Library Privacy Policies by Jason Vaughan is a 2020 short title published under the Library Technology Reports from ALA. The book includes a great breakdown of how data is regularly collected and used in a number of different systems, many of which are routinely used in libraries (web servers, virtual reference tracking systems, patron records, etc.). Vaughan also outlines how this data can be used and shared outside of the intended purpose, serving as an important reminder of how many inlets and collection points in data collecting.
The author analyzed privacy policies available on library websites (mainly from public libraries and academic libraries). Some of the best policy examples include in-depth definitions of the types of data that are collected by libraries and also how the data is collected, used, retained, and secured. Additionally, some policies include specifics on state laws (and to note, ALA has a nice listing of state privacy laws.)
Circulation records and database usage may be the more commonly recognized areas of data collection that are regularly gathered by libraries, though the author includes policies addressing the data collected via web server logs, cookies and analytics usage. Some policies highlighted in the book also outline the nature/purpose of the usage of the data by the library for various activities, as well as the retention of data. As well, examples of privacy policies that discuss the collection and use of data from e-mail, web forms, surveys and virtual reference transactions are included. These additional examples of ways the library routinely collects data are ones that may not be as obvious as the circulation records, but are important to consider as personally identifiable information may be collected. And a few libraries also address video camera surveillance data, media used in promotional materials, and data collection of physical space analysis (door counts, patron use of space, etc.)
And perhaps the most valuable chapter of this book is on third-party platforms, and specifically how to work directly with vendors to both adhere to privacy policies and respect privacy values, but also to encourage library patrons to also be aware and review policies of third-party vendors policies. I also found the examples provided in the chapter on data security, integrity and retention to be especially useful, how libraries have outlined points of action in privacy policies on how data is protected.
Virginia Dressler is the Digital Projects Librarian at Kent State University. Her specialty areas are project management and digitization, working primarily with the university’s unique collections. She holds a Master’s of Library and Information Science from Kent State University (2007), a Master’s of the Arts in Art Gallery and Museum Studies from the University of Leeds (2003) and a certificate in advanced librarianship (digital libraries) from Kent State University (2014). Her research areas include privacy in digital collections and the Right to be Forgotten. She is author of Framing Privacy in Digital Collections with Ethical Decision Making (Morgan & Claypool, 2018).