We sometimes encounter a heartwarming story that restores a little of our faith in humanity during our regularly scheduled doomscrolling. In the library world, we commonly come across stories of people remembering the excitement they felt with getting their first library card or a book they checked out at the library that changed their lives for the better. Libraries also tell many heartwarming stories of how library services impacted patrons’ lives, be it homework assistance, language classes, or technology workshops. Sharing personal stories of how the library impacted the lives of patrons can not only provide a much-needed respite from doomscrolling and persuade the public by demonstrating the value libraries bring to their organization or community.
When Sharing is Not Caring, Depending on Who’s Doing The Sharing
Nevertheless, sharing individual patron stories about their library use is not without its risks. Take, for example, the now-deleted post from a university library telling a story about a student checking out books from the library for their mom during Covid lockdown. It’s a nice story, but one commenter asked if the library asked the student for their consent to publish their individual story. We soon learn afterward that the library fabricated the story. The library later explained that the fabricated story was an aggregation of personal stories from patrons.
Barring the issues around publishing a hypothetical story without clear disclosure that the story was not real, the problem of publishing individual patron stories is sometimes overlooked. Libraries must understand that a library sharing a personal patron story is different than a patron sharing the same story by their own volition in terms of privacy. These differences center around patron privacy expectations and consent.
Consent, or Why You Need to Ask Before Sharing
We know some patrons are eager to share their library stories with the world, and many of them do on their personal social media posts, talking with others, or even writing a friendly letter to the editor. What is the difference between a patron posting their story versus a library posting the same story? While the patron posting their own story is willingly sharing their story to the public, the library sharing the same story might violate the patron’s privacy rights. Library workers are obligated by professional standards, library policies, and legal regulations to not disclose patron use of library resources and services.
For example, if a patron finds that the latest post about a new service or resource in the library news blog features mentions them by name and the patron didn’t give the library permission to publish their name attached to the resource or service, the library committed two types of breaches: a data breach (through the unauthorized disclosure of data about a patron’s use of the library) and an ethics breach (through a patron’s expectations that the library would not share their activities at the library). Other examples of possible data and ethics breaches through library news posts and updates include:
- Publishing historical checkout cards with patron names on the card
- Posting historical reference questions that contain personal data about patrons
- Announcing unscheduled library visits of notable people on social media or otherwise publicly broadcasting an individual’s presence at the library
- Publishing identifiable patron stories and quotes (collected from surveys, feedback forms, focus groups, or individual interviews) in reports and research articles
There is one instance where a library sharing a patron’s story might not result in either breach, and that is when the library obtains the explicit consent of the patron to share their story. We’ll use GDPR’s definition of consent for this post – consent must be “freely given, specific, informed and unambiguous.” Asking consent gives the patron control over disclosing their use of library services and resources. It also allows the patron to choose what type of information is disclosed and where it is disclosed. One patron might be okay with the library posting their name and a quote about their experience at a library program. In contrast, another patron might be fine with the library posting a quote but not having their name attached to the quote. Each patron has their level of privacy preferences, and asking for consent informs the library what each patron is comfortable with in publishing their story. It is the responsibility of the library to respect the privacy preferences of each patron through the act of asking for consent.
The process of gaining consent to share patron stories might be as simple as sending a short message to the patron, but consent is much more than a “yes or no” question. Next week’s post will cover what explicit consent could look like depending on the ask. We’ll also discuss the considerations around the consent process around sharing patron stories, including one major consideration that tends to be missed in conversations about consent… you’ll have to check back next week to find out what that is, so stay tuned!