Vendor Ethics and You, Or Giving a Damn About Who’s Sharing Your Patron Data

A red sticker on a metal utility pole reads "do you want a future of decency, equality, and real social justice"
Photo by Jon Tyson on Unsplash

The news cycle did not stop during our Cherry Blossom Break last week, alas. Last week LexisNexis signed a contract with U.S. Immigration and Customs Enforcement (ICE) to provide massive amounts of personal information, including financial data, consumer data (such as purchases), and criminal data. The data provided by LexisNexis captures a very intimate view of a person’s personal and public life. As Sam Biddle states in the investigative article about the contract, “While you can at least attempt to use countermeasures against surveillance technologies… it’s exceedingly difficult to participate in modern society without generating computerized records of the sort that LexisNexis obtains and packages for resale.” If you haven’t already done so, read the article to get a sense of the contract details.

It is not the first time LexisNexis has been under scrutiny for its personal data dealings. We wrote about LexisNexis back in 2019 about their relationship with ICE, including LexisNexis’s interest in building an “extreme vetting” immigration system. This interest did not go unnoticed or unchallenged, particularly from library workers who led the calls to boycott the company. The latest contract news has renewed calls for libraries and scholarly communities – such as this statement from SPARC – to question their relationships with businesses such as LexisNexis that increasingly play significant roles in surveillance systems through their roles as data brokers.

“But Becky,” you might say, “we don’t do business with LexisNexis or Thomson Reuters. As long as we don’t do business with them, we don’t have anything to worry about.” While your vendors may have escaped the public scrutiny that LexisNexis has received throughout the years, your vendors are most likely, at the very least, collecting and sharing patron data as part of their business model (e.g. surveillance capitalism). Read the vendor contract:

  • What patron data does the vendor collect from patrons? From the library?
  • Under what circumstances does the vendor disclose patron data to fourth parties?
  • Does the vendor reserve the right to resell patron data collected from patrons and the library, even in aggregated or “anonymized” form?
  • Does the vendor reserve the right to keep patron data, even in aggregated or “anonymized” form, after the end of the business relationship? For what purposes do they keep the data?

After reading the vendor contract (as well as the vendor privacy policy), you might have a sense as to how a vendor works with patron data; however, the contract and policy are not telling the entire story. While a contract might state a vendor’s right to disclose or resell data, the details about where that data’s going and how it’s going to be used are sparse. Vendors like LexisNexis have multiple revenue streams. Your vendor might have another product not targeted toward the library market but still uses patron data in ways in which can harm patrons. How can a library figure out if a vendor’s business model doesn’t violate patron privacy?

This is where ethics comes into play. The library profession has several codes of ethics, such as the codes from ALA and IFLA. Library vendors by default are not beholden to these codes; however, this does not mean that libraries cannot hold vendors to a level of ethical practices or standards before they will do business with them. For example, Auraria Library conducts a comprehensive ethics review of library vendors, ranging from privacy and accessibility to sustainability and diversity, using both consultants and an internal ethics questionnaire. At the end of their article detailing the review process, Auraria Library’s Katy DiVittorio and Lorelle Gianelli make a call to other libraries to proactively review their relationships with vendors and taking measures in encouraging vendors to adopt a business model that aligns with Corporate Social Responsibility. As we have encountered in the past, a critical mass of libraries demanding changes to a vendor’s practices can make that change happen. Having more libraries conduct ethics reviews of vendors can prompt vendors to change their business models if their current models cause libraries to do business elsewhere.

Where should libraries start with reviewing vendors’ business ethics? The Auraria Library review process is one place to start. Even creating a statement such as Auraria’s can start the conversation about vendor ethics at your library, particularly with library patrons who might be at higher risk for harm due to the vendor’s business practices. The selection process of the vendor relationship lifecycle can be modified to include a review of the vendor’s business model, including checking the vendor against the Library Freedom Institute’s Vendor Privacy Scorecard or scorecards from independent third parties such as EcoVadis (if one is on file, that is).  Vendor assessments and audits are other places where scorecards and metrics can be used. Being detailed about the appropriate uses of patron data in the vendor contract – including details around patron data collection, processing, retention, and disclosure – can give libraries some legal leverage in protecting patron data from questionable vendor business practices. The more libraries demand ethical business practices from their vendors, the more likely vendors will notice.

With these suggestions, however, comes a warning for libraries. Vendors might start marketing themselves as socially responsible or abiding by library ethics codes as more libraries ask for details about the ethics of a vendor’s business model. If a vendor’s marketing around social responsibility and ethics centers around legal compliance or if the marketing lacks specific details about their practices, then you might have a case of “ethics washing.”  Commonly encountered in tech companies, “ethics washing” can obscure or obfuscate problematic business practices through the use of savvy marketing tactics or pointing customers to one non-problematic area of the business while not drawing attention to a more problematic area (e.g. Google’s ethical AI work and, well, Google being Google). While it is tempting for libraries to accept vendors at their word through their marketing materials and sales pitches, it is not enough. Libraries must actively review vendor practices throughout the entire business relationship to ensure that the vendor’s ethics are in line with the ethics of the library profession.

In the end, libraries compromise their ability to live up to our professional ethics when working with vendors that violate those ethics. If libraries cannot or will not work with vendors that respect and uphold patron privacy, we as a profession then must have the difficult conversation about the inclusion of a patron’s right to privacy in our professional ethics codes. At the very least, we owe patrons the truth about the library’s data practices, including our relationships with vendors who use patron data in ways that can come back to harm them and not engage in ethics washing of our own.

Cookie Break

LDH is proud to announce that it will now serve cookies to our blog readers! Enjoy your digital cookie without guilt! Just be sure that you don’t leave any crumbs trailing behind you as you munch away while browsing the Web…

… yeah, we thought that was a cheesy* early April Fool’s joke, too.

With April Fool’s Day in a few days, let’s take a moment to appreciate the lighter side of data privacy. Cookies are a perennial privacy humor topic by the very nature of its name, and the infamous cookie banner has become the focus of many privacy humor skits. This skit answers the question of what happens when you hit a cookie wall when you want a cookie recipe:

Do you remember all those “We’ve Updated Our Privacy Policy” emails in May 2018 as GDPR came into enforcement? There’s a meme for that:

There are times where humor can educate users about data privacy, but only when it is done well and within an appropriate context. An example of this comes from The Onion. Another example is the segment from an Adam Ruins Everything episode explaining the cost of using “free” internet services:

[Yes, we are fully aware of the irony of linking to a YouTube video of this segment.]

We can’t forget that humor has a time and place for it to be effective, though. More often than not, humor backfires like Mark Zuckerberg’s joke about Facebook privacy at their developer conference in 2019. Going back to the beginning of this post, cookies are the subject of many privacy jokes because of the nature of the web tracker’s name. It’s an easy joke that doesn’t take much effort to think about, but the lack of thinking through a joke can leave users more frustrated with the person telling it than not. The context of when you use humor matters – cookie popups are already confusing and frustrating to end-users, and a joke in the popup is more likely to backfire than lighten the end user’s mood. And because the web tracker’s name is already confusing to end-users, joking that your staff like chocolate chip cookies in the popup banner doesn’t tell users anything about what the actual web tracker cookie does.

In short, humor has its place in communicating important privacy topics when done thoughtfully and within an appropriate context. Your privacy notice and cookie banners are not places for humor, but instead places where you need to be clear about your privacy practices and what the user can do to protect their privacy. This doesn’t mean that all data privacy jokes are off-limits. You can still serve cookies (accommodating for dietary considerations!) in the library staff area to start a discussion or awareness program about web tracking – but be mindful of your audience and the context of data privacy humor when attempting to add some levity to end-user communications.

* Cheesy cookies are a thing and are as delicious as their sweet counterparts.

#DataSpringCleaning 2021 – Email and Patron Data

A white and brown short-haired dog places their right front paw on top of a open laptop keyboard. The laptop screen shows a blurred Gmail inbox window.
Image source: https://www.flickr.com/photos/karenbaijens/16241866468/ (CC BY 2.0)

Welcome to the first week of Spring in the Northern Hemisphere! This month marks one year of working from home for some library workers and the hybrid remote/onsite work limbo for others. In both cases, this anniversary also marks a year’s worth of patron data collected and stored all over the place due to the abrupt switch to remote work and virtual services. It’s safe to say that many disaster or business continuity plans didn’t plan for a pandemic, and the resulting scramble to virtual or reduced physical services/work created new or exacerbated existing data privacy gaps. Last year’s #DataSpringCleaning focused on setting up the home office to address a common privacy problem – the over-retention of patron data. Check out the post and the companion workshop materials about protecting patron privacy while working from home if you haven’t already done so.

This year’s #DataSpringCleaning project is ambitious as it is daunting. This year is the Sisyphean project of data cleanup projects – no matter how many times we try and fail, we keep coming back to this one project in hopes of finally completing it. Let us go back once more into the breach, friends. It’s time to scrub our work email.

Email as Major Privacy Risk to Patron Privacy

While many library workers are aware that their emails can contain patron data, they might not be aware of how much patron data is stored in their accounts. Personally identifiable information, or PII, includes data about a patron as well as data of a patron’s activity. The former can be easy to identify and easy to email without much thought about the privacy risk of doing so:

  • Name
  • Physical and email addresses
  • Birthdate or age
  • Patron record number
  • Username and password

A patron’s activities, on the other hand, can be harder to identify once you factor in the types of emails a library worker can receive or send in any given day:

  • Help desk ticket threads
  • Reference form or chat tickets or transcripts
  • Direct email from patrons
  • System or application reports or alerts
  • Vendor service desk tickets or reports

This list is just a small selection of the types of emails that can contain data around a patron’s activities such as:

  • Reference questions
  • Search and circulation histories
  • IP addresses
  • Electronic resource authentication and access history
  • Library computer and wifi logs and activity

And that’s just the start of how much patron data is in staff emails!

The ease of storing and sharing data through email makes it difficult to control data sharing and retention once the data hits the email system. The risk to patron privacy compounds once the email containing patron data leaves the library’s email system and into a third-party email account, be it a vendor or even a personal email account. Another risk for many libraries is that staff emails are subject to public disclosure requests. Several state and local regulations protect patron record data from disclosure, but in some cases, this protection might not extend to patron data in staff email. If your library’s emails can be publicly requested, don’t assume that you’ll get a chance to redact patron data before the emails are released to the public.

Starting the Long Journey of Protecting Patron Privacy in Staff Email

Scrubbing patron data from library email is a Sisyphean task. You can tell patrons not to email PII only to have patrons send over their logins for the financial website they can’t log into on a public computer. You can tell staff not to store patron data in work email, only to have staff use email as their primary knowledgebase for reference chat questions and answers. However, you have more control over how staff uses library email than you do patrons – this is where we start our scrubbing journey.

We’ll break this journey into two parts: the short and long term. The following are some actions workers and organizations can take in mitigating patron privacy risk in library emails:

Short term (individual) actions

  • First, get familiar with your email system’s filter and search capabilities! These will make the deletion process less painful.
  • Find and delete system-generated emails that contain patron data. These can be found through searching by a shared email address or subject line.
  • Search for emails with attachments and delete attachments if they contain patron data
  • Before deleting the email, migrate patron data that absolutely must be retained for a demonstrated operational need from email to a secured storage area designated by work (if one is available)
  • Create email rules to automatically delete incoming system-generated emails containing patron data
  • Learn how to use the ticketing system or other help desk or information desk systems as the primary mode of communication with other library staff about tickets and other

Long term (organizational) actions

  • Create policies and procedures around restricting the use of staff email to transmit or store certain types of patron data based on data classification level and/or privacy risk
  • Create secured data/file transfer options for sharing patron data, particularly between staff and authorized third parties
  • Set up applications and systems to not include patron data in system-generated reports and emails
  • Set up retention policies in email systems to automatically delete email  based on organizational retention schedules or retention schedules set by legal regulation
  • Create procedures or processes to use the ticketing system or other help desk or information desk systems as the primary mode of communication between staff as well as between staff and patrons
  • Create secured storage outside of staff email for patron data that absolutely must be retained for a demonstrated operational need, and create retention schedules for the data retained in storage

The short-term actions can take a while with manual reviewing of attachments and individual emails. But, with the magic of search and filter options, you can quickly eliminate a good portion of privacy risks by deleting the archive of system-generated emails. The long-term actions require a team effort in the organization, from administration drafting policies to IT creating automatic retention policies and secured storage and transmission options.

None of us want to spend more time dealing with email than we have to, and trying to keep up with the current email inbox count is near impossible as it is. Nonetheless, we need to keep in mind that work email can put patron privacy at risk, and we must address that risk as part of our library duties. It’s a #DataSpringCleaning project that never ends, but as long as we have email, there will always be the need to clean our inboxes to protect patron privacy.

Librarians as Information Fiduciaries? Part Two

People sitting at tables and working at the Rose Main Reading Room of the NYPL. A blur/color filter has been applied to the photo.
Image source: https://www.flickr.com/photos/smoovey/3788235219/ (CC BY ND 2.0)

Welcome back to our series on information fiduciaries and libraries! We introduced the concept of information fiduciaries in Part One. In this series entry, we will focus on libraries as possible information fiduciaries.

A Question of Interest

Jack M. Belkin, who popularized the information fiduciary concept in 2014, expanded the traditionary fiduciary concept to a trusted party managing personal data on behalf of another. In the context of the library, what would be considered the best interest of the person? In the 10th edition of the Intellectual Freedom Manual, we have one possible interpretation of “best interest” in the way of privacy and confidentiality:

“In brief, libraries and library workers must act as information fiduciaries, assuring that in every circumstance the library user’s information is protected from misuse and unauthorized disclosure, and ensuring that the library itself does not misuse or exploit the library user’s information.”

On the surface, this appears straightforward enough. However, how a library defines “misuse or exploit” leads to a question about how libraries interpret “best interest” in the fiduciary relationship. Some organizations might interpret “best interest” in ways that others would consider exploitative. Such is the case with academic institutions and learning analytics as described in “A matter of trust: Higher education institutions as information fiduciaries in an age of educational data mining and learning analytics.” Jones, Rubel, and LeClere describe how current learning analytics initiatives violate not only student privacy but also student trust in the institution. At the same time, the institution is acting in the perceived best interest of both students and the institution.

Like academic institutions, libraries are under immense pressure to engage in data practices at the expense of patron privacy. A key component of fiduciary relationships is acting in the best interest of the represented person. While it might be in the best interest for libraries to extensively collect patron data for operations, marketing, and analysis, this level of collection and data processing would violate the best interest of their patrons’ privacy. Libraries committing to an information fiduciary relationship with their patrons must scrutinize their data privacy practices and recalibrate these practices to center on patron privacy interests.

A Question of Ownership

It becomes clear while evaluating practices and interests that the relationship between libraries, patrons, and third parties complicates matters not only in competing best interests but also in matters of data ownership. Personal data is collected in several ways. Sometimes the data collection is direct – an example is when a patron gives the library personal data to obtain a library card. Other times libraries collect personal data generated from a patron’s library resources and services use, even though the patron might not be aware of this data generation and collection. Patrons also directly give personal data to vendors when signing up for accounts and generate data when they use vendor services and resources, possibly unaware of such generation and collection happening on the vendor’s end. On top of all of this, libraries directly give vendors patron personal data. So, who owns what data?

Another component of a fiduciary relationship is the concept of management of valuable assets, particularly in sensitive matters. As demonstrated in the previous paragraph, data ownership can easily be contested if there is no clear sense as to who owns what data. Libraries can (and should!) use vendor contracts to state that the library and its patrons own the data collected by the vendor, defining some clearer ownership roles. Once again, however, technology and data practices can throw this clarity back to uncertainty, particularly with data aggregation and analytics practices by vendors and fourth parties, sometimes in the interests of the customers (libraries and patrons) and sometimes in the interest of the vendor which conflict with patron/library interests. As Jones, Thomson, and Arnold argue in “Questions of Data Ownership on Campus,” adopting an information fiduciary role can help navigate the issue of determining who owns what through focusing on shared ownership and asset management in the best interest of the patron. Even when libraries and third parties claim ownership over patron data collected through patron use of resources and services, any collection or processing of this data must center around the patrons’ best interests with regards to patron privacy.

We would be amiss, though, if we didn’t address a potential issue of treating data as an asset, even in a fiduciary role. In Kerry and Morris Jr.’s “Why data ownership is the wrong approach to protecting privacy,” commodifying data provides little protection for user privacy. Treating data as property reinforces current practices of placing market interests over individual interests. Placing the onus of data privacy management on the individual when there’s evidence that notice and consent currently fail to protect data privacy. Instead of focusing primarily on data ownership and transactional relationships, Kerry and Morris Jr. argue for federal regulation that falls in line with information fiduciary’s emphasis on acting in the interest of the individual. Nonetheless, the concept of data as property or an asset for individuals to manage and organizations to commodify has socioeconomic implications, including perpetuating harms created by the privacy violations embedded in societal systems and institutions, including the library.

Personal Data as a Collection…

We’ve only started to explore the concept of libraries as information fiduciaries. The last two posts focused on personal data collected and generated through a patron’s library use. What happens, then, when personal data is *part* of a collection? This often happens in special collections, archives, and institutional repositories that collect research data, to name a few places. What type of information fiduciary relationship exists between the people in the collection and the library or archive that hosts that collection, if any? Stay tuned for the next installment of the series!

Libraries as Information Fiduciaries? Part One

A adult black woman leans against a glass wall of a server room holding an open laptop.
Image source: https://www.flickr.com/photos/wocintechchat/25926827581/ (CC BY 2.0)

The Resolution on the Misuse of Behavioral Data Surveillance in Libraries, recently passed at ALA Midwinter, calls for libraries and vendors to reject behavioral data surveillance of patrons. While we are familiar with the concept of data surveillance, the last item in the resolution contains something that some in the library world are not as familiar with – information fiduciaries. This concept also appears in the recently published 10th edition of the Intellectual Freedom Manual. There’s a likely chance that “libraries as information fiduciaries” will continue to gain ground in the professional discourse around library privacy, so let’s take some time to explore this concept.

Information Fiduciaries Basics

The fiduciary concept is centuries old. Typically, a fiduciary is a person(s) who is entrusted with a valuable asset from another person(s). You might have come across the fiduciary term when dealing with finances – for example, a financial advisor might be considered a fiduciary for a client. A fiduciary relationship is built on trust. The fiduciary is trusted to act in the interest of the party that trusts them enough to manage valuable assets or represent them in sensitive matters.

The concept of information fiduciaries, popularized by Jack M. Balkin in his 2014 blog post about the concept, took the fiduciary concept of managing assets and expanded the assets definition to include information about a person. This expansion would then charge the fiduciary to manage the person’s information with the person’s interests. In Balkin’s post, the expansion to information assets would call on fiduciaries to practice a higher level of information privacy, including not using or disclosing personal information against the user’s interests.

If this seems similar to the legal concept of “duty of care,” it should be! Duty of care is a legal concept that can be a part of fiduciary duties. The fiduciary is required to act in an informed and responsible way that will not harm others in the relationship. In the case of information fiduciaries, the fiduciary duty of care would be on the company that collects the user’s data; therefore, the company would need to put the user’s interests ahead of their interest.

Too Little, Too Late?

Nonetheless, the information fiduciary concept isn’t without its critics. David E. Pozen and Lina M. Khan argue that the concept cannot reconcile the business models of social media companies who rely on using personal data with the interests of the person to sustain the company’s business model. Pozen and Khan point out the tension between the already existing financial fiduciary relationship with shareholders (that rely on the business model) and the proposed information fiduciary relationship with users. Even Balkin admits that behavioral advertising, which exploits personal information for business gain, might continue after a company takes on an information fiduciary role. In a sense, applying an information fiduciary model to existing digital company business models is trying to close the barn door after the horses escaped – you’re asking a company who has built their revenue model on exploiting user information to give up their revenue stream. Having a company become an information fiduciary after the fact isn’t going to resolve them to move away from personal information abuse.

There are other critiques of the information fiduciary concept to consider. While the Electronic Freedom Frontier generally supports information fiduciary regulations, they recognize that the concept has several limitations including governance of third-party data relationships with other third-parties, limitations around restricting the collection of user data, and the uncertainty of how the recently created concept of information fiduciary would work in practice concerning legal enforcement of any fiduciary regulations. EFF argues that information fiduciary must not replace other data privacy regulations and practices. Information fiduciaries are not comprehensive in protecting user privacy and must be approached as such.

What About Libraries?

The information fiduciary is still relatively new, but there have already been calls from the library world to adopt the fiduciary role in patron data management. We will explore some of these calls, as well as how information fiduciary might look like at the library, in part two in the coming weeks!

Canaries and Reports – Transparency at The Library

A puffy canary sitting on a small tree branch.
Image Source: https://www.flickr.com/photos/starr-environmental/24899952889/ (CC BY 2.0)

Snow has come to Seattle and with it comes the covered evergreen trees, cars slipping and sliding on the many hills, and skiing down major roadways. The shift to remote work, schooling, and services has morphed traditional snow days into “work at home if the snow hasn’t knocked out power” days. We talked about protecting patron privacy while working from home or traveling in previous posts, but we haven’t covered much around possible changes to communicating to patrons about library privacy. Now that the dust (snow) has settled, there’s one aspect of shifting to virtual library operations that needs some attention – transparency around law enforcement requests for library data.

The Canary in The Library

This year marks the 20th anniversary of the passing of the USA PATRIOT Act. While this bill passed almost unanimously through Congress, public outcry over the bill’s erosion of privacy rights was strong throughout the bill’s lifespan and the bill’s successor, the USA Freedom Act. Libraries did not escape the PATRIOT Act’s reach, with Section 215 of the Act allowing for warrantless searches for “tangible things” which the section listed “books, records, papers, documents, and other items” as some of these tangible things. ALA and many US libraries voiced their concerns about the Act’s threat to patron privacy, and many libraries changed policies and procedures to reduce the amount of patron data retained that could be seized under the Act.

There was another part of the Act that changed how libraries communicated to patrons about their privacy. The PATRIOT Act allowed gag orders to be attached to National Security Letters, preventing library workers from disclosing that they received an NSL. An example of such a gag order was the lawsuit brought forward by the Connecticut Four, successfully challenging the validity of the gag order of receiving an NSL for records identifying patrons who used library computers.

The prospect of a gag order led libraries to explore ways to notify patrons about receiving an NSL without violating the gag order that came with it. One way to get around the gag order was a warrant canary. You might have seen some warrant canary signs designed by Jessamyn West posted in various libraries, including this one:

The FBI has not been here

(watch very closely for the removal of this sign)

The canaries popped up at libraries throughout the years, and the public took notice, making warrant canaries one of many ways that libraries communicated about patron privacy.

Shifting to Digital Canaries and Transparency Reports

While libraries have incorporated digital resources and services in library operations for decades, the rapid shift to virtual operations and services due to the pandemic raises some questions about library-patron communications. Physical types of communications such as signs, handouts, and pamphlets have limited reach with reduced physical services and hours. For libraries that use warrant canary signs, this restriction of in-building services limits the signs’ effectiveness. An option to work around this limitation is a digital version of the warrant canary on the library website, either as a separate page or as part of the library’s privacy notice page.

However, warrant canaries are specific to one type of government request for patron data. Tech companies such as Google, Apple, and Microsoft have started publishing transparency reports, providing a more comprehensive listing of the number and type of governmental request for user data. These reports can provide the number of requests that were fulfilled by the company as well as how many were not. Like any other public report, the data published in the report should be aggregated to reduce the risk of reidentification, the level of which depends on the size of the data set and the number of unique data points included in the set. Transparency reports can also be a place where libraries can reiterate their commitment to patron privacy, including how law enforcement request policies and procedures protect patron data.

Digital canaries and transparency reports provide greater reach in virtually communicating with patrons while in-person services are reduced due to the pandemic. Nonetheless, these communication tools will still be effective once restrictions on in-person services are lifted. Not only do they provide patrons information around governmental requests for library data, but they also serve as a way for libraries to hold themselves accountable in ensuring that patron data is not unnecessarily disclosed outside of regulation and policies.

Celebrating All Things Data Privacy

Data Privacy Day logo.

Happy early Data Privacy Day from LDH! Even though there might not be an opportunity this year to put cookies in the staff room as a way to educate staff about their less-than-tasty web counterparts, you can still celebrate this day at a safe distance. This January 28th, celebrate the day with your colleagues and patrons with the following suggestions:

This week also marks the second anniversary of the launch of LDH Consulting Services! 2020 proved to be a challenging year for everyone, including fledgling businesses such as ours. Thank you to all of our clients and supporters for your continuing support. You can check out some of the projects and workshops we completed in 2020 on our Services page. We will update the page with our 2021 projects and workshops materials – bookmark the page to keep on top of updates. We’re also accepting new projects and clients for the Fall and Winter 2021/2022 seasons. From privacy training and policy reviews to data audits and risk assessments, LDH can help your library or organization protect patron privacy in your data practices. Contact us to set up an initial consultation – we look forward to hearing from you!

Stop Collecting Data About Your Patrons’ Gender Identity

A four-way stop sign in front of snow-covered tree branches.
Image source: https://www.flickr.com/photos/ben_grey/4383358421/ (CC BY-SA 2.0)

tl;dr – Your library doesn’t need to collect data about your patrons’ gender identity.

Longer tl;dr – Your library doesn’t need to collect data about your patrons’ gender identity for library workers to do their daily work.

Nuanced tl;dr – Your library doesn’t need to collect data about your patrons’ gender identity 99% of the time, and in that 1% where the data is required, you’re probably doing more harm than good in your collection methods.

This post is brought to you by yet another conversation about including gender identity data in patron records. Libraries collected this data on their patrons for decades; it’s not uncommon to have a “gender” field in the patron record of many integrated library systems and patron-facing vendor services and applications. But why collect this data in the first place?

Two explanations that come up are that gender identity data can be used for marketing to patrons and for reading recommendations. However, these explanations do not account for the problem of relying on harmful gender stereotypes. Take the belief that boys are reluctant readers, for example. Joel A. Nichols wrote about his experience as a children’s librarian and how libraries do more harm than help in adopting this belief:

These efforts presume that some boys are not achieving well in school because teachers and librarians (who are mostly women) are offering them books that are not interesting to them (because they are boys). I find this premise illogical and impracticable, in particular because I am queer: the things that were supposed to interest boys did not necessarily interest me, and the things that were supposed to interest girls sometimes did. Additionally, after years of working in children’s departments, I found over and over again that lots of different things interested lots of different kids. In my experience, it was the parents that sometimes asked for “boy books” or “girl books.” The premise that boys need special “boy” topics shortchanges librarians and the children themselves, and can alienate kids who are queer or genderqueer.

This collection of patron data can be used to harm patrons in other ways, such as library staff misgendering and harassing patrons based on the patron’s gender identity. A recent example comes from the 2019 incident where library staff repeatedly misgendered a minor patron when she was with her parent to sign up for her library card. While the library decided to stop collecting gender identity data on library card applications as a result of the incident, the harm done cannot be remedied as easily as changing the application form.

The ALA Rainbow Round Table recommends that libraries do not collect gender identity data from patrons unless absolutely needed. Since the recommendation in 2015, several libraries evaluated their collection of gender identity data only to find that they were not using that data. Collecting data for “just in case” opens library patrons to additional harm if the library suffers a data breach. If there is no demonstrated business need for a data point, do not collect that data point.

In the rare case that your library absolutely must collect data about the gender identity of your patrons (such as a requirement to report on aggregated patron demographic data for a grant-funded project), care must be taken in collecting this data to mitigate additional harms through alienation and exclusion.  The Rainbow Round Table recommends the Williams Institute’s report “Best Practices for Asking Questions to Identify Transgender and Other Gender Minority Respondents on Population-Based Surveys” as a guide to collecting such data. The Williams Institute has also created a short guide to create survey questions around gender identity. Here are more resources that can guide respectful demographic data collection:

Again, the resources above are only for the rare case that your library absolutely must collect this data from your patrons. Libraries considering collecting gender identity data must review the rationale behind the collection. A patron should not be required to tell the library their gender identity to use the library’s collections and services. Even the act of collecting this data can harm and disenfranchise patrons.

tl;dr – Your library doesn’t need to collect data about your patrons’ gender identity.

A Quick Data Privacy Check-in for The New Year

A small orange and white kitten sits on an Apple floppy drive, while a picture of a gray cat is displayed on an Apple monitor.
Image source: https://www.flickr.com/photos/50946938@N03/5957820087/ (CC BY 2.0)

Welcome to 2021! We hope that everyone had a restful holiday break. There might be some changes to your work environment for the new year that could affect the privacy and security of your patrons’ data. Let’s start this year off with a quick (and gentle) check-in.

Smart devices

Smartwatches, smart speakers, smart TVs – what new internet-enabled smart device has taken residence in your home, office, or even on your person? You might not know that these devices eavesdrop on your conversations and, in some instances, eavesdrop on what you type. If you are working with a patron or talking with a colleague that includes patron information, what smart devices are in listening range that weren’t before the new year?

Depending on the device, you might be able to prevent eavesdropping; however, other devices might not have this option. Disconnecting the internet from the device is also an option, but this might be more of a hassle than a help. The one sure way to stop a device from eavesdropping is to remove it from listening range, or, better yet, disconnecting the device from its power source.

Computers and mobile devices

A new year could mean a new computer or mobile device. If this is you, and if you are using a personal computer or mobile device for working with patrons or patron data, don’t forget to do the following while setting up your new device:

  • Install antivirus software (depending on your organization, you might have access to free or discounted software)
  • Install the VPN client provided by your organization
  • Install privacy-preserving tools and browser extensions
  • Enable auto-updates for the operating system and any applications installed on the device
  • Review the privacy and security settings for your operating system:
    • Mac and iOS devices – Apple recently published a document listing security and privacy settings on all Apple devices. The tl;dr summary by Lifehacker is a good resource if you’re not sure where to begin
    • Android – Computerworld’s guide to Android privacy is long but worthwhile if you want a list of actions to take based on the level of privacy you want on your device. Also, visit Google’s Data Privacy Settings and Controls page to change your Google account privacy settings (because now is a good time as any to review Google settings).

Evergreen recommendations

Even if you didn’t get a new smart device or computer for the holidays, here are a few actions you can do with any device to start the new year right by protecting your and your patrons’ privacy:

Take a few moments this week to review privacy settings and risks – a moment of prevention can prevent a privacy breach down the road.

Patron Privacy Support: Holiday Edition

An orange cat looking at a laptop screen and pawing a mouse tracking pad.
Image source: https://www.flickr.com/photos/25473210@N00/421211549 (CC BY 2.0)

Black Friday and Cyber Monday have come and gone, but there are still plenty of opportunities to buy the last-minute gift to mark the end of a rough year. Patrons who might have gone to the library to ask for help setting up their new tech gadget will still find their way to the library help desk via chat, email, or phone. Other patrons might come to the help desk with questions from researching which tech gadgets to gift to others (or to themselves!). Why not use this time to do a bit of privacy instruction?

For patrons wondering what to buy – Mozilla’s *privacy not included is an excellent starting point for researching tech gifts that connect to the internet. The guide contains information about data privacy and security for each product and even warns you if a particular product doesn’t meet a minimum security standard.

For patrons who are shopping online – Even though most of our lives have shifted to online thanks to the pandemic, patrons might not have online safety and privacy in mind while shopping online. Account privacy settings, passwords, credit cards, web tracking, digital fingerprinting, phishing emails – the list of vulnerabilities and threats goes on and on. Having a sense of the patron’s threat model will help you determine which guides and resources you can use to help the patron protect their privacy while online. The Virtual Privacy Lab from the San Jose Public Library gives patrons a customizable privacy toolkit they can then use to protect their online privacy and security. You can also send along this short newsletter from SANS about secure online shopping that will help patrons to protect themselves while they shop online.

For patrons setting up their new tech gadget – The patron is excited about their new tech gadget! That is until they can’t figure out how to set it up. This is a great place to introduce privacy-preserving practices found in the Data Detox Kit and in other resources on the Choose Privacy Every Day site to set up their devices to protect their privacy and security right when they start using the gadget.

Last, an evergreen reminderdo not buy or gift an Amazon Ring.

No matter the gadget question or help request this holiday season, there’s always an opportunity to give the gift of privacy to patrons through sharing ways to help them protect their data. While this year might prove a challenge to provide the same level of support at the information or help desk, the above online resources make meeting that challenge a little easier for both the patron and for library staff. Happy shopping and tech support-ing!

FYI – New Newsletter Privacy Policy

Today (as in an hour before publishing our post!) MailPoet announced that it has been acquired by WooCommerce. LDH uses MailPoet for our weekly newsletter mailings. We will be reviewing the new Privacy Policy for the app to decide if we should continue to use the app. While we do not currently use any of the analytics features on MailPoet, we will need to determine if this acquisition means a change in data collection and processing with the third-party vendor. LDH will announce any changes to the newsletter app or other updates in a future post. If you have any questions in the meantime, please feel free to email us.