With all the concerns we have recently regarding privacy and patron information, we sometimes forget about the data we collect and how we store it. This is especially important as we consider all the different ways our data is used. Let us first take a few minutes to look at data storage: what we are storing, where we are storing it, who has access to it, and how long were keeping it.
Let us also look at other types of data storage inside the library. For example, we might consider computer usage records or other types of in-house use. Most of this offer computers or other technology for patrons to use, and we need to consider what types of information we store and how long we store it for. At my library, we purge patron identifiable information every day. We still keep a record of computer usage, but there is no identifiable information stored with it. For other types of in-house use, like faxes, scanning, or microfilm, we do not store any information about their usage. My ILS does not store a history of patron checkouts beyond two. We purge older financial transactions as well. We keep the number of transactions and the amounts, but we remove any identifiable information from them.
While we may not always have control over the privacy policies of our third-party vendors, we can minimize their access to our information. When they request access to our databases, restrict their access to the smallest amount they need. Purge patron identifiable information before it is provided to third-party vendors, or is stored. When possible, negotiate contracts with third-party vendors to minimize the amount of information they collect, and how long they store it.
Once you understand all the places where patron information is stored, who has access to it, and how long it is retained, we must provide this to our patrons. We should update our policies to reflect data storage, and third-party access to it. In the situation where third-party companies have access to our patron data, we should supply links to their privacy policies. Make it easy for our patrons to know how we use their information, and what they can do to have more control over it. Teach them to understand how to control their information by using privacy protection in their browsers, or by reading privacy policies.
Matt Beckstrom is the Systems Librarian at the Lewis & Clark Library in Helena, Montana. He is the author of Protecting Patron Privacy: Safe Practices for Public Computers and other books on privacy, and is a frequent presenter on technology and library topics.