In the period prior to the invention of the world wide web, protecting the privacy of library users was relatively straightforward. It was largely a question of managing paper-based records consisting of a reader’s borrowing record, their enquiries and so on. There was only a single copy of this information which was physically housed on the library premises, and it could only be accessed from that location directly.
Technology, and most notably the internet, has changed this situation out of all recognition. Libraries deliver their services using software from external vendors. This includes: library management systems, e-book platforms, content management systems, discovery services. These vendors will often, in turn, work with third party suppliers. And in recent years the adoption of cloud computing has meant that often data is held remotely.
The opportunities for privacy leakage to occur have grown exponentially as the picture has become considerably more complex. Here are just a few examples:
- Does the library catalogue use HTTPS to encrypt the data (because if not, a packet analyser or ‘sniffer’ could intercept and log traffic passing over the network).
- Does the library use a service such as Google Analytics (As Eric Hellman says “Google can associate Analytics-tracked library searches with personally identifiable information for any user that has a Google account” (Source: https://go-to-hellman.blogspot.co.uk/2016/05/97-of-research-library-searches-leak.html)).
- Does the library use book covers to “enrich” the library catalogue using an external source such as Amazon or Google Books
If you need convincing about how easily information is shared on the internet, it is worth downloading the Lightbeam plugin for the Firefox browser which shows you the first and third party sites you interact with on the web.
This blog aims to cover items relevant to privacy and how it impacts upon libraries, and to do so from a UK perspective. Its scope is not limited to one particular library sector, and intends to look out for privacy related issues arising in all library sectors. In the corporate sector, for example, there can be privacy concerns over online searches undertaken because a company would want to keep confidential any research done relating to a potential acquisition target; or where the searches relate to the development of a new product.