstruct T errorism act
    • Passed after 9/11 to gain information to prevent future terrorist attacks and protect innocent Americans.
    • Allows gov’t seizure of personal information of patron’s from libraries in paper or electronic form.
    • (Fifarek, 2002)
  • 3. Patron Records
    • “ Confidentiality relates to the possession of personally identifiable information [PII], including such library-created records as closed-stack call slips, computer sign-up sheets, registration for equipment or facilities, circulation records, Web sites visited, reserve notices, or research notes (ALA Privacy and Confidentiality).”
    • All libraries should have a records retention policy for paper and electronic records with Personal Identifiable Information (PII) (Vaughn, 2007).
      • EDI alerts such as “If you liked this book, then you will like these…” relies on PPI (Fifarek, 2002).
  • 4. ALA Code of Ethics
    • III. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.
    • VI. We do not advance private interests at the expense of library users, colleagues, or our employing institutions.
    • ALA: Code of ethics. (1995). ALA: American Library Association . Retrieved July 30, 2010, from http://www.ala.org/ala/issuesadvocacy/proethics/codeofethics/codeethics.cfm
  • 5. Privacy Statement
    • The Sonoma County, CA Library’s Privacy Statement:
      • We are committed to preserving the privacy of our visitors and patrons. We do not collect personal information about you just because you visit this site. We will not share any information you give us with anyone unless required by cour t order. We do not collect or sell your information for commercial purposes. Your patron information is confidential (Falk, 2004).
    • Libraries can use the ALA Privacy Toolkit to help create their own policy: http://www.ala.org/ala/aboutala/offices/oif/iftoolkits/toolkitsprivacy/privacy.cfm
  • 6. How to Protect Patron Privacy
    • Limit the monitoring, collection, disclosure, and distribution of personally identifiable information (PII).
    • Avoid creating unnecessary records. Only record a user's PII when necessary for the efficient operation of the library.
    • Avoid retaining records that are not needed for efficient operation of the library. Assure that all kinds and types of records are covered by the policy, including data-related logs, digital records, vendor-collected data, and system backups.
    • Avoid library practices and procedures that place information on public view
      • using postcards for overdue notices or requested materials;
      • using patron names to identify self-pickup holds;
      • placement of staff terminals so the screens can be read by the public;
      • using sign-in sheets to use computers or other devices;
      • providing titles of reserve requests or interlibrary loans over the telephone to users' family members or answering machines).
    • (ALA Privacy ToolKit, 2004)
  • 7. RFID Concerns
    • Risks to Borrower
    • Tracking materials
    • Hotlisting materials
    • Profiling
    • Risks to Collection
    • Disarm/alter tag
    • Switching tag data
    • Digital vandalism
  • 8. RFID Changes for Library Use
    • Libraries should not use RFID tags for borrower cards
    • Limit the amount of data recorded on the tag to just the primary item number
    • Only staff should have access to bibliographic searching using the tag number.
    • Inform the community about your local RFID project.
    • Review security procedures for staff.
    • Lobby vendors for improved security solutions.
    • (Butters, p. 437)
  • 9. Library Public Access Computer Privacy/Security
    • Information Age
    • Computer Centers in libraries are booming.
    • Libraries promote information literacy, but technology exacerbates risks to privacy and confidentiality.
    • How much responsibility does a library have when it comes to privacy and security risks on public access computers?
  • 10. Keeping Public Info Safe
    • Several software options.
    • 4 things
      • Temp. Internet Files
      • Browsing History
      • Cookies
      • Form Memory/”autocomplete”
  • 11. Keeping Public Info Safe
    • Consult ALA Guidelines for Developing Privacy Policy.
    • Do so often, to keep up with technology advances.
    • Modify library privacy policy to address your patrons.
    • No chat rooms, no games, no flashdrives.
  • 12. Social Networking and Web 2.0 Privacy & Security Issues: Implications for Librarians
  • 13. Privacy in the Web 2.0 World
    • While privacy is a core value of libraries, Web 2.0 tools are about sharing information.
    • As librarians, to what degree are we responsible to educate our users on privacy and security in the use of these tools?
    • How can these tools be used to enhance library services and meet user’s needs?
  • 14. Library 2.0
    • Library 2.0 is a new way of providing library service through new Internet technologies, with emphasis on “user-centered” change and interaction.
    • Library services are frequently evaluated and updated to meet the changing needs of library users.
    • The active and empowered library user is a significant component of Library 2.0.
  • 15.
    • Libraries can harness the power and popularity of these tools to reach out to their users.
    • In using these tools, librarians must be aware of ever-changing privacy policies and use these tools in accordance with their own ethical standards.
    • While educating users on privacy is not the responsibility of the librarian, information and guidance can be offered.
  • 16. Questions for Users to Consider:
    • Who can see my information?
    • Is my information safe?
    • How is my information being used?
    • How can I protect my privacy?
  • 17. Web 2.0 Security Vulnerabilities
    • Web 2.0 sites are more prone to attack since they have more interactions with the browser and require running complex Javascript code on user machines. Malicious content could easily be introduced without the user’s knowledge.
  • 18. What can librarians do?
    • Have an up-to-date understanding of popular social networking sites and Web 2.0 tools and potential privacy issues
    • Ensure that the tools the library uses do not violate ethical privacy standards
    • Provide information to educate users on potential privacy & security threats
  • 19. References
    • ALA code of ethics. (1995). ALA: American Library Association . Retrieved July 10, 2010, from http://www.ala.org/ala/issuesadvocacy/proethics/codeofethics/codeethics.cfm
    • ALA privacy and confidentiality. (n.d.). ALA: American Library Association. Retrieved July 23, 2010, from http://www.ala. org/ala/aboutala/offices/oif/ifissues/privacyconfidentiality . cfm
    • ALA privacy toolkit (2004). ALA: American Library Association. Retrieved July 23, 2010, from http://www.ala. org/ala/aboutala/offices/oif/iftoolkits/toolkitsprivacy/privacy .cfm
    • Batt, C. (1995, August 20). The library of the future: public libraries and the internet . Retrieved from http://archive.ifla.org/IV/ifla61/61-batc.htm
    • Ben-Itzhak,Y. (2007, September 10). Tackling the security issues of web 2.0. Retrieved from http://www. scmagazineus .com/tackling-the-security-issues-of-web-20/article/35609/
    • Blyberg, J. (2006, January 9). 11 reasons why library 2.0 exists and matters [Web log]. Retrieved from http://www.blyberg.net/2006/01/09/11-reasons-why-library-20-exists-and-matters/
    • Butters, A. (2007). RFID systems, standards and privacy within libraries. The Electronic Library, 25 (4), 430-439 Retrieved July 26, 2010 from the EBSCOhost database.
    • Cottrell, J. (1999). Ethics in an age of changing technology: familiar territory or new frontiers? Library Hi Tech , 17(1), 107-113.
    • Courtney, N. (2007). Library 2.0 and beyond: Innovative technologies and tomorrow's user. Santa Barbara, CA: Libraries Unlimited.
    • Cvetkovic, M. (2010, August 1). Making Web 2.0 Work—From ‘Librarian Habilis’ to ‘Librarian Sapiens’. Retrieved from http://www.infotoday.com/cilmag/oct09/Cvetkovic.shtml
    • Evers, J. (2006, July 28). The security risk in web 2.0. Retrieved from http://news.cnet.com/The-security-risk-in-Web-2.0/2100-1002_3-6099228.html
    • Fernandez, P. (2009, March). Online social networking sites and privacy: Revisiting ethical considerations for a new generation of technology . Library Philosophy and Practice, 1-9.
    • Fifarek, A. (2002). Technology and privacy in the academic library. Online Information Review , 26(6), 366-374. Retrieved July 23, 2010, from the Emerald full text database.
    • Litwin, R. (2006, May 22). The central problem of library 2.0: Privacy [Web log]. Retrieved from http: //libraryjuicepress . com/blog/ ?p=68
    • Mullan, J. (2009, February 25). Social networking: Privacy and other issues [Web log].Retrieved from http://www.therunninglibrarian.co.uk/2009/02/social-networking-privacy-and-other.html
    • Sauers, M. (2005, October 19). Protecting patron privacy on public pcs . Retrieved from http://www.webjunction.org/pc-protection/-/articles/content/435260.
    • Saunders, A. (2008, January 8). A privacy manifesto for the web 2.0 era. Retrieved from http://gigaom.com/2008/01/08/a-privacy-manifesto-for-the-web-20-era/
    • Sturges, P. (2003). User privacy in the digital library environment. Library Management , 24(1/2), 44-50.
    • Vaughan, J. (2007). Toward a record retention policy. The Journal of Academic Librarianship , 33(2), 217-27. Retrieved July 23, 2010, from the Library Literature and Information full text database.