Patron Privacy and Data Storage

By Matt Beckstrom

With all the concerns we have recently regarding privacy and patron information, we sometimes forget about the data we collect and how we store it.  This is especially important as we consider all the different ways our data is used. Let us first take a few minutes to look at data storage: what we are storing, where we are storing it, who has access to it, and how long were keeping it.

During a library privacy audit, it is a good idea to reevaluate what information we are storing. There are many places where we collect information that we may not always think about. Take for example our websites. Many Web servers by default collect logs containing a lot of information about our users. Not all of it is useful or necessary. It is common to collect information about our visitor’s browsers in order to make our websites more efficient. Things like browser type and version, operating system, and location. Most of this information is not personally identifiable information, and is therefore relatively safe to collect and store, but it is possible to collect too much information. Take a few minutes to verify what information your web analytics is storing, and decide what the minimum that you need is. Many websites will use cookies to track user behavior. If you are using cookies in your website make sure, if you can, that there is a notice that your website uses cookies.  It would be a good idea to provide information to your users on how to block cookies if they do not want to provide this information.

Let us also look at other types of data storage inside the library. For example, we might consider computer usage records or other types of in-house use. Most of this offer computers or other technology for patrons to use, and we need to consider what types of information we store and how long we store it for. At my library, we purge patron identifiable information every day. We still keep a record of computer usage, but there is no identifiable information stored with it. For other types of in-house use, like faxes, scanning, or microfilm, we do not store any information about their usage. My ILS does not store a history of patron checkouts beyond two. We purge older financial transactions as well. We keep the number of transactions and the amounts, but we remove any identifiable information from them.

It becomes difficult when we consider third-party companies. There are many systems that connect to our patron databases. For example, downloadable media services connect to our databases using sip2 or APIs in order to authenticate our patrons. During these connections, it is possible that much of our patron information is also being exchanged. When signing up for these services, review their privacy policies. They should cover what types of information they collect, whether it is personally identifiable or non-personal identifiable information, what the use it for, and how long they retain it. For example, the overdrive privacy policy explains the difference between personal information and non-personal information, and that they only collect non-personal information. It also states that any information they collect is protected and encrypted, and is only obtainable by specific employees. They also say that the information is stored for as long as they deem necessary to provide the services they provide, or for as long as is permitted by law.  It is also useful to know of any services that your third-party vendors are using. Some companies use other companies for their services. Overdrive, for example, uses Google analytics, and applications like CrazyEgg and Google AdWords. Each of these companies have their own separate privacy policies.

While we may not always have control over the privacy policies of our third-party vendors, we can minimize their access to our information. When they request access to our databases, restrict their access to the smallest amount they need. Purge patron identifiable information before it is provided to third-party vendors, or is stored. When possible, negotiate contracts with third-party vendors to minimize the amount of information they collect, and how long they store it.

Once you understand all the places where patron information is stored, who has access to it, and how long it is retained, we must provide this to our patrons. We should update our policies to reflect data storage, and third-party access to it. In the situation where third-party companies have access to our patron data, we should supply links to their privacy policies.  Make it easy for our patrons to know how we use their information, and what they can do to have more control over it.  Teach them to understand how to control their information by using privacy protection in their browsers, or by reading privacy policies.


Matt Beckstrom is the Systems Librarian at the Lewis & Clark Library in Helena, Montana.   He is the author of Protecting Patron Privacy: Safe Practices for Public Computers and other books on privacy, and is a frequent presenter on technology and library topics.