Wouldn’t it be nice if you never had to take another work-mandated training ever again? No more having to block an entire day off to head over to sit in a stuffy windowless room trying to focus on the training slides while all the lights are still on, making the projection barely readable, and you can barely make out what the trainer is saying? Even when you take the pandemic into account, do you really want to sit through a day-long Zoom training session?
If you said no to either question, you’re in good company. Training is either a critical component or a bureaucratic hurdle in the workplace, depending on who you ask. Training quality widely differs from workplace to workplace. Some training sessions are well designed and practical, while others fail. Nevertheless, training serves several critical functions in any organization, including library privacy training:
- Orienting workers to library privacy policies and procedures
- Providing opportunities for practicing specific procedures or skills in a controlled environment through the use of scenarios and other exercises
- Ensuring a baseline knowledge of library privacy codes, ethics, and standards
- Developing new or updating existing knowledge or skills around protecting patron privacy
Privacy protections are only as strong as those who have the least amount of knowledge about those protections. Lack of training or undertraining library workers creates additional risks to patron privacy through not following or understanding policy or procedure. Regular up-to-date training of library workers reduces that risk to patrons and library alike.
With that said, training can only do so much in protecting patron privacy. Training is only one part of a comprehensive approach to library privacy. On its own, privacy training – no matter how well-designed – cannot reduce or eliminate all privacy risks. Training alone is ineffective when a tool, policy, or procedure is inherently privacy-invasive. Training will not solve the flawed policy, procedure, or tool – as long as the invasiveness is left unaddressed, you’ll continue to see the same results from said bad design. If there is a process that repeatedly leaks or provides unauthorized access to patron data, for example, and there is no dedicated effort on the part of the library in changing this process, training will not fundamentally address the risk to the fullest extent possible.
Without the organization’s support, the effectiveness of library privacy training is limited at best. Over-relying on privacy training to protect patron privacy is like waiting to address privacy risks at the end of a project – attempts to mitigate risk will be hampered by a lack of resources and time. It will most likely not solve fundamental issues inherent in the end product’s design. Like Privacy by Design in project management, a privacy program prioritizing privacy in all levels of library operations and services can systematically address these fundamental privacy issues. Unlike training, privacy programs focus on the long term – what resources are needed to embed privacy into every level of library work? How can we build a sustainable relationship with our patrons to address their privacy concerns? How can patrons have more agency in helping with determining how the library does privacy?
Library privacy requires every part of library operations to prioritize privacy. Strong privacy policies, privacy-preserving technologies, vendor contract negotiations and privacy assessments, privacy audits, data inventories – these are only some of the things that libraries need to do to protect patron privacy better. Training is part of that library privacy equation, but without dedicating resources and time to a sustainable library privacy program, training alone cannot protect patron privacy.