Four practical examples of how privacy impacts libraries

Receipts from self-service machines

Years ago retailers realized that they were putting too much information onto till receipts, notably the full credit or debit card number. Given the threat of identify fraud, they stopped displaying complete card numbers, and instead only showed some of the numbers while using asterisks to mask some of the digits.

With the prevalence of self-issue machines, libraries need to think carefully about the information that is printed out on transaction receipts. In the case of receipts for items borrowed, consider the following two examples:



At the top of the receipt it says:

Item(s) checked out to SURNAME, FIRSTNAME.

Then it shows:






At the top of the receipt it says:

Borrower number

Borrowed items DATE TIME

Item title

(Barcode of the book is shown)

(Followed by the title of the book)


Why is it necessary for LIBRARY A to show the user’s first name and surname on the printed slip? Wouldn’t it be better to show the last few digits of their library membership card?

Isn’t it likely that users will utilize the printed slip as a bookmark, to show how far they are up to with the book. And, further, isn’t there a fair chance that some users will forget to remove the printed slip before returning the book to the library. Depending on how many books they borrowed in a single transaction, and depending on the nature of the material being borrowed, the information on the slip could be quite revealing about someone’s reading habits.


Online databases and personalization

Many online databases try to help users by providing a number of personalization features. However, this involves a trade-off with user privacy. In order to personalize the service, to tailor it to their needs, it inevitably needs to know the user’s identity. Otherwise, they would get the generic, standard service. A lot of people are happy to give up some of their privacy in exchange for a more tailored service. And that is absolutely fine, provided that the user is making an informed choice.

Think of the online databases that your institution subscribes to. Do you or your users:

  • Create saved searches that you can run as required
  • Create alerts so that users are automatically informed of new material matching their interests
  • Make use of personalization features such as a list of companies whose share price you monitor, or the industry sectors and sub sectors that you monitor regularly
  • Bookmark articles of interest
  • Annotate items

Are library staff confident that the database vendor will keep this information secure? If so, what makes you so sure. Did you cover that in the contract negotiations. And do you monitor that vendor on an ongoing basis, to see that they are living up to what they promised in the contract.

Imagine you are a corporate librarian. What if that sort of information gets into the wrong hands. It could tell a lot about you and your organisation – the companies you are looking as part of considering potential acquisitions; the product development work you are currently undertaking for a highly secret project on a new product idea and so on and so forth.

(Lynch 2017) looks at the ecosystem that has evolved for scholarly journals involving a whole range of players including platform providers, various publishers’ websites, authors, readers, traditional publishers, libraries, third parties, and analytics providers.

“Whenever a third party has access to personally identifiable information, the agreements need to address appropriate restrictions on the use, aggregation, dissemination and sale of that information, particularly information about minors” Jones 2014

Agreements between libraries and vendors should specify that libraries retain ownership of all data; that the vendor agrees to observe the library’s privacy, data retention, and security policies; and that the vendor agrees to bind any third parties it uses in delivering services to these policies as well.


Telephone notification

A library service notifies users that the book(s) that they have requested on hold has now arrived and is ready for them to collect

This is done by email, but sometimes by phone. In one instance, a member of library staff called the user to inform them. The library user wasn’t home at the time, and so a voicemail was left. The message included details of the book title that was now ready for collection.

What if that book had been about domestic violence? What if the message was picked up by the partner of the library user?


Self-service holds

Libraries offer “click and collect” services whereby users can browse through the library catalogue from the comfort of their own homes, select the item(s) that they would like to read watch or listen to, specify which library they would like to specify as the pickup location, and then visit that library at convenient time to collect the item(s) once they have been notified that it is ready for collection.

As part of this “click and collect” facility, many public and academic libraries place the items awaiting collection in a public area of the library so that the library user can pick up the item without needing any library staff intervention. But the procedures vary from one library to another. Just as library practices vary, so too does the extent to which their actions encroach upon the privacy of library users:

LIBRARY 1:  Items that have been placed on hold are available on a set of open shelves housed on a standalone shelving display unit. All of the books that have been requested are individually wrapped in a sheet of A4 paper upon which are written the first three letters of the user’s surname, plus the last four digits of their library membership card.

LIBRARY 2: Items that have been placed on hold are available in a room on open shelves awaiting collection. In order to enter the room, users have to swipe their library card in order to gain access to the area designated for items placed on hold. Once inside, they browse the shelves looking for the first four letters of their surname. All items are individually wrapped in a sheet of A4 paper which is fixed in place with an elastic band.

LIBRARY 3: Items on hold are placed on the end of a set of library shelves in alphabetical order of requestor’s surname. All of the titles are easily browseable, because there is no paper wrapped around the items. Users full surnames are hand-written onto a slip of paper.

Of the three library procedures outlined above, the one adopted by library 3 is the least respectful of user privacy. First of all, because there is no paper wrapped around the items that have been requested, it is possible for anyone to quickly look through the titles. Then, secondly, if they spot titles that seem quite racy, provocative, controversial or embarrassing, they can look for the requestor’s surname to see if they recognize who has asked for that particular item. Some people have unusual or distinctive surnames thereby making it likely that in some cases the surname will be sufficient to identify a specific individual