State of The Hat: April Showers Edition

A one-eyed black cat sits on a fleece blanket covering a couch arm. The cat is looking up toward the person taking the picture.
The Executive Assistant, checking in on things.

Last week was a hectic week in the library world, but we made it! Ideally, we would be spending time in this week’s post summarizing the events that brought us to Follett’s announcement on Friday stating that they would not develop the proposed system features that would have put student privacy at risk. However, life has other plans. Today, we want to give you a quick update as to what to expect here in the coming months:

  • We won’t be regularly posting to The Tip of The Hat during April. We hope to have one or two regular posts this month, but don’t be surprised if we happen only to have one.
  • We plan to resume regular posting in May. Our Executive Assistant will see to it that this happens!
  • Depending on the circumstances, we might start our summer posting schedule one month early.

In the meantime, if you have any questions or topics you would like us to cover in a future post, send us an email at newsletter@ldhconsultingservices.com. In addition, let us know if you have an idea for a guest post for The Hat!

Thank you all for your understanding and readership during the three-plus years of The Tip of The Hat!

Hello, Cherry Blossoms

Let’s take a break to appreciate the cherry blossoms across town.

A closeup on a group of cherry blossoms in bloom and flower buds on a tree branch in front of a blurred church steeple background.
Image source: https://www.flickr.com/photos/40441865@N08/16528632440/ (CC BY 2.0)
A cherry tree in full bloom in a secluded park in early spring. The blossoms appear to cascade from the tree on it various branches.
Image source: https://www.flickr.com/photos/kaoru_o/13596683015/ (CC BY ND 2.0)
A row of blooming cherry trees in front of red bricked academic buildings on the University of Washington Seattle campus.
Image source: https://www.flickr.com/photos/brianholsclaw/4447935281/ (CC BY ND 2.0)

[Bonus – If you’re curious about what makes a cherry tree a cherry tree, the University of Washington created an animated illustration describing the anatomy of a cherry tree.]

Take some time to appreciate the flower blossoms wherever you are – we’ll be back next week with the latest library privacy news and updates.

In The Meantime…

Do you have a library privacy question for us? Email us at newsletter@ldhconsultingservices.com with your question or idea and we’ll feature it in a future newsletter. We also welcome guest writers for the newsletter. If you have an idea for a guest post, let us know for a chance to be featured on the blog. We look forward to your questions and ideas!

#DataSpringCleaning 2022 – Glitter, Data, and You

Happy belated Spring Equinox to our fellow Northern Hemisphere dwellers! It doesn’t exactly feel like spring for many folks, but soon enough, there will be leaves on the trees, flowers in the gardens, and pollen in the air. So, so much pollen. Pollen that makes you sneeze even if you haven’t ventured outside in days and have all the windows and doors closed. Pollen that coats your car to the point where you can’t see out of the windshield. Pollen clouds. Pollen is everywhere. It’s like nature’s version of glitter.

The analogy of pollen-as-glitter doesn’t quite match up one-to-one. For example, limiting the amount of glitter we come into contact with is easier than limiting the amount of pollen unless you take drastic measures (like moving to another part of the world to avoid certain types of pollen). However, we have a more accurate analogy to form – data as glitter. Here are some ways data is like glitter from our tweet in 2020:

Hot take – Data is not the new oil. Data is the new glitter:

– Lures humans in with its shininess
– Very easy to accumulate
– Found in places you least likely expect to find it
– Almost impossible to get rid of
– Everyone insists on using it w/o thinking through the consequences

We all had a glitter phase – all glitter, all the time. For some of us, though, we are the ones who are left cleaning up after someone somewhere in the building used any glitter. The nature of glitter – the attractiveness of the shininess, the ease of getting a hold of glitter, the lightweight and aerodynamic nature of individual glitter specks – is sure to be a recipe of disaster if there are no guidelines in place in using it. Parents and educators might already know a few of these guidelines: laying down plastic or paper over the workspace for easy cleanup, not leaving glitter containers open when not in use, and washing hands when finished working with glitter. For such tiny specks of plastic, it takes a lot of effort to ensure that the glitter doesn’t get everywhere and on everyone.

Data is like glitter. If there are no guidelines or measures to control the use and flow of data, you will have multiple versions of the same data set in various places. In previous #DataSpringCleaning posts, we talk about electronic and physical data retention and deletion, but that only addresses some of the privacy risks we face when working with data. For those unfortunate enough to have to clean up after a glitter explosion, it’s nearly impossible to get all the glitter if control measures were not put in place. The same is true with data – left unrestricted, data will get everywhere, making it almost impossible to delete. It also makes it practically impossible to control who has access, what is shared, and even when it’s appropriate to work with patron data.

For this year’s #DataSpringCleaning, we’re taking a proactive approach to avoid cleaning up explosion after explosion of glitter-like data. What are some ways you can limit the spread of patron data in your library or organization? The data lifecycle is a great place to start:

  • What data do you absolutely need to collect to do what you need to do?
  • Where should you keep the data?
  • Who should have access to the data?
  • How should the data be shared, if at all?
  • How do you clean up after the data is no longer used or needed?

Another place to start is to get into the habit of asking if you truly need to use patron data in the first place. Some of the worst glitter cleanups come from times when glitter use was absolutely unnecessary – for example before you use that glitter bath bomb, do you really need to have glitter all over yourself and your bathtub and your bathroom and your pets who enter the bathroom and your carpet and your furniture and your clothes and everyone who comes into contact with you or the other glittered surfaces? The answer is almost always “no.”

Stopping to ask yourself if patron data is needed in the first place to do the thing that you need to do is one of the best ways to avoid putting patron privacy at risk at your library. Thinking about data in terms of glitter can help you get into the habit of being more judicious about when to use patron data and how it should be used to limit unmitigated messes that will take considerable amounts of time to clean up. Data is glitter – plan accordingly!

Say What You Mean, or When Not to Use Certain Technical Terms

The phase "Choose your words" are spelled out using wooden Scramble letter tiles on a white table. The word "your" is vertically spelled using the "o" and "r" in the horizontal words "choose" and "words", respectively.
Photo by Brett Jordan on Unsplash

Welcome to the first week of Daylight Savings Time for most of our readers in the US! Now that we are short one hour of sleep, it’s the best time to start with a thought experiment. The following is an excerpt from a recent library technology conference poster proposal:

“Patrons who visit an academic library with their smart devices (i.e., cell phones, laptops, tablets) connected to the campus Wi-Fi services would have their geolocation data, user ID, and time stamp stored in the Wi-Fi service provider’s system. The big data harvested provides a clear view of patron demographic information, including majors, classes being taken, along with other data… the use of Artificial Intelligence has helped the library to predict user behavior and thus be able to more closely tailor facilities, collections, and instruction to enhance student success.” (emphasis added)

Now for the question – what would you use instead of “Artificial Intelligence” in that excerpt? Take a moment to write down whatever comes to mind.

As we started exploring in our “On The Same Page” series, words are complicated. Sometimes they don’t let onto the complexity of the concept they represent, such as personal data. Other terms are prone to obscure, misdirect, or otherwise conceal the real-world consequences of the ideas and actions represented by those terms. Phrases like “artificial intelligence” and “machine learning” find widespread use in our lives without much thought into what they mean and the implications behind those terms in our understanding of technology. What can we use instead of these terms, though?

An excellent place to start is to say what you mean. The Center on Privacy & Technology at Georgetown recently announced that they will no longer use terms like “artificial intelligence” and “machine learning.” Instead, they will use the following guidelines to say what they mean:

1. Be as specific as possible about what the technology in question is and how it works.

2. Identify any obstacles to our own understanding of a technology that result from failures of corporate or government transparency.

3. Name the corporations responsible for creating and spreading the technological product.

4. Attribute agency to the human actors building and using the technology, never to the technology itself.

One example provided by the article takes the phrase “face recognition uses artificial intelligence” and replaces it with “tech companies use massive data sets to train algorithms to match images of human faces.” The latter phrase is specific as to what is all involved, including the human involvement behind the technologies referenced in the former term. The latter phrase also doesn’t conceal the process of facial recognition – it takes data from real human faces, and lots of it, to get an algorithm to determine a match of a face with an image correctly. But wait – where do the faces come from? What decisions are being made about which faces to feed into the algorithm? Do the people whose faces are being used to train this algorithm know that their faces are being used in training? What are the ultimate goals of the tech companies in creating this type of technology? Who are these tech companies in the first place?

Being specific about the technology, how it works, and the humans behind the technology better positions the readers in asking questions about the real-world impact of these technologies. It also attempts to make more apparent to the readers the potential harms that can come from these technologies, such as the potential of lack of consent from the people whose faces are being used for training and the potential bias in the data set itself based on who is included. Spelling out the specifics breaks us from using technical terms that we and our audience might not fully understand or be aware of the potential privacy risks and harms inherent in these technologies.

Let’s revisit the excerpt from the beginning of the post. With the Privacy Center’s guidelines in mind, what would you say instead of “Artificial Intelligence” in the last sentence?

(Bonus – Are there other technical terms in the excerpt that need to be spelled out? If so, what should be said instead of those terms?)

We invite you to share your answers with us! You can use the following form to share your answers with us. We are not collecting personal data such as IP address, name, or address for submissions. We’ll return to the exercise and share the responses in a future post, so stay tuned!

Getting “On The Same Page” – Personal Data and Libraries

We cover a lot of ground on the Tip of The Hat! There’s so much to explore with data privacy and security that sometimes it’s easy to get lost in the details and lose track of the fundamentals. We’re also in a field where it’s improbable that everyone shares the same background or knowledge about a specific topic, which contributes to some of the misunderstandings and confusion in discussions around data privacy and security.

We talk about the importance of setting expectations and shared understandings in our work at LDH, such as defining essential terms and concepts with vendors so that everyone is clear on what’s being said in contract negotiations. This week’s post is our attempt to extend this philosophy to the blog with the start of the On The Same Page series. The series will aim to define the terms that form the basis of library data privacy and security. This week we start with a term often used, but its definition is hard to pin down – personal data.

What is Personal Data?

Short answer – it’s complicated.

One of the reasons defining personal data is complicated is the legal world. Sometimes data privacy regulations use different terms, such as personally identifiable (or identifying) information (PII) or personal information (PI). If that wasn’t enough, these regulations have different definitions for the same concept. You can get a sense of how this confusion can play out after reading a comparison of the different terms and definitions of personal data for the EU’s General Data Protection Regulation (GDPR) with various US state data privacy laws such as the California Consumer Privacy Act (CCPA). There are some similarities between the legal definitions, but just enough difference (or vagueness) to make defining personal data a bit more complicated than expected.

We also can’t leave the definition as “data about an individual person” because the definition doesn’t fully capture what counts as personal data. The National Institute of Standards and Technology (NIST)’s definition of PII captures some of this complexity in the two main parts of their definition: “any information that can be used to distinguish or trace an individual‘s identity” and  “any other information that is linked or linkable to an individual.” This definition of personal data is not very helpful to the layperson who has a pile of electronic resource use data in front of them is personal data. Can this data identify an individual patron? There are no names attached to it, so 🤷🏻‍♀️?

Despite the differences between these definitions, there are some common threads in which we can get a sense of what personal data is. We’ll break these threads into three categories:

  • Direct identifiers – data that directly identifies a person, such as a person’s name, government or organization identification number, and IP address.
  • Indirect identifiers – data that can identify a person with a great degree of confidence when combined with other indirect identifiers. This includes demographic, socioeconomic, and location data. A classic example of identifying people by combining indirect identifiers comes from Dr. Latanya Sweeney’s work identifying individuals using the date of birth, zip code, and gender.
  • Behavioral data – data that describes a person’s behaviors, activities, or habits. When collected over a length of time, behavioral data can identify a person when combined with direct identifiers, or if the behavioral data itself contains direct or indirect identifiers (put a pin in this for later!).

In short, personal data is much more than a person’s name or ID number. Personal data is data about a person, be it a direct identifier or data that can reasonably be linked back to a person. The second part of that definition is crucial to libraries working with patron data.

Libraries, Patrons, and Personal Data

When working with patron data, libraries work with all three types of personal data. The following is just a tiny sample of the kinds of patron data that call under each category of personal data:

Direct identifiers

  • Name
  • Physical and email addresses
  • Patron record and barcode numbers
  • User account login and password
  • Device information (operating system, browser, device identification number, and other information that makes up a digital fingerprint)

Indirect identifiers

  • Demographic information such as age, gender identity, and race/ethnicity
  • Declared major or minor (or grade level in K-12 schools)
  • Disability status
  • Patron type (e.g., resident or non-resident; student, faculty, or staff; specific patron statuses based on specific services, library card types, or market segments)
  • Geographical information (e.g., region, neighborhood, home branch)

Behavioral data

  • Borrowing history
  • Search history
  • Reference question logs
  • Library website analytics capturing website activity
  • Electronic content access logs

Some of you might already know why we put a pin in the behavioral data earlier – search and question logs have a plethora of direct and indirect identifiers. For example, a reference chat log history for a typical day can contain direct identifiers such as patron account login information and addresses and subject matter that serve as indirect identifiers of the patron in question. IP addresses and device information from website analytics and system logs (such as proxy server logs) can also potentially identify a patron.

It’s almost impossible for patrons to use the library without the library collecting some form of personal data. The shift from print to electronic resources and services significantly increased the library’s ability to collect behavioral data that can identify patrons on its own. Even if the patron goes to the physical library just to pull a book from the shelf and read at the library, the security cameras in the building might record the person’s face (direct identifier) and the book that they pulled from the stacks (behavioral data) at a specific branch location and time of day (more behavioral data with a dash of an indirect identifier). Leaving the definition of personal data at “data about a person” does not capture the reality of how the evolution of services, resources, and technology in libraries has changed the type and amount of patron data generated by library use by patrons.

Constant Changes in What Counts as Personal Data

It’s tempting to settle on the general definition of personal data with the three categories and call it a day. However, the rapid pace of change in legal regulations and technologies means that the nature of personal data will change. What might be considered non-personal data today (such as highly aggregated data based on the definitions of several data privacy regulations) might be personal data in the near future when someone discovers how to connect that data to an individual using newer technologies, algorithms, or improved re-identification methods. It also might be that more categories of personal data are waiting to be defined or refined. We weren’t kidding when we said that defining personal data is complicated!

Nevertheless, what we have today is a good working definition that we can use when talking about patron data privacy and security: Personal data is data about a person, be it a direct identifier or data that can reasonably be linked back to a person. While it’s easier to think about personal data when we limit ourselves to someone’s name or barcode number, we must remember that personal data takes on many, and sometimes deceptive, forms – particularly when it comes to the behavioral data generated by patron use of the library.

Do These Three Things Today to Protect Your Patrons’ Privacy

Keeping track of the latest threats to patron data privacy and safety is easily a full-time job in quiet, uneventful times. Last week was neither quiet nor uneventful. From the possibility of increased cyber warfare in the coming weeks to the progression of anti-LGBTQIA+ and anti-CRT regulations in several US states, many library workers are rightfully feeling overwhelmed with the possible implications of these events on the patron’s right to privacy in the library. And all of this is happening while we are still in the middle of a pandemic!

This week we are going to help you, the reader, to take a moment to stop, breath, and orient yourself in light of the recent increase in threats to patron privacy. We have three things that you can do today that can get you started in protecting patron data privacy and security in light of recent events:

Reacquaint yourself and others on how to avoid phishing attemptsLibraries are no strangers in being the target of phishing attacks; however, with the possibility of increased cyber warfare, the phishing attempts will only increase. As we saw with Silent Librarian, phishers are not afraid to use the library as a point of entry into the more extensive organizational network to access sensitive personal information. The Phishing section of the Digital Basics Privacy Field Guide is an excellent way to spread awareness at your library if you are looking for a simple explainer to share with others.

(Bonus – turn on multi-factor authentication wherever possible! You can also include the Multi-Factor Authentication section from the Digital Basics Guide while talking to others in the library about MFA.)

Check if your library is holding onto circulation, reference chat, and search histories – By default, your ILS should not be collecting borrowing history, but the applications you use for reference services might have similar information. The same goes for your library’s catalog or discovery layer and logs that might be capturing searches from patrons in a system log. This data can be used to harm patrons, particularly patrons who experience greater harms when their privacy is violated, such as LGBTQIA+ students and minors. Check the system and application settings to ensure that your systems are not collecting circulation and search histories by default. Review the reference chat logs to ensure that personal patron data is not being tracked or retained in the metadata and the chat content.

(Bonus – If you find patron data that is not supposed to be there after checking and changing settings, make sure to delete it securely!)

Check your backups – You should be checking your backups regularly, but today is a good day to do an extra round of checks on your data backups:

  • Can you restore the system with the latest backup in case of a ransomware or malware attack? If you haven’t already tested your backups, you might run into unexpected issues in your attempt to restore your system after an attack. Schedule a backup test sooner than later if you haven’t restored from a data backup before to catch these issues while the system is still up and functional.
  • Where are your backups located? Having an offline copy can mitigate the risk of loss or destruction of all copies from an attack. You also want to ensure that the backup is securely stored separately from the system or application.
  • What data is being stored in the backups? Backups are subject to the same risk as other data regarding unauthorized access or government requests. This is especially important when these backups have personal data, such as a patron’s use of library resources and services. Adjust what data is being backed up daily to limit capture of such patron data and limit the number and frequency of full database backups.
  • How long are you storing backups? Backups can be used to reconstruct a patron’s use of library resources and services over time. We have to balance the utility of backups and data security and privacy; however, the longer you keep a backup, the less valuable it will be in restoring a system and the more the risk of that data being breached or leaked. The length of time you should retain a backup copy will depend on several factors, including if the backups are incremental or full and what type of data is stored in the backup. Nevertheless, if you are unsure where to start, review any backups older than 60 days for possible deletion.

(Bonus – if you’re not backing up your data, now would be a perfect time to start!)

Focusing on these three actions today will provide your library with an action plan to address the increased risks to patron data privacy and security in the coming weeks and months (and even years). Even though we focused on things you can do right now, don’t forget to include in your action plan how you will work with third parties (such as vendors) in addressing the collection, retention, and sharing of patron data! And as always, we will keep you up to date on the latest news and events impacting patron data privacy and security, so make sure you subscribe to our weekly newsletter to get the latest news delivered to your inbox.

Just Published – ALA Privacy Field Guides

Title covers of the seven Library Privacy Field Guides.

Readers of the Tip of The Hat might be familiar with the ALA Privacy Guidelines and Checklists or even use them in their library privacy work. Created in 2015, the Guidelines aim to assist libraries and library vendors in providing patron privacy guidance around library technology and services. The Checklists give more guidance in turning this guidance into actionable checklists for libraries to incorporate into their work. The Guidelines and Checklists have provided valuable advice and direction for many a library and library vendor alike throughout the years.

As the privacy needs of libraries change, so have the Guidelines and Checklists. Nevertheless, the growing complexity of privacy work means a new set of challenges for libraries to face. Alongside this increasing set of challenges is the need for a group of resources that are easy to understand and provide the tools necessary for library workers to advocate for privacy practices on all levels, from the public to administration to vendors. 

The Privacy Field Guides, an IMLS sponsored project in collaboration with ALA, aims to meet this need. These just-published guides offer practical guidance around major library privacy topics:

  • Data Lifecycles (If you’re familiar with our work at LDH, you might not be surprised that we helped out with the creation of this guide!)
  • Digital Security Basics
  • How To Talk About Privacy
  • Non-Tech Privacy
  • Privacy Audits
  • Privacy Policies
  • Vendors and Privacy

What sets these guides apart from other library privacy resources is that they serve as a starting point for library workers who are unsure where and how to start doing privacy work at their libraries. Each guide contains hands-on exercises where library workers can immediately impact how their library practices privacy. Does your library lack a privacy policy that patrons can easily read and understand? The Privacy Policy walks you through creating a draft privacy policy that is informative and readable for your patrons. The guides also provide talking points for library workers communicating about library privacy. How To Talk About Privacy focuses on building those talking points for a variety of audiences – be it patrons, administration, and everyone in between – but you will also find talking points in the other guides focused on specific topics, such as privacy in the vendor selection and contract negotiation processes or protecting patron privacy in physical library spaces.

These guides are a valuable addition to your library’s privacy toolkit and are a great way to start privacy discussions in your library. Take some time to go through the digital versions of the Field Guides and let us know what you think!

Before You Share a Patron’s Story, Part 2

A square white neon conversational bubble against a black wall.
Photo by Jason Leung on Unsplash

Welcome back to our series about responsibly sharing patron stories! Last week we talked about the importance of consent for libraries publishing stories about individual patrons. This week we get into the mechanics of consent and some of the complications around seeking consent to share particular stories.

A couple of housekeeping points before we get started:

  • This week’s post is pretty long! We decided to keep the post as-is instead of breaking it up into two more posts because we felt it essential to present the mechanics and complications of consent together in the same post.
  • We primarily focus on libraries sharing patron stories around events and services for marketing and outreach purposes. Consent also plays a critical role in library assessment and research. Though we will not cover specific issues around privacy and consent in this post’s assessment and research processes, we’ll touch on an overlap point between these two topics.

Asking for (Explicit) Consent

There are two types of consent. The first is implied consent. We encounter this through statements in public notices: “by using this service, you give us permission to use your posts, comments, and other content and likeness for…”. Many physical events still rely on implied consent through conspicuous signage depending on the intended use of the photographs and video and what is captured by the photograph or video (e.g., one patron vs. a group of patrons). Implied consent is passive, which means patrons have to seek out these notices and understand what they are consenting to by attending the program or using a service. Patrons might not even know that these notices exist, or they might not fully understand what might be shared by the library, leading to possible data and ethics breaches, among other consequences. Even when patrons share their own stories on library social media pages, some might not expect libraries to republish their stories in different mediums, such as an annual report or a fundraising campaign.

Instead, libraries should seek explicit consent, which requires affirmative action from the patron. When a library wishes to publicly share a story, quote, or other information about an individual patron’s library use, include at least the following in the ask to the patron:

  • Who you are
  • What information you wish to share and why
  • Where and who you want to share the information
  • How to contact you if the patron has any questions or concerns about sharing or privacy

The consent request should be informative and easy to understand. For example, a library can ask for consent to share patron feedback gathered through a program survey or evaluation form by creating a question asking the patron if the library has permission to quote the patron’s feedback in a library report or other publication. The library should also ask if the patron would like to have their name published alongside the feedback in case the patron would rather have their comment published without their name attached to it. In another example, the following is a sample message to a patron asking to share a patron’s post on the library’s social media page:

“Hello! I’m the outreach coordinator for the library. Thank you for sharing your story about our new service. Would it be okay to share your post in our weekly library newsletter to our patrons to show how other patrons benefited from our new service? Would you also be okay with being named along with the post in the newsletter? You can respond back to this message to us know if you would be okay with us sharing the post, and if you have other questions or concerns.”

However, if you wish to share the same story in the annual report, you will need to check back with the patron since the patron only gave explicit consent for publication in the newsletter. Reusing the story for the annual report without explicit consent can violate the patron’s expectations.

Gaining explicit consent can be more involved with events and programs, particularly when the event is being photographed and/or recorded for publication. Web-based programs and events might have consent features built into the application used to host the program, such as Zoom’s consent popup to users when a session is recorded. Physical events and programs can include consent forms before or at the event for presenters and attendees, particularly for individuals prominently featured in photographs or recordings of the event.

Consent Considerations Regarding Publishing Patron Stories

Some of you might notice one critical component missing in the earlier sample ask – the ability for the patron to withdraw their consent at any time. While libraries should honor the withdrawal of previously given consent when a patron requests that a library social media post mentioning them by name be taken down, the library must weigh potential consequences of making a patron’s use of the library public through sharing their story. The persistent nature of published information – physical or online – requires careful thinking and approach regarding sharing patron stories.

One consideration before asking for consent is the nature of the service or topic featured in the story or quote. Publicly associating an individual patron with a late evening study event at a college library does not carry the same potential harms and consequences as associating a particular patron who receives tutoring through a program at the same library. The latter could result in embarrassment and negatively impact relationships based on others’ perceived or actual judgment of the patron’s need for additional educational assistance while attending college. Some patrons in the latter group might be okay with the library sharing their comments about the tutoring program, and that’s okay! It is still the responsibility of the library to gain informed explicit consent before publication. The library should exercise caution with when and how they approach patrons in asking for their consent in publishing their stories depending on the sensitivity of the topic or service, particularly around any story that can reveal patron information about their identity or status, such as race/ethnicity, disability, or class status.

There are times when explicit consent cannot be not freely given. Sometimes this is because there are legal constraints as to the age where one can give consent (in the case of minors). Other times the power dynamic between people might compel or pressure someone to consent to something they wouldn’t have otherwise. Patron groups such as students, minoritized populations, and incarcerated people might feel compelled to consent based on the power dynamic between the individual and the library. Unlike research and assessment, where the Institutional Review Board (IRB) or ethics committee would address issues around consent with vulnerable participants, there might not be a formal process in place for marketing or outreach to locate and handle potential situations where patron consent is coerced, be it intentional or not.

For example, the public library is the only place to offer ESL classes in a rural town. The library reserves the right to use individual patron photos and stories from those classes for library publications. For a patron who is an undocumented immigrant, the publication of their personal data and likeness can put themselves and others in harm’s way. Because the library is the only place where they have access to ESL classes, the patron might feel compelled to consent to the library publishing their identifying photo or story in order to access a much-needed service.

In the example, the patron is likely to experience privacy harms – perceived or actual – through the library, not fully realizing the power dynamics that come into play when consenting to publish individual patron stories. Recognizing when patrons may not freely give consent can mitigate privacy harms. This recognition can also prompt a conversation about the intended purpose of publishing individual patron stories and the actual impact publication might have on the patron. When posting a feel-good patron story, good intentions do not cancel out the negative impact of exploiting specific patron stories (e.g., inspiration porn or performative allyship) for the library’s reputational or financial gain.

The Role of Consent in Sharing Patron Stories

Consent is vital in protecting patron privacy. Consent is also not an automatic “get out of jail free” card for the library when privacy harms are realized after publishing a patron story. Libraries need to recognize the importance of consent – as well as its limitations – in determining which patron stories to share with others. Consent gives patrons control over the “what and how” regarding the library sharing their story, but only if the consent is informed, explicit, and freely given. Taking the time and care around determining how to ask for consent can limit some of the potential pitfalls and limitations discussed earlier, such as recognizing when consent might not protect patrons from privacy harms or when consent might be coerced.

Some patrons are more than happy for the library to share their stories with the world, while others expect the library not to betray their rights to confidentiality and privacy. Nevertheless, libraries should not automatically assume that a patron sharing their story with others gives the library implicit permission to share on behalf of the patron. A patron might be comfortable sharing their story with others they know but might not be as comfortable if the library shared it with strangers. Having a consent process creates a check to protect patron privacy and not take advantage of the relationship the patron has with the library. The process of gaining informed, explicit, and freely given consent should not only take into consideration how the library can responsibly share a patron’s story with minimal privacy risk to the patron but feed into a larger conversation around patron control over how the library uses their information in both daily operations and public communications.

Before You Share a Patron’s Story: Part 1

A view of a street with the words "share with care" written on the pavement in white.
Image source: https://www.flickr.com/photos/4nitsirk/27234818658/ (CC BY SA 2.0)

We sometimes encounter a heartwarming story that restores a little of our faith in humanity during our regularly scheduled doomscrolling. In the library world, we commonly come across stories of people remembering the excitement they felt with getting their first library card or a book they checked out at the library that changed their lives for the better. Libraries also tell many heartwarming stories of how library services impacted patrons’ lives, be it homework assistance, language classes, or technology workshops. Sharing personal stories of how the library impacted the lives of patrons can not only provide a much-needed respite from doomscrolling and persuade the public by demonstrating the value libraries bring to their organization or community.

When Sharing is Not Caring, Depending on Who’s Doing The Sharing

Nevertheless, sharing individual patron stories about their library use is not without its risks. Take, for example, the now-deleted post from a university library telling a story about a student checking out books from the library for their mom during Covid lockdown. It’s a nice story, but one commenter asked if the library asked the student for their consent to publish their individual story. We soon learn afterward that the library fabricated the story. The library later explained that the fabricated story was an aggregation of personal stories from patrons.

Barring the issues around publishing a hypothetical story without clear disclosure that the story was not real, the problem of publishing individual patron stories is sometimes overlooked. Libraries must understand that a library sharing a personal patron story is different than a patron sharing the same story by their own volition in terms of privacy. These differences center around patron privacy expectations and consent.

Consent, or Why You Need to Ask Before Sharing

We know some patrons are eager to share their library stories with the world, and many of them do on their personal social media posts, talking with others, or even writing a friendly letter to the editor. What is the difference between a patron posting their story versus a library posting the same story? While the patron posting their own story is willingly sharing their story to the public, the library sharing the same story might violate the patron’s privacy rights. Library workers are obligated by professional standards, library policies, and legal regulations to not disclose patron use of library resources and services.

For example, if a patron finds that the latest post about a new service or resource in the library news blog features mentions them by name and the patron didn’t give the library permission to publish their name attached to the resource or service, the library committed two types of breaches: a data breach (through the unauthorized disclosure of data about a patron’s use of the library) and an ethics breach (through a patron’s expectations that the library would not share their activities at the library). Other examples of possible data and ethics breaches through library news posts and updates include:

  • Publishing historical checkout cards with patron names on the card
  • Posting historical reference questions that contain personal data about patrons
  • Announcing unscheduled library visits of notable people on social media or otherwise publicly broadcasting an individual’s presence at the library
  • Publishing identifiable patron stories and quotes (collected from surveys, feedback forms, focus groups, or individual interviews) in reports and research articles

There is one instance where a library sharing a patron’s story might not result in either breach, and that is when the library obtains the explicit consent of the patron to share their story. We’ll use GDPR’s definition of consent for this post – consent must be “freely given, specific, informed and unambiguous.” Asking consent gives the patron control over disclosing their use of library services and resources. It also allows the patron to choose what type of information is disclosed and where it is disclosed. One patron might be okay with the library posting their name and a quote about their experience at a library program. In contrast, another patron might be fine with the library posting a quote but not having their name attached to the quote. Each patron has their level of privacy preferences, and asking for consent informs the library what each patron is comfortable with in publishing their story. It is the responsibility of the library to respect the privacy preferences of each patron through the act of asking for consent.

The process of gaining consent to share patron stories might be as simple as sending a short message to the patron, but consent is much more than a “yes or no” question. Next week’s post will cover what explicit consent could look like depending on the ask. We’ll also discuss the considerations around the consent process around sharing patron stories, including one major consideration that tends to be missed in conversations about consent… you’ll have to check back next week to find out what that is, so stay tuned!

A Flurry of Privacy Bills, FLoC Flies Away, and a Smart Assistant’s Long Memory

Congratulations on making it through the first month of 2022! As we prepare to enter the second month of the year, let’s take a few moments to catch up on a few news items in the privacy world.

A Flurry of State Data Privacy Bills

State legislators wasted no time introducing the latest round of data privacy bills at the start of the legislative year. Some states are reviving previously introduced bills with the hopes of pushing them through in the new session, while other states are finally joining the bandwagon and introducing comprehensive data privacy laws for the first time since the rush for state data privacy laws began several years ago.

Out of all the states introducing bills this legislative session, all eyes are on LDH’s home state, Washington State. The Washington Privacy Act, which failed to pass multiple times in previous legislative years, is back. However, there are currently two other competing comprehensive data privacy bills. The first bill, the People’s Privacy Act, deviates from WPA in several key places, including stricter requirements around data collection and processing (e.g., requiring covered entities to obtain opt-in consent for processing personal data), biometric data handling, and a private right of action. The second bill, the Washington Foundational Data Privacy Act, is a new bill that brings the idea of creating a new governmental commission, something that the two other bills lack. Each bill has its strengths and weaknesses concerning data privacy. Nevertheless, if Washington manages to pass one of these bills – or a completely different bill that is still yet to be introduced – the passed data privacy bill will influence other states’ efforts in passing their privacy bills.

FLoC Flew Away

Rejoice, for FLoC is no more! We previously covered Google’s attempt to replace cookies and the many privacy issues with this attempt. The pushback from the public and organizations has finally led Google to rethink its approach. It also didn’t help that major web browsers, which were supposed to play a critical role in FLoC, refused to play along.

Google didn’t completely abandon the effort to replace cookies, nevertheless. Google announced a new proposal, Topics, as an attempt to create a less privacy-invasive alternative to cookies. It’s still early to tell if this FLoC alternative is truly any better than FLoC, but initial reports seem to suggest that the Topics API is an improvement. However, we did notice that some of these reports mention that users would be primarily responsible for understanding and choosing the level of tracking in browser settings. Ultimately, we are still dealing with businesses pushing tracking user activity by default.

Smart Assistants Have Long Memories

Have you requested a copy of your personal data yet? Even if you are not a resident of the EU or California, you can still request a copy of your personal data from many major businesses and organizations. This includes library vendors! Requesting a copy of your data from a company can highlight how easy it is for a company to track your use of its services. A good library-related example is OverDrive’s tracking of patron borrowing history, even though users might assume that their borrowing history isn’t being recorded after flipping a toggle to “hide” their history in user settings.

The latest example of extensive user tracking comes from a Twitter thread of a person going through the data Amazon has collected about her throughout the years, including all the times she interacted with Amazon Alexia. We’re not surprised about the level of data collection from Amazon – the tracking of page flips, notes, and other Kindle activity by Amazon has been a point of contention around library privacy for years. Instead, this is a reminder for libraries who are currently using or planning to use smart speakers and smart assistants to provide patron services that Amazon (and other companies) will collect and store patron data generated by their use of these services by default. This is also a good reminder that your smart speaker in your work or home office is also listening in on your conversations, including conversations around patron data that is supposed to remain private and confidential.

If you have a smart speaker (or other smart-enabled devices with a microphone) at your library or in your home office, you might want to reconsider. The companies behind these products are not bound to the same level of privacy and confidentiality as libraries in protecting patron data. Request a copy of data collected by the company behind that smart speaker sitting in the library. How much of that data could be tied back to data about patrons? How much do your patrons know about the collection, use, and sharing of data by the company behind the smart speaker at the library? What can your library do to better protect patron privacy around the smart speaker? Chances are, you might end up relocating that smart speaker from the top of the desk to the bottom of a desk drawer.