Libraries as Information Fiduciaries? Part One

A adult black woman leans against a glass wall of a server room holding an open laptop.
Image source: https://www.flickr.com/photos/wocintechchat/25926827581/ (CC BY 2.0)

The Resolution on the Misuse of Behavioral Data Surveillance in Libraries, recently passed at ALA Midwinter, calls for libraries and vendors to reject behavioral data surveillance of patrons. While we are familiar with the concept of data surveillance, the last item in the resolution contains something that some in the library world are not as familiar with – information fiduciaries. This concept also appears in the recently published 10th edition of the Intellectual Freedom Manual. There’s a likely chance that “libraries as information fiduciaries” will continue to gain ground in the professional discourse around library privacy, so let’s take some time to explore this concept.

Information Fiduciaries Basics

The fiduciary concept is centuries old. Typically, a fiduciary is a person(s) who is entrusted with a valuable asset from another person(s). You might have come across the fiduciary term when dealing with finances – for example, a financial advisor might be considered a fiduciary for a client. A fiduciary relationship is built on trust. The fiduciary is trusted to act in the interest of the party that trusts them enough to manage valuable assets or represent them in sensitive matters.

The concept of information fiduciaries, popularized by Jack M. Balkin in his 2014 blog post about the concept, took the fiduciary concept of managing assets and expanded the assets definition to include information about a person. This expansion would then charge the fiduciary to manage the person’s information with the person’s interests. In Balkin’s post, the expansion to information assets would call on fiduciaries to practice a higher level of information privacy, including not using or disclosing personal information against the user’s interests.

If this seems similar to the legal concept of “duty of care,” it should be! Duty of care is a legal concept that can be a part of fiduciary duties. The fiduciary is required to act in an informed and responsible way that will not harm others in the relationship. In the case of information fiduciaries, the fiduciary duty of care would be on the company that collects the user’s data; therefore, the company would need to put the user’s interests ahead of their interest.

Too Little, Too Late?

Nonetheless, the information fiduciary concept isn’t without its critics. David E. Pozen and Lina M. Khan argue that the concept cannot reconcile the business models of social media companies who rely on using personal data with the interests of the person to sustain the company’s business model. Pozen and Khan point out the tension between the already existing financial fiduciary relationship with shareholders (that rely on the business model) and the proposed information fiduciary relationship with users. Even Balkin admits that behavioral advertising, which exploits personal information for business gain, might continue after a company takes on an information fiduciary role. In a sense, applying an information fiduciary model to existing digital company business models is trying to close the barn door after the horses escaped – you’re asking a company who has built their revenue model on exploiting user information to give up their revenue stream. Having a company become an information fiduciary after the fact isn’t going to resolve them to move away from personal information abuse.

There are other critiques of the information fiduciary concept to consider. While the Electronic Freedom Frontier generally supports information fiduciary regulations, they recognize that the concept has several limitations including governance of third-party data relationships with other third-parties, limitations around restricting the collection of user data, and the uncertainty of how the recently created concept of information fiduciary would work in practice concerning legal enforcement of any fiduciary regulations. EFF argues that information fiduciary must not replace other data privacy regulations and practices. Information fiduciaries are not comprehensive in protecting user privacy and must be approached as such.

What About Libraries?

The information fiduciary is still relatively new, but there have already been calls from the library world to adopt the fiduciary role in patron data management. We will explore some of these calls, as well as how information fiduciary might look like at the library, in part two in the coming weeks!

LastPass and Clubhouse and Virginia, Oh My!

A grey tabby cat curled up and sleeping between newspaper sheets.
It’s hard to get started on a Monday morning… image source: https://www.flickr.com/photos/cyawan/2325855567/ (CC BY 2.0)

A lot happened in the privacy world last week! Let’s go over a couple of news items that affect libraries and library patrons alike.

LastPass Free Tier Woes

The popular password manager LastPass announced changes to their free tier accounts last week that could leave many libraries and library patrons scrambling for an alternative. Starting March 16th, LastPass will require free account users to choose where to use LastPass: mobile or computer. Free account users will also lose access to email support to troubleshoot any problems with the password manager.  For many free tier account users, being forced to choose to have their primary password manager only installed on one platform severely limits the usefulness and protection of their chosen password manager.

If you have a LastPass free tier account and don’t want these restrictions, your options are limited:

  • If you have room in your budget and want to stay with LastPass, you can upgrade to a paid account. This option not only avoids migrating your passwords to another manager and instead unlocks additional features, such as encrypted file storage. While we’re used to having “free” accounts, it might be time to make peace with the fact that it’s time to start paying for password managers.
  • You can migrate to another password manager. There are several choices in the marketplace; however, not many have free tier accounts, which means you might end up paying for a password manager anyway. Bitwarden, an open-source password manager, does have a free tier account that allows for syncing between multiple devices if you need a free account. KeePassXP is another free option for the more technically-inclined who can self-host their password manager.

You can read more about the basics of password managers in our Obligatory Password Manager post from April 2020.

Clubhouse Is Not Your Library’s New Social Media App

So… Clubhouse, that new shiny app that everyone’s talking about. You’re curious about it, aren’t you? You’re wondering if you can add it to the family of social media accounts for your library when you get an invite to join.

Let us stop you right there.

In addition to being exclusive to iOS, being inaccessible, and being a free-for-all for harassment, Clubhouse’s privacy practices are almost non-existent. Literally – the privacy policy did disappear for a while! Nonetheless, the privacy policy is up, and it’s one of the more invasive privacy policies that should make you pause before using the product for any library program, service, or process. We’ve rounded up several articles that describe these invasive data privacy practices in detail:

Some folks will say that other social media companies engage in some of the same practices. However, the overall poor quality and construction of the privacy policy combined with privacy practices that violate several privacy laws in the US and the EU,  the best way to protect patron privacy while using Clubhouse at your library is to not use Clubhouse.

Virginia Getting a New Data Privacy Law?

Virginia libraries! You might have heard about a new data privacy bill that currently sits on the governor’s desk at the time of this writing (it might be signed by the time this post is published!). What is the library tl;dr of the Virginia Consumer Data Protection Act?

  • The bill provides similar data rights as California’s two new privacy regulations, CCPA and CPRA, including rights for consumers to request access and deletion of personal data, as well as the right to opt-out of businesses selling their data.
  • The bill’s scope is also similar to CCPA’s and CPRA’s scopes, targeting for-profit businesses doing business in the state who meet certain thresholds, such as controlling or processing data from 100,000 consumers. Non-profits and higher education institutions are exempt.

Once this bill is signed into law, library vendors who do business in the state and meet the scope thresholds will need to comply with the new law. Library vendors who already comply with CCPA have a head start, but libraries might find themselves with vendors who have to play catchup. It might be time to start reviewing contracts and vendor privacy policies as well as the Act to determine what data rights your patrons have and how they can exercise those rights with those vendors.

LDH in The News

LDH is proud to announce that our founder, Becky Yoose, will give the Keynote Address at the Evergreen International Online Conference on May 25th, 2021! This annual conference draws Evergreen users, developers, advocates, vendors, and others interested in the Evergreen ILS or open-source software community from around the library world and beyond. This year’s conference is online and registration is now open! If you want to join in on the presentation fun, the call for proposals is open until March. We look forward to seeing you at the conference!

Canaries and Reports – Transparency at The Library

A puffy canary sitting on a small tree branch.
Image Source: https://www.flickr.com/photos/starr-environmental/24899952889/ (CC BY 2.0)

Snow has come to Seattle and with it comes the covered evergreen trees, cars slipping and sliding on the many hills, and skiing down major roadways. The shift to remote work, schooling, and services has morphed traditional snow days into “work at home if the snow hasn’t knocked out power” days. We talked about protecting patron privacy while working from home or traveling in previous posts, but we haven’t covered much around possible changes to communicating to patrons about library privacy. Now that the dust (snow) has settled, there’s one aspect of shifting to virtual library operations that needs some attention – transparency around law enforcement requests for library data.

The Canary in The Library

This year marks the 20th anniversary of the passing of the USA PATRIOT Act. While this bill passed almost unanimously through Congress, public outcry over the bill’s erosion of privacy rights was strong throughout the bill’s lifespan and the bill’s successor, the USA Freedom Act. Libraries did not escape the PATRIOT Act’s reach, with Section 215 of the Act allowing for warrantless searches for “tangible things” which the section listed “books, records, papers, documents, and other items” as some of these tangible things. ALA and many US libraries voiced their concerns about the Act’s threat to patron privacy, and many libraries changed policies and procedures to reduce the amount of patron data retained that could be seized under the Act.

There was another part of the Act that changed how libraries communicated to patrons about their privacy. The PATRIOT Act allowed gag orders to be attached to National Security Letters, preventing library workers from disclosing that they received an NSL. An example of such a gag order was the lawsuit brought forward by the Connecticut Four, successfully challenging the validity of the gag order of receiving an NSL for records identifying patrons who used library computers.

The prospect of a gag order led libraries to explore ways to notify patrons about receiving an NSL without violating the gag order that came with it. One way to get around the gag order was a warrant canary. You might have seen some warrant canary signs designed by Jessamyn West posted in various libraries, including this one:

The FBI has not been here

(watch very closely for the removal of this sign)

The canaries popped up at libraries throughout the years, and the public took notice, making warrant canaries one of many ways that libraries communicated about patron privacy.

Shifting to Digital Canaries and Transparency Reports

While libraries have incorporated digital resources and services in library operations for decades, the rapid shift to virtual operations and services due to the pandemic raises some questions about library-patron communications. Physical types of communications such as signs, handouts, and pamphlets have limited reach with reduced physical services and hours. For libraries that use warrant canary signs, this restriction of in-building services limits the signs’ effectiveness. An option to work around this limitation is a digital version of the warrant canary on the library website, either as a separate page or as part of the library’s privacy notice page.

However, warrant canaries are specific to one type of government request for patron data. Tech companies such as Google, Apple, and Microsoft have started publishing transparency reports, providing a more comprehensive listing of the number and type of governmental request for user data. These reports can provide the number of requests that were fulfilled by the company as well as how many were not. Like any other public report, the data published in the report should be aggregated to reduce the risk of reidentification, the level of which depends on the size of the data set and the number of unique data points included in the set. Transparency reports can also be a place where libraries can reiterate their commitment to patron privacy, including how law enforcement request policies and procedures protect patron data.

Digital canaries and transparency reports provide greater reach in virtually communicating with patrons while in-person services are reduced due to the pandemic. Nonetheless, these communication tools will still be effective once restrictions on in-person services are lifted. Not only do they provide patrons information around governmental requests for library data, but they also serve as a way for libraries to hold themselves accountable in ensuring that patron data is not unnecessarily disclosed outside of regulation and policies.

Upcoming Library Privacy Trainings

A grey and white tabby cat laying down on top of a binder of handwritten notes sitting on a table.
The cat wishes to discuss your professional development plans for 2021. Image source – https://www.flickr.com/photos/donabelandewen/3543134442/ (CC BY 2.0)

It’s already the second month of 2021 – have you had some time to figure out your 2021 professional development goals? Here are a couple of privacy training opportunities for you or to pass along to your colleagues! 

Library Data Privacy Fundamentals (February 16 – March 15, 2021) – This month-long course (taught by Becky Yoose of LDH) will go through the foundations of library data privacy for library workers who are new to the library world or wish to strengthen their core understanding of library data privacy. We’ll cover the basics of the data lifecycle, privacy policies and procedures, and vendor privacy management. The course will also explore the “what” and “how” in communicating privacy to both patrons and library colleagues, including administrators.

Library Freedom Project Crash Courses – The Library Freedom Project will be offering a pair of free two-month courses during the summer and fall of 2021. Their first Crash Course, Systems & Policies (May -June 2021), will dive into privacy and data governance policies, privacy audits, vendor privacy management, and working with IT. The second Crash Course, Programs & Training (September-October 2021) will cover how to teach privacy to patrons and library staff alike, including creating privacy programs. These courses are free, but there is an application process. Applications for both courses will open in March 2021.

PLP Data Privacy and Cybersecurity Training for LibrariesHello to all the Pacific Library Partnership (PLP) member libraries reading right now! You might have attended one of the trainings last year as part of the Data Privacy Best Practices for Libraries project. If you want to learn more about how to train your library in data privacy and security, you’re in luck – thanks to continued funding through LSTA, we are happy to announce our second year of the project and our Train-the-Trainer series!This year we are offering two month-long training series on Data Privacy (offered in March and April 2021) taught by Becky Yoose of LDH and Cybersecurity (offered in April 2021) taught by Blake Carver of Lyrasis.

Don’t fret if the course dates don’t work for you – we will keep you posted throughout the year of additional library privacy-related professional development. Stay tuned!

Privacy at ALA Midwinter – 2021 Recap

Logo for the 2021 ALA Midwinter Meeting and Exhibits.

Patron privacy had several moments in the spotlight at last week’s ALA Midwinter Conference. If you missed the conference or the news updates, no worries! Here are the highlights to help you catch up.

A big moment for privacy resolutions

ALA Council passed two major privacy resolutions during ALA Midwinter, moving the organization and the profession to make a more deliberate stance against surveilling library patrons through facial recognition software and behavioral data tracking. You can read the full text of the original resolutions at the end of the Intellectual Freedom Committee Midwinter Report, but here are the actions called for in each resolution:

Resolution in Opposition to Facial Recognition Software in Libraries

  1. opposes the use of facial recognition software in libraries of all types on the grounds that its implementation breaches users’ and library workers’ privacy and user confidentiality, thereby having a chilling effect on the use of library resources;
  2. recommends that libraries, partners, and affiliate organizations engage in activities to educate staff, users, trustees, administrators, community organizations, and legislators about facial recognition technologies, their potential for bias and error, and the accompanying threat to individual privacy;
  3. strongly urges libraries, partners, and affiliate organizations that use facial recognition software to immediately cease doing so based on its demonstrated potential for bias and harm and the lack of research demonstrating any safe and effective use;
  4. encourages legislators to adopt legislation that will place a moratorium on facial recognition software in libraries; and
  5. directs the ALA Executive Director to transmit this resolution to Congress. [This clause was removed by amendment before the final vote in Council]

Resolution on the Misuse of Behavioral Data Surveillance in Libraries

  1. stands firmly against behavioral data surveillance of library use and users;
  2. urges libraries and vendors to never exchange user data for financial discounts, payments, or incentives;
  3. calls on libraries and vendors to apply the strictest privacy settings by default, without any manual input from the end-user;
  4. urges libraries, vendors, and institutions to not implement behavioral data surveillance or use that data to deny services;
  5. calls on libraries to employ contract language that does not allow for vendors to implement behavioral data surveillance or use that data to deny access to services;
  6. calls on libraries to oversee vendor compliance with contractual obligations;
  7. calls on library workers to advocate for and educate themselves about library users’ privacy and confidentiality rights; and
  8. strongly urges libraries to act as information fiduciaries, assuring that in every circumstance the library user’s information is protected from misuse and unauthorized disclosure, and ensuring that the library itself does not misuse or exploit the library user’s information.

[Disclosure – LDH participated in the Behavioral Data Surveillance Resolution working group]

Each resolution is a strong indictment against surveillance technology and practices, but the resolutions will have limited impact if no further action is taken by the organization or its members. While ALA and its vast array of committees start updating and creating policies, standards, and guidelines to assist libraries in enacting these resolutions, individual libraries can use these resolutions to guide decision-making processes around these technologies on the local level. Library workers can use these resolutions to start conversations about how their libraries should protect patrons against these specific surveillance technologies and practices.

Dystopian future, or dystopian present?

The Top Tech Trends session explored the dystopian aspects of technologies including deepfakes, surveillance practices normalized during the COVID-19 pandemic, and the connection between prison libraries and biometric technologies. The recorded session is available to Midwinter registrants, but if you do not have access to the on-demand video of the session, the American Libraries article on the session summarizes each aspect and the impact it can have on patron privacy and the ability for libraries to serve patrons. Take a moment to read the summary or watch the session and ask yourself – Is your library on its way toward a dystopian tech future, or has it already arrived? What can you do to protect patrons against this privacy dystopia at the library?

Celebrating All Things Data Privacy

Data Privacy Day logo.

Happy early Data Privacy Day from LDH! Even though there might not be an opportunity this year to put cookies in the staff room as a way to educate staff about their less-than-tasty web counterparts, you can still celebrate this day at a safe distance. This January 28th, celebrate the day with your colleagues and patrons with the following suggestions:

This week also marks the second anniversary of the launch of LDH Consulting Services! 2020 proved to be a challenging year for everyone, including fledgling businesses such as ours. Thank you to all of our clients and supporters for your continuing support. You can check out some of the projects and workshops we completed in 2020 on our Services page. We will update the page with our 2021 projects and workshops materials – bookmark the page to keep on top of updates. We’re also accepting new projects and clients for the Fall and Winter 2021/2022 seasons. From privacy training and policy reviews to data audits and risk assessments, LDH can help your library or organization protect patron privacy in your data practices. Contact us to set up an initial consultation – we look forward to hearing from you!

Stop Collecting Data About Your Patrons’ Gender Identity

A four-way stop sign in front of snow-covered tree branches.
Image source: https://www.flickr.com/photos/ben_grey/4383358421/ (CC BY-SA 2.0)

tl;dr – Your library doesn’t need to collect data about your patrons’ gender identity.

Longer tl;dr – Your library doesn’t need to collect data about your patrons’ gender identity for library workers to do their daily work.

Nuanced tl;dr – Your library doesn’t need to collect data about your patrons’ gender identity 99% of the time, and in that 1% where the data is required, you’re probably doing more harm than good in your collection methods.

This post is brought to you by yet another conversation about including gender identity data in patron records. Libraries collected this data on their patrons for decades; it’s not uncommon to have a “gender” field in the patron record of many integrated library systems and patron-facing vendor services and applications. But why collect this data in the first place?

Two explanations that come up are that gender identity data can be used for marketing to patrons and for reading recommendations. However, these explanations do not account for the problem of relying on harmful gender stereotypes. Take the belief that boys are reluctant readers, for example. Joel A. Nichols wrote about his experience as a children’s librarian and how libraries do more harm than help in adopting this belief:

These efforts presume that some boys are not achieving well in school because teachers and librarians (who are mostly women) are offering them books that are not interesting to them (because they are boys). I find this premise illogical and impracticable, in particular because I am queer: the things that were supposed to interest boys did not necessarily interest me, and the things that were supposed to interest girls sometimes did. Additionally, after years of working in children’s departments, I found over and over again that lots of different things interested lots of different kids. In my experience, it was the parents that sometimes asked for “boy books” or “girl books.” The premise that boys need special “boy” topics shortchanges librarians and the children themselves, and can alienate kids who are queer or genderqueer.

This collection of patron data can be used to harm patrons in other ways, such as library staff misgendering and harassing patrons based on the patron’s gender identity. A recent example comes from the 2019 incident where library staff repeatedly misgendered a minor patron when she was with her parent to sign up for her library card. While the library decided to stop collecting gender identity data on library card applications as a result of the incident, the harm done cannot be remedied as easily as changing the application form.

The ALA Rainbow Round Table recommends that libraries do not collect gender identity data from patrons unless absolutely needed. Since the recommendation in 2015, several libraries evaluated their collection of gender identity data only to find that they were not using that data. Collecting data for “just in case” opens library patrons to additional harm if the library suffers a data breach. If there is no demonstrated business need for a data point, do not collect that data point.

In the rare case that your library absolutely must collect data about the gender identity of your patrons (such as a requirement to report on aggregated patron demographic data for a grant-funded project), care must be taken in collecting this data to mitigate additional harms through alienation and exclusion.  The Rainbow Round Table recommends the Williams Institute’s report “Best Practices for Asking Questions to Identify Transgender and Other Gender Minority Respondents on Population-Based Surveys” as a guide to collecting such data. The Williams Institute has also created a short guide to create survey questions around gender identity. Here are more resources that can guide respectful demographic data collection:

Again, the resources above are only for the rare case that your library absolutely must collect this data from your patrons. Libraries considering collecting gender identity data must review the rationale behind the collection. A patron should not be required to tell the library their gender identity to use the library’s collections and services. Even the act of collecting this data can harm and disenfranchise patrons.

tl;dr – Your library doesn’t need to collect data about your patrons’ gender identity.

In Case of Emergency

A pull fire alarm with a sign next to it stating "Exit Alarm Only - this alarm does not summon the fire dept In case of Fire call 911"
Image source – https://www.flickr.com/photos/laurablume/5356203877 (CC BY ND 2.0)

Last Wednesday’s attempted insurrection at the US Capitol left many in various states of shock, despair, anger, and grief. As the fallout from the attempt continues to unfold, we are starting to learn more about the possible cybersecurity breaches that resulted from the attempt. Cybersecurity professionals, who are still trying to investigate the extent of the damage done by the SolarWinds attack weeks before, are now trying to piece together what could have been compromised when the mob entered the building. Stolen laptops and other mobile devices, unlocked desktop computers, paperwork left on desks – the immediate evacuation of congresspeople and workers meant that the mob had potential access to sensitive or confidential information as well as sensitive internal systems.            

Leaving a desk, office, or service point immediately to get to safety is a real possibility, even for libraries. Active shooter training has become standard for many US organizations, joining common fire and severe weather drills where staff leave their workstations to head to safe areas. Other library workers have personal experience leaving their work station to get to safety; in one instance, someone I knew barricaded themselves in a work office with other library staff after a patron started attacking them at the information desk. Physical safety comes first. Nonetheless, this leaves information security and privacy professionals planning on how to mitigate the risk that comes with potential data and security breaches in these life-threatening emergencies.

Incident response planning and several cybersecurity strategies help mitigate risk during emergencies where staff immediately leave work areas. Preventative measures can include:

  • Encrypting hard drives on computers and mobile devices
  • Requiring multifactor authentication (MFA) for device and application access
  • Installing remote wipe software to wipe devices if they are reported missing or stolen
  • Not writing down passwords and posting them on computer monitors, keyboards, desks, etc.
  • Conducting an inventory of library staff computers and mobile devices (tablets, phones, etc.)
  • Setting up auto-lock or auto-logoff on staff computers after a few minutes of inactivity
  • Storing confidential or sensitive data in designated secured network storage and not on local hard drives or USB drives
  • Limit access to systems, applications, and data through user-based roles, providing the lowest level of access needed for the user to perform their daily work
  • Storing mobile devices and drives as well as sensitive paper documents in secured areas when not in use (such as a locked desk drawer or cabinet)

After the emergency, an incident response plan guides the process in responding to potential data breaches: containing the damage, removing the attacker from doing more damage, and how to repair the damage. The incident response plan also provides communication plans for users affected in the breach as well as any regulatory obligations for reporting to a government office or official.

All of this will involve a considerable amount of resources and time; however, the time spent in planning and in training (think the tabletop exercises mentioned in our post about gaming in cybersecurity training) will be less time spent after the fact where emotions and stress are running high, resulting in things being missed or falling through the cracks after the emergency.

A Quick Data Privacy Check-in for The New Year

A small orange and white kitten sits on an Apple floppy drive, while a picture of a gray cat is displayed on an Apple monitor.
Image source: https://www.flickr.com/photos/50946938@N03/5957820087/ (CC BY 2.0)

Welcome to 2021! We hope that everyone had a restful holiday break. There might be some changes to your work environment for the new year that could affect the privacy and security of your patrons’ data. Let’s start this year off with a quick (and gentle) check-in.

Smart devices

Smartwatches, smart speakers, smart TVs – what new internet-enabled smart device has taken residence in your home, office, or even on your person? You might not know that these devices eavesdrop on your conversations and, in some instances, eavesdrop on what you type. If you are working with a patron or talking with a colleague that includes patron information, what smart devices are in listening range that weren’t before the new year?

Depending on the device, you might be able to prevent eavesdropping; however, other devices might not have this option. Disconnecting the internet from the device is also an option, but this might be more of a hassle than a help. The one sure way to stop a device from eavesdropping is to remove it from listening range, or, better yet, disconnecting the device from its power source.

Computers and mobile devices

A new year could mean a new computer or mobile device. If this is you, and if you are using a personal computer or mobile device for working with patrons or patron data, don’t forget to do the following while setting up your new device:

  • Install antivirus software (depending on your organization, you might have access to free or discounted software)
  • Install the VPN client provided by your organization
  • Install privacy-preserving tools and browser extensions
  • Enable auto-updates for the operating system and any applications installed on the device
  • Review the privacy and security settings for your operating system:
    • Mac and iOS devices – Apple recently published a document listing security and privacy settings on all Apple devices. The tl;dr summary by Lifehacker is a good resource if you’re not sure where to begin
    • Android – Computerworld’s guide to Android privacy is long but worthwhile if you want a list of actions to take based on the level of privacy you want on your device. Also, visit Google’s Data Privacy Settings and Controls page to change your Google account privacy settings (because now is a good time as any to review Google settings).

Evergreen recommendations

Even if you didn’t get a new smart device or computer for the holidays, here are a few actions you can do with any device to start the new year right by protecting your and your patrons’ privacy:

Take a few moments this week to review privacy settings and risks – a moment of prevention can prevent a privacy breach down the road.

Holiday Privacy Reads and Videos

A one eyed black cat with cartoon antlers sitting and looking up.

The Executive Assistant wishes all of our subscribers and readers a happy holiday season!

We will be back at the start of the new year; in the meantime, here are some videos and long reads to keep you company as we go on our holiday break:

Have a safe and healthy rest of 2020!