Protecting Patron Data: What Librarians Can Do
By Jeremy Goldstein
In January of 2021 the ALA Council passed the Resolution on the Misuse of Behavioral Data Surveillance in Libraries, stipulating that “Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information”. While libraries tend to excel at the advocacy aspect of this resolution, the data security piece is often overlooked given how integral passive data collection is to our daily operations. We collect personally identifying information with every card application, report on patron activities to plan our operations and apply for funding, and open our systems to third parties in order to provide innovative services to our patrons. Below are a few things libraries can do to help secure their patron data.
What Librarians Can Do
Strive for data minimization
The easiest way to protect your patron data is to not have it in the first place. A considered approach to data minimization looks at what data you collect, what purpose that data serves, how much of it you keep, and how long you retain it. Any data that does not serve a necessary purpose should be data you consider discarding or no longer collecting.
Follow the principle of least privilege
This principle dictates that both users and systems should only have access to the data they need to perform their particular tasks and nothing more. By this principle any staff, vendor, or service that lacks a necessary reason to view a patron’s information should be unable to do so.
Use de-identification techniques wherever possible
When you must store or transmit data, patron privacy can be improved through the application of de-identification and anonymization techniques such as obfuscation, truncation and aggregation. Avoid using direct identifiers such as a patron’s name when a more indirect identifier will do, such as a record id that is meaningless outside of the ILS. When analyzing library usage, group patron data into larger sets in order to mask the activity and identity of individuals, for example count checkouts by zip code.
Conduct a data risk assessment
In a data risk assessment you will identify the data your organization is collecting and the risks associated with the accessibility of that data so that you may pursue risk mitigation strategies. The Digital Library Federation has produced a helpful worksheet for assisting with such an undertaking.
Review the privacy practices of vendors you share data with
When purchasing services from a vendor it is important to review their privacy practices and to work with them on preserving your privacy goals to the best of your ability. Conduct a Vendor Privacy Audit as part of evaluating new vendors you may work with. If a vendor requires data or system access for their services to operate, work with them to minimize what you provide per the principle of least privilege.
These are just a few of the measures you can take to secure your patrons data. For more on these and other related topics, check out the ILS data and Vendors section of the Digital Privacy & Technology Guide.
Jeremy Goldstein is the Data Curation Librarian for the Minuteman Library Network. He supports acquisitions, serials and the various reporting tools and develops custom data applications to meet the needs of the member libraries. You can find many examples of his work on Github and find him on Twitter @jmgold