Library Privacy Policies by Jason Vaughan is a 2020 short title published under the Library Technology Reports from ALA. The book includes a great breakdown of how data is regularly collected and used in a number of different systems, many of which are routinely used in libraries (web servers, virtual reference tracking systems, patron records, etc.). Vaughan also outlines how this data can be used and shared outside of the intended purpose, serving as an important reminder of how many inlets and collection points in data collecting.
The author analyzed privacy policies available on library websites (mainly from public libraries and academic libraries). Some of the best policy examples include in-depth definitions of the types of data that are collected by libraries and also how the data is collected, used, retained, and secured. Additionally, some policies include specifics on state laws (and to note, ALA has a nice listing of state privacy laws.)
Circulation records and database usage may be the more commonly recognized areas of data collection that are regularly gathered by libraries, though the author includes policies addressing the data collected via web server logs, cookies and analytics usage. Some policies highlighted in the book also outline the nature/purpose of the usage of the data by the library for various activities, as well as the retention of data. As well, examples of privacy policies that discuss the collection and use of data from e-mail, web forms, surveys and virtual reference transactions are included. These additional examples of ways the library routinely collects data are ones that may not be as obvious as the circulation records, but are important to consider as personally identifiable information may be collected. And a few libraries also address video camera surveillance data, media used in promotional materials, and data collection of physical space analysis (door counts, patron use of space, etc.)
And perhaps the most valuable chapter of this book is on third-party platforms, and specifically how to work directly with vendors to both adhere to privacy policies and respect privacy values, but also to encourage library patrons to also be aware and review policies of third-party vendors policies. I also found the examples provided in the chapter on data security, integrity and retention to be especially useful, how libraries have outlined points of action in privacy policies on how data is protected.
The author also frequently points to the ALA Privacy Toolkit as a great resource for developing a privacy policy. And finally, the book also offers recommendations and guidance around releasing information to higher authorities (here defined as: professional organizations, state or federal law officers).
The book provides some good examples of privacy policies that are currently in use, though I had hoped to see an outline or template included in the title as well that a reader could refer to and use. (Though, the ALA Privacy toolkit has some great recommendations of sections to include in a privacy policy.) Overall, I think this title would be a good addition for a practical review of privacy policies in libraries.
Virginia Dressler is the Digital Projects Librarian at Kent State University. Her specialty areas are project management and digitization, working primarily with the university’s unique collections. She holds a Master’s of Library and Information Science from Kent State University (2007), a Master’s of the Arts in Art Gallery and Museum Studies from the University of Leeds (2003) and a certificate in advanced librarianship (digital libraries) from Kent State University (2014). Her research areas include privacy in digital collections and the Right to be Forgotten. She is author of Framing Privacy in Digital Collections with Ethical Decision Making (Morgan & Claypool, 2018).