Twitter: @priv_lib

This website explores privacy & confidentiality issues relevant to UK library and information services. While the site aims to look at the issues from a UK perspective it will also endeavour to gather relevant examples from other countries.

  • Examples of data breaches
  • Selected timeline
  • Relevant legislation
  • Standards and guidelines

Privacy is both an ethical and a legal issue. CILIP’s ethical principles and code of professional practice reflect the need to show respect for confidentiality and privacy in dealing with information users.

What can librarians do to protect the privacy of their users? Here are just a few suggestions:

  • Default search engine (on public access terminals set the default search engine to one which respects privacy such as Startpage or Duckduckgo)
  • Default browser (use a browser such as Firefox)
  • HTTPS (see https://letsencrypt.org/ for example)
  • Vendor management: when negotiating licence agreements, make sure that there are robust provisions covering privacy & confidentiality
  • Ad blocking software
  • Organise a cryptoparty
  • Create an area on the library website dedicated to privacy issues
  • Include privacy within any digital literacy training offered to your users
  • Use software to automatically return library pc’s to their native state when a user has finished with the machine
  • Carry out a cyber security risk management audit
  • Do regular independent penetration tests (ethical hackers) for both internal and external systems
  • Where data is housed in a data centre controlled by an external vendor, librarians should ensure they know where it is located, and what certifications the facility has (to ensure it meets industry best practice)

    A more comprehensive list can be found at https://wordpress.com/post/libraryprivacyblog.wordpress.com/282

Do library websites protect the privacy of their users:

  • In the UK see the list produced by librarieshacked which shows whether the websites use HTTPS
  • and for the USA there’s a Google Sheet produced by Eric Hellman which looks at the privacy practices of 123 ARL libraries

There’s an article I wrote for CILIP Update on Privacy and the library user which is accessible to everyone on the CILIP blog (November 2016) at http://www.cilip.org.uk/blog/privacy-library-user