Training course

Protecting the privacy of library users – Training course outline

Privacy is a core value of librarianship. Library users place their trust in librarians to safeguard their privacy. It is both an ethical and a legal issue.

Protecting the privacy of users isn’t as simple as we would all like it to be. Libraries rely increasingly on technology (such as discovery services, ebook platforms, RFID, or integrated library systems in order) to be able to deliver the services that they provide.

Long gone are the days when protecting the privacy of library users was merely a question of the careful guardianship of paper-based records housed within a physical library building and keeping confidential the information that these records contained. Library users can and do leave traces of their usage behind in the form of web logs, server logs, and browser histories on public computers. Computer records are characterised by decentralisation – of where the data is held, and where the data can be accessed from. Combine that with human error, cybercrimes (such as hacking or malware), glitches caused by software upgrades and the commercial value placed on personally identifiable information, and it is easy to see just how important it is to take seriously the risk of a data breach occuring.

Course programme

  1. Setting the scene
    1. Why is it important
  2. How is privacy regulated
    1. Legislation
    2. Contracts
    3. Standards / guidelines
    4. Ethical / professional values
  3. Data access requests
    1. Considers the various UK legislative regimes which the police can use to gain access to library user data
    2. Thinks through what you would do if you were faced with a request to hand over personally identifiable information relating to one of your users
  4. Data breaches
    1. Examples of data breaches both by libraries and by vendors
    2. Exploration of what caused those data breaches
    3. The steps that can be taken to minimise the risk of a data breach occuring
    4. Your plan of action for when a data breach has occured
  5. What can librarians do now?
    1. Review policies and procedures
  6. Developing / reviewing privacy policy statements
    1. What it should contain
  7. Privacy audits
    1. What a privacy audit might consist of
    2. Sample checklists
  8. Case studies
    1. A practical session discussing a series of scenarios involving the processing of library user data. Considers what would represent good practice, and what would not be thought of as being good practice.
  9. Tools & best practices
    1. Encryption
    2. Private browsing
    3. VPNs
    4. Browser add-ons
    5. Search engines
  10. Education & training
    1. Training of library staff
    2. Training of library users
  11. Where are the threats coming from
  12. Changing the culture
  13. Legal cases
  14. Personalisation