LDH Consulting Services provides a number of services to libraries and vendors on a variety of topics around library data privacy. The following services are LDH’s more popular services.
If you don’t find a service listed here, don’t worry! LDH will work with you to address any privacy needs you might have at your organization. For more information about the services provided by LDH Consulting Services, please contact us at firstname.lastname@example.org.
An organization’s data privacy and security measures are only as effective as the person with the least amount of knowledge and training. LDH can develop and deliver in person and virtual library privacy trainings for staff tailored to the organization’s unique needs and requirements around data privacy. These interactive, scenario-based trainings facilitate staff in not only understanding privacy policies and procedures, but also give them the chance to work through possible challenges in putting policies and procedures into practice.
Training topics include:
- The patron data lifecycle
- Vendor privacy management
- Privacy impact assessments
- Operationalizing library privacy policies and procedures
- Library privacy basics
- Special library privacy issues and concerns, such as surveillance and data analytics/marketing in libraries
Privacy audits and data inventories
Organizations cannot effectively protect patron privacy if they do not know what data they have in the first place. Privacy audits and data inventories locate what data is collected, stored, shared, and processed, as well as assess the many levels of risk to the patron and to the organization with data processing. LDH can conduct data inventories and privacy audits on an individual system, process, or overall inventory of organizational operations to locate and identify what patron data is collected and processed and the associated risks each data point contains. LDH can then work with the organization to mitigate the privacy risks identified in the audit.
For libraries wishing to audit their vendor privacy and security practices, LDH can partner with the library and the vendor in creating and conducting a security and privacy audit.
Policy and legal reviews
Many organizations continue to struggle with keeping up to date with current legal regulations around data privacy, as well as ensuring that their privacy and confidentiality policies reflect current privacy regulations and industry best practices. LDH’s unique position between data privacy and libraries can help organizations make sense of current and upcoming legal regulations around data privacy so organizations can have more productive and effective conversations with their legal advisors. LDH can also provide comprehensive reviews of organizational policies to ensure that important privacy and security measures are in place to protect patron privacy.
Client Project Highlights
Here are just a few of the trainings and projects created and delivered by LDH:
Data Privacy Best Practices (PLP; LSTA grant funded project) – http://plpinfo.org/dataprivacytoolkit/
Licensing Privacy Vendor Contract and Policy Rubric (Mellon Foundation funded project) – https://publish.illinois.edu/licensingprivacy/contracts/
Patron Data Protection Webinar Series (Colorado Virtual Library) – https://www.coloradovirtuallibrary.org/learning/continuing-education/upcoming-webinar-series-patron-data-protection/
- Library Patron Data and Privacy: Cycles and Strategies
- Privacy-Centered Library Vendor Management
Using Privacy Impact Assessments to Protect Patron Privacy (Florida Library Webinars) – https://floridalibrarywebinars.org/auto-draft-10/
LDH’s Approach to Library Data Privacy
LDH Consulting Services takes a holistic approach with their services using the patron data lifecycle. This lifecycle typically has six interconnected stages, covering the complex and multifaceted ways that libraries and vendors process patron data.
- Collection – what data is being collected, and for what purpose
- Storage – where the data is being stored, and in what formats and versions
- Retention – how long the data is being stored based on various factors, from system defaults to legal regulations
- Access – who has access to data, including physical and electronic versions of data
- Reporting – how the data is aggregated and distributed to internal and external audiences
- Deletion – how data is deleted, including the proper destruction of physical and electronic media
Disclaimer: LDH Consulting Services does not provide legal advice. If you need legal advice, please contact an attorney.