Implications of Online Data Collection for Librarians

An Educational Service of the American Library Association Office for

Information Technology Policy

Prepared by Leslie Harris & Associates - www.lharris.com in conjunction with OITP staff - www.ala.org/oitp

------------------------------------------------------

Librarians should be aware of online data collection practices - in their own library as well as others - for several reasons. First and foremost, librarians have the professional responsibility of protecting user privacy. This should begin with a careful vetting of the library's own collection and retention of data collected online. Libraries need to be clear and upfront about their own online data collection practices, and disclose those practices to library patrons.

There is nothing wrong with analyzing the popularity of different library web pages, different sites visited from the library, or using patron-provided data to improve library services. However, any online data collection practices must be clearly disclosed to users, and no unnecessary data should be collected or retained.

Not only do librarians have a professional responsibility to their patrons to limit data collection and retention, recent changes to federal law in the USA Patriot Act have made it easier for law enforcement agencies to subpoena "business records" from a wide range of entities, including libraries. A business record under the law is any type of record that is created and retained in the ordinary course of business. If your library collects any kind of data online, those records are business records. It does not matter whether the library uses the records; if the library login to computers requires personally identifiable information, if web history, cookies, cached files, or other computer and Internet use records are not overwritten or purged from the library computer system, those records constitute business records, and may be subject to disclosure.

In addition to making sure that the internal library data collection practices protect user privacy, librarians should manage their computer networks to protect user privacy. This includes very active management of software downloads, cookies, and other possible means of third party online data collection through a library network. For example, librarians should regularly remove cookies and other software code that is placed on their networks in order to make sure that library networks are secure and are not being used illegally or in violation of library policies.

-----------------------------------------------------

Further information:

Library Code of Ethics: http://www.ala.org/alaorg/oif/ethics.html

Privacy: An Interpretation of the Library Bill of Rights:

http://www.ala.org/alaorg/oif/privacyinterpretation.html

Privacy in the "Library Without Walls": Library Practice in an Age of Digital Content:

http://libres.curtin.edu.au/libres12n1/

Guenther, Kim. "Pass the Cookies and Uphold the Privacy." Computers in Libraries 21 no. 6, June 2001:

http://www.infotoday.com/cilmag/jun01/guenther.htm

Additional articles from the June 2001 issue of Computers in Libraries not available via their web site:

Balas, Janet L. "How Should Privacy Be Protected in the Electronic Library?

Pace, Andrew. "It's a Matter of Privacy"

-----------------------------------------------------

Information Technology Policy

Disclaimer

This Online Privacy Tutorial is a service of the American Library Association. The content of this tutorial is primarily the work of Leslie Harris & Associates in Washington, DC. The views expressed in these messages are not necessarily the views of ALA or Leslie Harris &Associates. This tutorial is for information only and will not necessarily provide answers to concerns that arise in any particular situation. This service is not legal advice and does not include many of the technical details arising under certain laws. If you are seeking legal advice to address specific privacy issues, you should consult an attorney licensed to practice in your state.