Before You Share a Patron’s Story, Part 2

A square white neon conversational bubble against a black wall.
Photo by Jason Leung on Unsplash

Welcome back to our series about responsibly sharing patron stories! Last week we talked about the importance of consent for libraries publishing stories about individual patrons. This week we get into the mechanics of consent and some of the complications around seeking consent to share particular stories.

A couple of housekeeping points before we get started:

  • This week’s post is pretty long! We decided to keep the post as-is instead of breaking it up into two more posts because we felt it essential to present the mechanics and complications of consent together in the same post.
  • We primarily focus on libraries sharing patron stories around events and services for marketing and outreach purposes. Consent also plays a critical role in library assessment and research. Though we will not cover specific issues around privacy and consent in this post’s assessment and research processes, we’ll touch on an overlap point between these two topics.

Asking for (Explicit) Consent

There are two types of consent. The first is implied consent. We encounter this through statements in public notices: “by using this service, you give us permission to use your posts, comments, and other content and likeness for…”. Many physical events still rely on implied consent through conspicuous signage depending on the intended use of the photographs and video and what is captured by the photograph or video (e.g., one patron vs. a group of patrons). Implied consent is passive, which means patrons have to seek out these notices and understand what they are consenting to by attending the program or using a service. Patrons might not even know that these notices exist, or they might not fully understand what might be shared by the library, leading to possible data and ethics breaches, among other consequences. Even when patrons share their own stories on library social media pages, some might not expect libraries to republish their stories in different mediums, such as an annual report or a fundraising campaign.

Instead, libraries should seek explicit consent, which requires affirmative action from the patron. When a library wishes to publicly share a story, quote, or other information about an individual patron’s library use, include at least the following in the ask to the patron:

  • Who you are
  • What information you wish to share and why
  • Where and who you want to share the information
  • How to contact you if the patron has any questions or concerns about sharing or privacy

The consent request should be informative and easy to understand. For example, a library can ask for consent to share patron feedback gathered through a program survey or evaluation form by creating a question asking the patron if the library has permission to quote the patron’s feedback in a library report or other publication. The library should also ask if the patron would like to have their name published alongside the feedback in case the patron would rather have their comment published without their name attached to it. In another example, the following is a sample message to a patron asking to share a patron’s post on the library’s social media page:

“Hello! I’m the outreach coordinator for the library. Thank you for sharing your story about our new service. Would it be okay to share your post in our weekly library newsletter to our patrons to show how other patrons benefited from our new service? Would you also be okay with being named along with the post in the newsletter? You can respond back to this message to us know if you would be okay with us sharing the post, and if you have other questions or concerns.”

However, if you wish to share the same story in the annual report, you will need to check back with the patron since the patron only gave explicit consent for publication in the newsletter. Reusing the story for the annual report without explicit consent can violate the patron’s expectations.

Gaining explicit consent can be more involved with events and programs, particularly when the event is being photographed and/or recorded for publication. Web-based programs and events might have consent features built into the application used to host the program, such as Zoom’s consent popup to users when a session is recorded. Physical events and programs can include consent forms before or at the event for presenters and attendees, particularly for individuals prominently featured in photographs or recordings of the event.

Consent Considerations Regarding Publishing Patron Stories

Some of you might notice one critical component missing in the earlier sample ask – the ability for the patron to withdraw their consent at any time. While libraries should honor the withdrawal of previously given consent when a patron requests that a library social media post mentioning them by name be taken down, the library must weigh potential consequences of making a patron’s use of the library public through sharing their story. The persistent nature of published information – physical or online – requires careful thinking and approach regarding sharing patron stories.

One consideration before asking for consent is the nature of the service or topic featured in the story or quote. Publicly associating an individual patron with a late evening study event at a college library does not carry the same potential harms and consequences as associating a particular patron who receives tutoring through a program at the same library. The latter could result in embarrassment and negatively impact relationships based on others’ perceived or actual judgment of the patron’s need for additional educational assistance while attending college. Some patrons in the latter group might be okay with the library sharing their comments about the tutoring program, and that’s okay! It is still the responsibility of the library to gain informed explicit consent before publication. The library should exercise caution with when and how they approach patrons in asking for their consent in publishing their stories depending on the sensitivity of the topic or service, particularly around any story that can reveal patron information about their identity or status, such as race/ethnicity, disability, or class status.

There are times when explicit consent cannot be not freely given. Sometimes this is because there are legal constraints as to the age where one can give consent (in the case of minors). Other times the power dynamic between people might compel or pressure someone to consent to something they wouldn’t have otherwise. Patron groups such as students, minoritized populations, and incarcerated people might feel compelled to consent based on the power dynamic between the individual and the library. Unlike research and assessment, where the Institutional Review Board (IRB) or ethics committee would address issues around consent with vulnerable participants, there might not be a formal process in place for marketing or outreach to locate and handle potential situations where patron consent is coerced, be it intentional or not.

For example, the public library is the only place to offer ESL classes in a rural town. The library reserves the right to use individual patron photos and stories from those classes for library publications. For a patron who is an undocumented immigrant, the publication of their personal data and likeness can put themselves and others in harm’s way. Because the library is the only place where they have access to ESL classes, the patron might feel compelled to consent to the library publishing their identifying photo or story in order to access a much-needed service.

In the example, the patron is likely to experience privacy harms – perceived or actual – through the library, not fully realizing the power dynamics that come into play when consenting to publish individual patron stories. Recognizing when patrons may not freely give consent can mitigate privacy harms. This recognition can also prompt a conversation about the intended purpose of publishing individual patron stories and the actual impact publication might have on the patron. When posting a feel-good patron story, good intentions do not cancel out the negative impact of exploiting specific patron stories (e.g., inspiration porn or performative allyship) for the library’s reputational or financial gain.

The Role of Consent in Sharing Patron Stories

Consent is vital in protecting patron privacy. Consent is also not an automatic “get out of jail free” card for the library when privacy harms are realized after publishing a patron story. Libraries need to recognize the importance of consent – as well as its limitations – in determining which patron stories to share with others. Consent gives patrons control over the “what and how” regarding the library sharing their story, but only if the consent is informed, explicit, and freely given. Taking the time and care around determining how to ask for consent can limit some of the potential pitfalls and limitations discussed earlier, such as recognizing when consent might not protect patrons from privacy harms or when consent might be coerced.

Some patrons are more than happy for the library to share their stories with the world, while others expect the library not to betray their rights to confidentiality and privacy. Nevertheless, libraries should not automatically assume that a patron sharing their story with others gives the library implicit permission to share on behalf of the patron. A patron might be comfortable sharing their story with others they know but might not be as comfortable if the library shared it with strangers. Having a consent process creates a check to protect patron privacy and not take advantage of the relationship the patron has with the library. The process of gaining informed, explicit, and freely given consent should not only take into consideration how the library can responsibly share a patron’s story with minimal privacy risk to the patron but feed into a larger conversation around patron control over how the library uses their information in both daily operations and public communications.

Before You Share a Patron’s Story: Part 1

A view of a street with the words "share with care" written on the pavement in white.
Image source: https://www.flickr.com/photos/4nitsirk/27234818658/ (CC BY SA 2.0)

We sometimes encounter a heartwarming story that restores a little of our faith in humanity during our regularly scheduled doomscrolling. In the library world, we commonly come across stories of people remembering the excitement they felt with getting their first library card or a book they checked out at the library that changed their lives for the better. Libraries also tell many heartwarming stories of how library services impacted patrons’ lives, be it homework assistance, language classes, or technology workshops. Sharing personal stories of how the library impacted the lives of patrons can not only provide a much-needed respite from doomscrolling and persuade the public by demonstrating the value libraries bring to their organization or community.

When Sharing is Not Caring, Depending on Who’s Doing The Sharing

Nevertheless, sharing individual patron stories about their library use is not without its risks. Take, for example, the now-deleted post from a university library telling a story about a student checking out books from the library for their mom during Covid lockdown. It’s a nice story, but one commenter asked if the library asked the student for their consent to publish their individual story. We soon learn afterward that the library fabricated the story. The library later explained that the fabricated story was an aggregation of personal stories from patrons.

Barring the issues around publishing a hypothetical story without clear disclosure that the story was not real, the problem of publishing individual patron stories is sometimes overlooked. Libraries must understand that a library sharing a personal patron story is different than a patron sharing the same story by their own volition in terms of privacy. These differences center around patron privacy expectations and consent.

Consent, or Why You Need to Ask Before Sharing

We know some patrons are eager to share their library stories with the world, and many of them do on their personal social media posts, talking with others, or even writing a friendly letter to the editor. What is the difference between a patron posting their story versus a library posting the same story? While the patron posting their own story is willingly sharing their story to the public, the library sharing the same story might violate the patron’s privacy rights. Library workers are obligated by professional standards, library policies, and legal regulations to not disclose patron use of library resources and services.

For example, if a patron finds that the latest post about a new service or resource in the library news blog features mentions them by name and the patron didn’t give the library permission to publish their name attached to the resource or service, the library committed two types of breaches: a data breach (through the unauthorized disclosure of data about a patron’s use of the library) and an ethics breach (through a patron’s expectations that the library would not share their activities at the library). Other examples of possible data and ethics breaches through library news posts and updates include:

  • Publishing historical checkout cards with patron names on the card
  • Posting historical reference questions that contain personal data about patrons
  • Announcing unscheduled library visits of notable people on social media or otherwise publicly broadcasting an individual’s presence at the library
  • Publishing identifiable patron stories and quotes (collected from surveys, feedback forms, focus groups, or individual interviews) in reports and research articles

There is one instance where a library sharing a patron’s story might not result in either breach, and that is when the library obtains the explicit consent of the patron to share their story. We’ll use GDPR’s definition of consent for this post – consent must be “freely given, specific, informed and unambiguous.” Asking consent gives the patron control over disclosing their use of library services and resources. It also allows the patron to choose what type of information is disclosed and where it is disclosed. One patron might be okay with the library posting their name and a quote about their experience at a library program. In contrast, another patron might be fine with the library posting a quote but not having their name attached to the quote. Each patron has their level of privacy preferences, and asking for consent informs the library what each patron is comfortable with in publishing their story. It is the responsibility of the library to respect the privacy preferences of each patron through the act of asking for consent.

The process of gaining consent to share patron stories might be as simple as sending a short message to the patron, but consent is much more than a “yes or no” question. Next week’s post will cover what explicit consent could look like depending on the ask. We’ll also discuss the considerations around the consent process around sharing patron stories, including one major consideration that tends to be missed in conversations about consent… you’ll have to check back next week to find out what that is, so stay tuned!

To Build or to Target?

It’s been a busy couple of weeks in the privacy world. First, Colorado is poised to be the newest state to join the patchwork of US state data privacy law. Next, Overdrive acquires Kanopy. And then there’s what happened when a patron submits an FOIA request for their data. Privacy forgot that it’s supposed to be summer vacation! Today we’re setting aside those updates and talking about a topic that has been one of the most requested topics for the blog.

You or your colleagues might be scanning through the last couple months of American Libraries in preparation for ALA Annual later this month, only to come across the “Target Acquired” article in the May 2021 issue (page 52-53), profiling three libraries in their use of marketing and data analytic products. The profiles seem harmless enough, from email newsletter management to collection analysis. They want to understand their patrons to serve their communities better. These profiles give three different ways these products can help other libraries do the same.

Did you notice, though, that none of the profiles talked about patron privacy?

There’s a reason for that. Marketing and data analytics products such as customer relationship management systems (CRMS) rely on personal data – the more, the better. The more data you feed into the system, the more accurate the user profile is to create a personalized experience or more effective marketing campaigns. CRMS are increasingly integrated into the ILS – OCLC Wise is an example of such an integration, and other ILS companies plan to release their own versions or create better integrations with existing products on the market. The libraries using Engage and Wise are excited about the possibilities of better understanding their patrons through the data generated by patron use of the library. However, we wonder if these libraries considered the consequences of turning patrons into data points to be managed in a vendor system.

It should be no surprise to our readers that LDH’s approach to marketing and data analytics in libraries does not place data above all else. Data ultimately does not replace the relationship-building work that libraries must do through meeting with community members. However, advertisement pieces such as the one in American Libraries aim to normalize user profiles in CRMS and other analytics products in libraries. As the article states at the beginning, data plays a large part in library outreach. With the pressure to prove their value to the community, library administration and management will reach for data to secure their library’s future in the community. The cost of over-relying on data to prove a library’s value, however, is usually left unexamined in these situations.

With that said, let’s do a little exercise. We have the chance to write a sequel to the advertisement piece. Instead of questions about the products, our questions will turn the tables and focus on the libraries themselves:

What are the privacy risks and potential harms to different patron groups from using the product?

Increased patron surveillance via data collection and user profiling can lead to disproportionate privacy risks for several patron groups. In addition, the business models of several vendors create additional harm by targetting specific minoritized groups, such as reselling data to data brokers or providing data to government agencies such as ICE.

What business need(s) does the product meet? What other products can meet the same need that doesn’t create a user profile or require increased patron surveillance?

Sometimes libraries buy one system that doesn’t match the actual business need for the library. For example, several collection management systems on the market do not require individual-level data to provide analysis as to how to spend collection budgets or meet patron demand. In addition, libraries do not need market segmentation products to perform collection usage analysis.

How does the library reconcile the use of the product with Article III of the ALA Code of Ethics, Article VII of the ALA Library Bill of Rights (and the accompanying Privacy Interpretation document), and other applicable library standards and best practices around patron privacy?

This one is self-explanatory. FYI – “Other libraries are doing the same thing” is not an answer.

What are social, economic, and cultural biases encoded into the product? What biases and assumptions are in the data collection and analysis processes?

Library services and systems are not free from bias, including vendor systems. One bias that some libraries miss is that the data in these systems do not reflect the community but only those who use the library. Even the list of inactive users in the system does not fully reflect the community. Moreover, data alone doesn’t tell you why someone in your community doesn’t have a relationship with the library. Data doesn’t tell you, for example, that some patrons view the library as a governmental agency that will pass along data to other agencies. Data also won’t fix broken relationships, such as libraries violating patron trust or expectations.

What is the library doing to inform patrons about the use of the product? Do patrons fully understand and consent to the library using their data in the product, including pulling data from data brokers and creating profiles of their library use?

More likely than not, your library does not give patrons proper or sufficient notice, nor give patrons the chance to explicitly consent for their data to be collected and used in these products. Refer to the Santa Cruz Civil Grand Jury report on what happens when the public calls out a library using a product in the advertisement article without full patron notification or consent.

Keep these questions in mind the next time you read about marketing and data analytics products in professional magazines such as American Libraries. These advertisement articles are designed to fly under the radar for readers who might not be thinking about the privacy implications of highlighted products and practices. Building relationships with the community require a considerable amount of time and care from the library. Data might seem to be a shortcut in speeding up the process. Nonetheless, choosing to view patrons as targets and metrics can ultimately undermine the foundation of any sustainable relationship.

Reader Survey Open Until June 15th

Thank you to everyone who has filled out the reader survey. If you haven’t filled out the survey yet, we want to hear from you! Take five minutes to help shape the future of the blog by filling out our short survey.

Libraries, Privacy, and… Tropes?

Welcome to this week’s Tip of the Hat!

A popular way to procrastinate at LDH is to dig through the pile of articles and other literature about all facets of privacy: regulations, ethics, practices, current events… the current events pile is at overcapacity at the moment. In these piles of articles, we come across one particular trope that we’d like to address – libraries as exemplars of privacy ethics and practices.

This trope is similar to others in other mainstream stories that use libraries as exemplars for other things, such as community engagement, democracy, and learning centers. The “library as privacy exemplar” trope coexists with these other tropes, sometimes in the same story. Other times the trope is front and center of an article. An example of this is an IAPP article about general privacy practices at the library. At best, this article demonstrates the attitude and tone of how many writers think about the library as an enlightened entity with their focus on privacy. Near the end of the article comes another trait that these articles tend to share, which is modeling privacy practices off of the library profession: “While library culture tilts heavily in favor of protecting the ‘citizen from state’ intrusion, that same culture can be mobilized to advocate for ‘customer’ privacy as well in relation to third-party service providers.”

All of this leads us to a hidden danger in the “library as privacy exemplar” trope, which is unquestioned trust in libraries in all matters of privacy and data ethics. Some of that trust has been earned – there are several library privacy initiatives, such as the Library Freedom Institute, that are very active in the greater community in their advocacy and education around data privacy. In addition, LDH’s conversations with technology workers in other fields have made it clear that professionals in other industries wished that they had strong professional ethics and standards like the library profession.

Nonetheless, others from outside the library profession take this trust too far. For example, in Emma Trotter’s “Patron Data Privacy Protection at Public Libraries: The Ethical Model Big Data Lacks”, Trotter proposes that libraries should become personal data stores (PDS) where people can gather their data in one secure place and then manage the processing of their data by third parties. Trotter is very confident that libraries can become the ethical role model for Big Data with this marriage between PDS and library privacy ethics. Overall, Trotter believes that the ethical issues around Big Data would be negated once libraries become front and center in the overall management of Big Data.

While libraries do have a strong ethical basis around advocacy and adoption of privacy practices, libraries also have their fair share of privacy issues and gaps. Libraries are not immune to the same threats and vulnerabilities as other professions and industries, such as data leaks and breaches, ransomware attacks, phishing, and even underfunding or undertraining staff in ways to protect patron privacy. Librarianship also deals with ethical issues around their collection and processing of patron data, particularly for marketing and user profiling, as well as working with vendors who also collect and process patron data without giving the patron control over what is collected and processed. One doesn’t need to search too far to find an example of such – one being the Santa Cruz Public Library’s Civil Grand Jury Report about the numerous ethics breaches surrounding their use of patron data without full patron notice and consent, among other violations of patron privacy.

Yes, other industries can learn from libraries about how to approach privacy in their daily work, including ethics and advocacy, but libraries also have to be honest about the profession’s struggles around data privacy, both on a practical and ethical level. Part of that is being public with these struggles in the public discourse, be it with patrons or with people from other industries who are looking for a model to base their professional privacy ethics and practices on. Another part is re-evaluating how we, as a library profession, market ourselves as privacy experts and safe-keepers of data to our patrons. Again, libraries set themselves apart from other industries regarding privacy ethics and advocacy, but they cannot set themselves apart from the reality that is working with data in the real world that has real needs that fall into ethical gray areas and real data security and privacy risks.

CRMS 101

Welcome to this week’s Tip of the Hat! Today we have a brief overview of an acronym that is becoming a popular tool in libraries – the customer relationship management system [CRMS] – and how this new player in the library field affects patron privacy. While some folks know about CRMS, there might be others that are not exactly sure what they are, and what they have to do with libraries. Below is a “101”- type guide to help folks get up to speed on the ongoing conversation.


What is a CRMS?

A customer relationship management system [CRMS] manages an organization’s interactions with customers with the goal to grow and maintain customer relationships with the organization. CRMS products have been used in other fields outside of librarianship for decades, mostly in commercial businesses, but the increased importance in data analysis and improving customer experiences has led for wider adoption of CRMS products in other fields, including libraries.

What is a CRMS used for?

Many organizations use CRMS products to track various communications with customers (email, social media, phone, etc.) as well as data about a customer’s interests, demographics, and other data that can be used for data analysis. This analysis is then used to improve and customize the user experience (targeted marketing, personal recommendations, and invitations, etc.) as well as making business decisions surrounding products, services, and organization-customer relations. This analysis can also be used to create user profiles or for market segmentation research.

What are some examples of CRMS?

There are many proprietary and open source options, though Salesforce is one of the most recognized CRM companies in the overall field. In the library world, several library vendors sell standalone CRMS products, such as OrangeBoy’s Savannah. Other library vendors have started offering products that integrate the CRMS into the Integrated Library System [ILS]. OCLC’s WISE is one such example of this integration, while other library vendors plan to release their versions in the near future.

What data is collected in a CRMS?

A CRMS is capable of collecting a large quantity of very detailed data about a customer. Types of patron data that can be collected with a library CRMS includes (but not limited to):

  • Demographic information
  • Circulation information like total checkouts, types of materials checked out, and physical location of checkouts
  • Public computer reservation information
  • Electronic resource usage
  • Program attendance

In addition to library supplied data, other data sets from external sources can be imported into the CRMS ranging from US Census data to open data sets from cities and other organizations that could include other demographic information by geographical area (such as zip code) or by other indicators.

How is patron privacy impacted by CRMS?

The amount of information that can be collected by a CRMS is akin to the type of information collected by commercial companies who sell services and products. By creating a user profile, the company can use that information to personalize that customer’s experience and interactions with the company, with the ultimate goal of creating and maintaining return customers. Traditionally libraries do collect and store some of the same information that CRMS products collect; however, it is usually not stored in one central database. Creating a profile of a patron’s use of the library leaves both the library and the patron at high risk for harm on both a personal and organizational level. This user profile is subject to unauthorized access by library staff, data breaches and leaks, or intentional misuse by staff or by the vendor that is hosting the system. This user profile can also be subject to a judicial subpoena, which puts patrons who are part of vulnerable populations at higher risk for personal harm if the information is collected and stored in the CRMS.

Further reading on the conflict between the CRMS, data collection, and library privacy:

What can we do to mitigate privacy risks if we use a CRMS?

If your library chooses to use a CRMS:

  • Limit the type and amount of patron data collected by the system. For data that is collected and stored in the CRMS, consider de-identification methods, such as aggregation, obfuscation, and truncation
  • Perform risk assessments to gauge the level of potential harm connected by collecting and storing certain types of patron information as well as matching up patron information with imported data sets from external sources
  • Negotiate at the contract signing or renewal stage with the vendor regarding privacy and security policies and standards around the collection, storage, access, and deletion/retention of patron data, as well as who is responsible for what in case there is a data breach
  • Perform regular privacy and security audits for both the library and the vendor

We hope that you find this guide useful! Please feel free to forward or pass along the guide in your organizations if you are having conversations about CRMS adoption or implementation. LDH can also help you through the decision, negotiation, or implementation processes – contact us to learn more!