Protecting Privacy In A Pandemic: A Resource Guide

This resource guide supplements “Protecting Privacy During a Pandemic,” a town hall hosted by the ALA’s IFC Privacy Subcommittee on May 8, 2020. The recorded session can be viewed online on OIF’s YouTube channel.

Privacy Fundamentals

Even during a public health emergency, libraries should continue to adhere to their mission and stand by the law and ethical standards that govern the provision of library services.

  • A publicly supported library provides free, equitable, and confidential access to information for all people of its community.
  • The law in most states requires libraries to protect the privacy and confidentiality of library users in order to preserve and protect their civil liberties and their right to receive information.
  • Privacy and anonymity are important factors in providing fair and equitable access to the information resources and services provided by the library, particularly for those who are members of marginalized and vulnerable groups.
  • In all cases, access to, and delivery of, library resources and services should not be conditioned on the user’s consent to the collection and use of their information for contact tracing or other purposes unrelated to library service.

Resources:

Library Bill of Rights
ALA Code of Ethics
Privacy: An Interpretation of the Library Bill of Rights
Privacy Checklist – Overview
~~American Library Association

Ethics in Research Use of Library Patron Data
Advocacy Action Plan: Communicating About the Sensitivities of Library User Data
Digital Privacy Instruction Curriculum
~~Digital Library Federation’s Privacy and Ethics in Technology Working Group

When libraries become medical screeners: User health data and library privacy
Calling Users in a Pandemic: Best Practices to Protect Privacy
~~ALA Choose Privacy Every Day

The American Medical Association’s Privacy Principles (for use by non-HIPAA entities; applicable to health information shared outside of the health care system)
Statement from the American Medical Association

Adopting New Technologies – Video Programming and Beyond

When libraries implement a new service or technology, it is imperative that the library take the time to assure that the use of the new technology does not compromise user privacy. Libraries should investigate and understand the technology’s collection, use, and retention of user data:

  • Are communications encrypted to help limit surveillance?
  • Does this platform share or sell user data?
  • Is the privacy policy clear on what personally identifiable information (PII) the vendor collects and how the data is used?
  • Is there a privacy or security officer who can provide additional information about the platform’s data privacy and security policies and practices?
  • Does the platform require disclosure of PII to use, and if so, can libraries obtain a license to limit the PII collected?
  • Does the platform have a clear data retention and use policy?
  • Do users have to create an account to access the program?
  • Are there alternative services that avoid the collection and use of user data?

The library should also assure that users are informed about all data collection and use, and its usage should be strictly limited to those activities necessary for providing the service.

Resources:

Library Privacy Guidelines for Vendors
Library Privacy Checklist for E-book Lending and Digital Content Vendors
~~American Library Association
Virtual Programming and Patron Privacy
~~Choose Privacy Every Day / Association for Library Services to Children
It’s Not Just Zoom. Google Meet, Microsoft Teams, and Webex Have Privacy Issues, Too.
~~Consumer Reports
NISO Consensus Principles on Users’ Digital Privacy in Library, Publisher, and Software-Provider Systems
~~National Information Standards Organization

Further Reading:
Protecting Patron Privacy: A LITA Guide, ed. B. Newman and B. Tijerina (2017)
Chapter 5: Third Party Services in Libraries, by William Marden
Chapter 6: Library Tools: Social Network Sites, Surveillance, and RFID by Julie L. Oborny

Minors’ and Students’ Privacy

Library Privacy Guidelines for Students in K-12 Schools
Library Privacy Checklist for Students in K-12 Schools
~~American Library Association
COPPA Guidance for Ed Tech Companies and Schools during the Coronavirus
Remote learning and children’s privacy
~~Federal Trade Commission
FERPA and the Coronavirus Disease
FERPA and Virtual Learning
~~U.S. Department of Education
Video Conferencing Tools in the Age of Remote Learning: Privacy Considerations for New Technologies
~~Consortium for School Networking
Protecting Student Privacy While Using Online Education Services and Other COVID-19 Privacy Guidance
~~ Colorado Department of Education
Parent-Teacher Conference: Staying Safe Online in COVID-19
~~Tricia A. Howard

Privacy and Civil Liberties

Public health officials at all levels of government are proposing widespread public health surveillance as a necessary means to address the pandemic and to limit the spread of the COVID-19 virus.  These proposals include the use of location or proximity information generated by smartphones and other mobile computing devices. Civil liberties organizations are expressing concern about the potential threat to individual rights posed by the collection of sensitive data that discloses information about individuals’ movements and their social, sexual, religious, and political associations. There is also concern about the potential misuse of any collected data for commercial gain, discrimination, and stigmatization of marginalized groups. Some fear that a scheme for public health surveillance could become permanent, resulting in an irrevocable loss of privacy and civil liberties.

Libraries should remain focused on their mission to provide equitable and confidential access to information resources and services. Collection and sharing of information about library users for purposes other than the delivery of library resources, services, and programming — such as information collected for contact tracing — is inconsistent with that mission and may violate laws protecting user privacy if done without the full and informed consent of the library user. In all cases, access to, and delivery of, library resources and services should not be conditioned on the user’s consent to the collection and use of their information for contact tracing or other purposes unrelated to library service.

The Limits of Location Tracking in an Epidemic
~~American Civil Liberties Union
Statement Regarding Use of Data to Fight COVID-19
~~Center for Democracy and Technology
COVID-19 and Digital Rights
COVID-19 and Technology: Commonly Used Terms
~~Electronic Frontier Foundation
Protecting privacy on COVID-19 surveillance apps
~~ International Association of Privacy Professionals