Libraries (and Archives) as Information Fiduciaries? Part Three

A collection of football tickets and postcard invitations in a clear archival sleeve.
Image source: https://flickr.com/photos/27892629@N04/15959524202/ (CC BY 2.0)

Welcome back to the third installment of the information fiduciaries and libraries series! It’s been a while since we explored the concept of libraries acting as a trusted party managing patron personal data. Thanks to Tessa Walsh’s recent demo of Bulk Reviewer, we got the nudge we needed to tackle part three of the series. You can catch up on Parts One and Two if you need a refresher on the subject.

Managing Personal Data in a Collection

We left off the series with the question about what happens to a library’s information fiduciary role when the personal data is entrusted with is part of the collection. The relationship between the personal data in the collection, the person, and the library or archive is not as straightforward as the relationship between the library and the patron generating data from their use of the library. Personal papers and collections donated to archives contain different types of personal data, from financial and medical to personal secrets. What happens in the case where a third party donates these papers containing highly personal information about another person to a library or archive? In the case of a person donating their documents, what happens when they have personal data of another person who may not have consented to have this data included in this donation? Moving from the archive to the institutional repository, what happens when a researcher submits research data that contain identifiable personal data as part of a data set, be it a spreadsheet that includes Social Security Numbers or oral histories containing highly personal information to a living person?

As you probably already guessed, these complications are only the start of the fiduciary responsibilities of libraries and archives surrounding these types of personal data. We’ve covered redacting PII from digital collections in the past, but redaction of personal data to protect the privacy of the people behind that data only addresses a small part of how libraries and archives can fulfill their information fiduciary role. Managing personal data in collections requires managing data in the best interests of the library/archive and the person donating the materials and the best interests of the people behind the personal data included in that donated material, which may not be the same person as the donor.

Thankfully, we don’t have to navigate this complex web of relationships to determine how to manage the collection with the best interest of the people behind the data. The Society of American Archivist’s Privacy & Confidentiality Section can help libraries and archives manage personal data in their collections. If you are looking for documentation around privacy in archives, check out the documentation portal. Have too many types of personal data to know where to start? The section’s bibliography can lead you to the right resources for each major type of personal information you have in your collection. Perhaps you want to know more about current issues and concerns around personal data in collections. The RESTRICTED blog has you covered, alongside webinars such as Tessa’s demo of Bulk Reviewer mentioned at the start of this post. We highly recommend checking out the mini-blog series from Heather Briston, following up on her webinar “It’s Not as Bad as You Think – Navigating Privacy and Confidentiality Issues in Archival Collections.”

Beyond the section, you also might find the following publications helpful in determining how your library or archive should fulfill their responsibilities to the people behind the data in your collections:

  • Botnick, Julie. “Archival Consent.” InterActions: UCLA Journal of Education and Information Studies 14, no. 2 (2018). https://doi.org/10.5070/D4142038539.
  • Mhaidli, Abraham, Libby Hemphill, Florian Schaub, Cundiff Jordan, and Andrea K. Thomer. “Privacy Impact Assessments for Digital Repositories.” International Journal of Digital Curation 15, no. 1 (December 30, 2020): 5. https://doi.org/10.2218/ijdc.v15i1.692.

This is only a small selection of what’s available, but the Privacy & Confidentiality Section’s resources are an excellent place to start to untangle the complex web of determining what is in the best interest of all parties involved in managing the personal data in your collections.

Before we end our post, there is one question that a few of our readers might have – can archivists guarantee the same level of confidentiality as lawyers or doctors can in protecting personal information in legal matters?

A Question of Archival Privilege

Some of our readers might remember discussions about archival privilege in the early 2010s stemming from the litigation surrounding the Belfast Project oral histories. Archival privilege is not legally recognized despite legal arguments for such a privilege or tying such a privilege to researcher privilege in court (such as in Wilkinson v. FBI and Burka v. HHS). These rulings mean that materials in a collection are subject to search via subpoenas and warrants, which leads to privacy harms to those whose personal data is included in those collections. Nevertheless, it’s still worthwhile to revisit the calls for such a privilege and discussions of what archival privilege would look like:

Even though Boston College successfully appealed the initial order to hand over all the records listed in the subpoena, we are still left with whether the archives profession should push for privileged relationships between donors or other individuals represented in the collections and the archives. We will leave discussion of if such a privilege should exist (and in what form) to our readers.

Black Lives Matter

Hello everyone,

Black Lives Matter.

If your library or archive is thinking about collecting photographs, videos, or other materials from the protests around George Floyd’s death caused by Minneapolis police, what are you doing to protect the privacy of the protesters? Black Lives Matter protestors and organizers, as well as many protesters and organizers in other activist circles, face ongoing harassment due to their involvement. Some have died. Recently Vice reported on a website created by white supremacists to dox interracial couples, illustrating how easy it is to identify and publish personal information with the intent to harm people. This isn’t the first website to do so, and it won’t be the last.

Going back to our question – if your response to the protests this weekend is to archive photos, videos, and other materials that personally identifiable information about living persons, what are you doing to protect the privacy and security of those people? There was a call made this weekend on social media to archive everything into the Internet Archive, but this call ignores the reality that these materials will be used to harass protesters and organizers. Here is what you should be considering:

  • Scrubbing metadata and blurring faces of protesters – a recently created tool is available to do this work for you: https://twitter.com/everestpipkin/status/1266936398055170048
  • Reading and incorporating the resources at https://library.witness.org/product-tag/protests/ into your processes and workflows
  • Working with organizations and groups such as Documenting The Now
    A tweet that summarizes some of the risks that you bring onto protestors if you collect protest materials: https://twitter.com/documentnow/status/1266765585024552960

You should also consider if archiving is the most appropriate action to take right now. Dr. Rachel Mattson lists how archives and libraries can do to contribute right now – https://twitter.com/captain_maybe/status/1267182535584419842

Archives, like libraries, are not neutral institutions. The materials archivists collect can put people at risk if the archives do not adopt a duty of care in their work in acquiring and curating their collections. This includes protecting the privacy of any living person included in these materials. Again, if your archive’s response is to archive materials that identify living people at these protests, how are you going to ensure that these materials are not used to harm these people?

Black Lives Matter.

[REDACTED] – Redacting PII From Digital Collections

Welcome to this week’s Tip of the Hat! The Executive Assistant is back, and you know what that means…

A sitting black cat looking up at the camera, meowing loudly.
We’re back in business, newsletter-wise!

This week’s topic comes from a recent post to the Code4Lib mailing list. A library is planning to scan a batch of archival documents to PDF format, and are looking for ways to automate the process of identifying personally identifiable information [PII] in the documents and redacting said PII. The person mentioned that the documents might contain Social Security Numbers or credit card numbers.

Many libraries and archives have resources – digital and physical – that contain some form of PII in the source. While physical resources can be restricted to specific physical locations (unless someone copies the source via copier, pencil and paper, camera, etc.), digital resources that are available through a digital repository can increase the risk of privacy harm if that digital resource contains unredacted PII.

When libraries and archives are incorporating personal collections, research data sets, or other resources that may contain PII, here are some considerations to keep in mind to help through the process of mitigating the risk of data breaches and other privacy harms:

Who is included or mentioned in the resource – Some archival collections contain PII surrounding the individual who donated their materials. When dealing with institutional/educational records or research data sets, however, you might be dealing with different types of PII regulations and policies depending on who is included in the resource and what type of PII is present.

What PII is in the resource – When most folks think about PII, they think about information about a person: name, Social Security number, financial information, addresses, and so on. What tends to be overlooked is PII that is information about an activity surrounding a person that could identify that person. Think library checkout histories, web search histories, and purchase history. You will need to decide what types of PII needs redacting, but keep both facets of PII in mind when deciding.

What is the redaction workflow – This gets into the question from the mailing list. The workflow of redacting PII depends on several factors, including what PII needs to be redacted, the number of resources needing to be redacted, and what format the resource is in. Integrating redaction into a digitization or intake workflow reduces the time spent retroactively redacting PII by staff. Here I’d like to offer a word of caution – while automating workflows for efficiency can be positive, sub-optimizing a part of a workflow can lead to a less efficient overall workflow as well as have negative effects on work quality or resources.

What tools and resources are available – While looking at the overall workflow for redacting PII, the available resources and knowledge available to you as an organization to build and maintain a redaction workflow will greatly shape said workflow, or even the ability to redact PII in a systematic manner. There are many commercial tools that automate data classification and redaction workflows, and there are options to “roll your own” identification and redaction tool using various programming languages and regular expressions. If you work at a library or archive that is part of a bigger institution, there might be tools or resources already available through central IT or through departments that oversee compliance or information security and privacy. Don’t be afraid to reach out to these folks!

If you’re wondering where to begin or what other organizations approach redaction, here are a few resources, here are some resources to start with: