Presentation is loading. Please wait.

Presentation is loading. Please wait.

Developing a Comprehensive Privacy Policy Rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship.

Similar presentations

Presentation on theme: "Developing a Comprehensive Privacy Policy Rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship."— Presentation transcript:

1 Developing a Comprehensive Privacy Policy Rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship. - American Library Association, Privacy Statement 2002 You have zero privacy anyway – Get over it. - Scott McNealy, Co-founder, Sun Microsystems, 1999 POINT COUNTERPOINT

2 2011 Version These are also galvanizing times of promise and opportunity. And yet we can only reap the full benefits if we work together, as a society, to uphold peoples right to privacy. - Jennifer Stoddart, Privacy Commissioner of Canada, November 2010 If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place - Eric Schmidt, CEO, Google, December 2009 POINT COUNTERPOINT

3 The Privacy Landscape Canadian Libraries are still inconsistent in their Privacy Policies Behind the US in this area Most Canadian Policies are response to PIPEDA or Provincial Privacy Legislation Some are Response to Events Only 7 of the 20 largest Ontario Public Library systems have a posted Privacy Policy!

4 Privacy Legislation Basic Principles for Personal Information: Collected with consent and for a reasonable purpose Used and disclosed for the limited purpose for which it was collected Accurate Accessible for inspection and correction Stored securely Only a Starting Point!

5 Importance for Libraries Libraries have a role to protect Privacy Protecting user privacy and confidentiality has long been an integral part of the mission of libraries. – American Library Association 2002 Awareness among Staff & Patrons Consistency in handling Data & Issues Guidelines for when Privacy is Tested

6 CLA Position Statement Drafted June 1987 First Sentence: Rapid advancements in computer and communications technology… Very Limited Scope That names of library users not be released to any person, institution, association or agency for any reasons save as may be legally required by Federal or Provincial laws. What about Usage Histories? Data Storage?

7 OLA Position Statement None Published (nor OLITA or OLBA) Occasional discussions (blogs, mailing lists, etc) Such as May 9, 2006: The OLA Board at its meeting on May 5 lent OLA's support to a coalition that is challenging digital copyright reform on privacy issues.

8 Privacy Dangers Fishing Expeditions Data Mining (Identified as threat by ALA) Pressure to Release Information Hidden caches of Data Unexpected points of access & storage Retention versus Preservation

9 Going Fishing… Police & other authorities may request patron records or usage information Significant pressure could be applied in certain types of situations Media Pressure Political Pressure – Board, Council, etc Pressure from the Public

10 In the News… Durham Regional Police have laid child pornography charges after an Oshawa man was seen surfing child porn at a public library… On January 7th, 2006, the accused attended the public library in Brooklin and began an extensive search for child pornography using one of the librarys computers… Officers seized two computers from the library and gathered additional information. -- Durham Regional Police News Release, April 19 2006 Police aggressive in attitude towards library Easier to involve Mayor/Media than obtain a warrant?

11 Even Bigger News… Security services had bomb plot suspects under surveillance for more than six months… To obtain the ammonium nitrate, [alleged bomb plot suspect Zakaria] Amara searched for suppliers on the internet, using the facilities of a public library… -- CBC News Report, June 7 2006 Mississauga Library Computers seized by RCMP – pressing matter

12 The Hot Button Issues Child Pornography Internet Sexual Predators Terrorism Can Library Boards & Management Resist Political & Media Pressure on these fronts?

13 A Different Approach… The Seattle Public Library Confidentiality Policy Minimum records kept The Seattle Public Library keeps the minimum number of records necessary for maintaining operations. When a customer logs off a Library Computer, information about that user session is automatically deleted.

14 Possible Headlines? Library refuses to co-operate with Child Pornography investigation Kidnapping case encounters roadblock in Library Libraries a Terrorist Internet Haven Cyber-Bullies use Library to hide their true identities

15 The B-List Cyber Bullying Stalking Threats Disseminating Hate Fraud The C-List: Activism

16 Privacy Policy Touchstones Last Week:Borrowing Records Yesterday:Public Access Computers, Internet Logs Today:eBooks, WiFi Access, RFID, Database Searches, 3 rd Party Services, Cloud Tomorrow:DRM, and ???

17 Last Week: Borrowing Records Basic Concept: Delete Info after Return Information about what a person may have borrowed is not retained when the item is returned except where fines and fees may have occurred Watch for Exceptions – Document Visiting Library Services: May want to retain Data Make sure Library Software truly complies (logs; backups; etc) Holds – Does Library Software treat differently? Other Considerations Patrons may want to see their own historical data; have a choice? Historical data for better service – Amazon Effect; Bibliocommons

18 Yesterday: Public Internet Access Sign-ups: Take Patron Info? Keep it? Keep Session Logs? Internet Acceptable Use Policies (AUP) ISP Responsibility; new US/EU Regulations [Sign up information] is removed as soon as the person who has reserved the computer signs on. - Seattle Public Library [We] delete the history of a users Internet session and all searches once an individual session is completed. - San Francisco Public Library

19 Today: New Challenges External DataBase Searches eBooks – Borrowing Records, etc 3 rd Party Services Beyond Control of Library? Possibly in jurisdiction of USA PATRIOT Act (etc)? WiFi Access for Patrons Login, Usage Logs, etc? RFID

20 Newest Challenges Cloud Computing Google Docs, Microsoft Office 365, Azure, Amazon Web Serv Jurisdiction Issues !! Danger, Danger ! Social Networking Interactions Facebook, etc Hardware & Equipment Photocopiers – some keep images of copies made (really!) Out-of-Lease & Disposed of; Stolen; Serviced; Garbage

21 Tomorrow: The Fun Never Ends DRM – Digital Rights Management Letters from major Privacy Advocates and Stakeholders regarding Privacy Risks with potential Copyright / DRM legal protections Whats Next?

22 The Case of the Hidden Data Many potential Data caches Logs Backups Caches & Mirrors Proxies Upstream storage & ISPs Partners, Suppliers, 3 rd Party Services, more

23 More Dangers Hidden/Undocumented Data Potential Embarrassment & Financial Liability for failed Policy Protections Loss of Patron Confidence Unexpected release – garbage bin data Costs (Staff Resources & More) to deliver difficult data when requested

24 The Privacy Ideal No need to release data you dont have Request & Store the absolute minimum Think twice before you capture data, and three times before you store it. - Electronic Frontier Foundation Delete Data no longer required

25 The Privacy Ideal Continued… Document All Hidden Sources Audit, Monitor, Consult Psychics Pick two out of three

26 Ingredients to a Policy Design Details for common issues Library Cards, Borrowing Records, Computer Use General Principles for the Future Synchronization with Reality Make sure you can deliver what you promise! Special Cases Equipment/Data Seizure Policy; Ethical Research Policy

27 Policy Frameworks CSA Model Privacy Code Accountability / Identifying Purposes / Consent / Limiting Collection / Limiting Use, Disclosure and Retention / Accuracy / Safeguards / Openness / Individual Access / Ability to Challenge Fair Information Practice Principles (FTC) Notice / Choice / Access / Security / Enforcement OECD Guidelines on the Protection of Privacy Collection limitation / Data quality / Purpose specification / Use limitation / Security Safeguards / Openness / Individual Participation / Accountability

28 Organization Must Decide Discuss, Debate, and Decide on Scope of Privacy Policy Extent of Data Retention Extent of Assistance to Law Enforcement Extent on Protection for Patron Privacy Board, Management & Senior Staff should all be involved in process

29 Policy Must Evolve New challenges, new technologies New Regulations; US atmosphere Increasing Awareness by Patrons / Public Board, Management & Staff Must Understand and buy-in to policy!

30 Related Policies… Data Retention Details Should be a Separate Policy, that adheres to Guidelines set in Privacy Policy Web Site Privacy Statement Related, but Separate in scope Staff Privacy Entirely Different Policy with Different Goals

31 References American Library Association Electronic Frontier Foundation Electronic Privacy Information Center Center for Democracy & Technology

32 More References CSA Model Code Information & Privacy Commissioner of Ontario Office of the Privacy Commissioner of Canada

33 Thank You! The role of libraries … must not be compromised by an erosion of the privacy rights of library users. -- American Library Association, 1991 George Geczy, Vice-Chair, Hamilton Public Library Email

Download ppt "Developing a Comprehensive Privacy Policy Rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship."

Similar presentations

Ads by Google