Welcome to this week’s Tip of the Hat! We at LDH are furiously getting ready for ALA Annual next week, and the Executive Assistant is bummed that she was not able to register for the conference. It appears that the only cats that are allowed at Annual are Baker and Taylor. Worry not, for the Executive Assistant has lined up someone to go in her place. You will get a chance to meet this new team member if you are heading to Annual. Stay tuned…
In the meantime, it’s Monday, and Mondays are the best days to talk contract renewals, right?
Last week Samantha Lee wrote about the upcoming changes to Lynda.com’s authentication process for library patrons, which would require patrons to either create or link a LinkedIn account to use their library’s Lynda.com subscription. Lee details the various issues surrounding patron privacy with this upcoming change:
LyndaLibrary had access to library card numbers for verification purposes. With the proposed change to require patrons to get LinkedIn accounts to access the Lynda resources, LinkedIn Learning would have access to more personally identifiable information than they would have as LyndaLibrary. To get a LinkedIn account, patrons would need to provide an email address and their first and last names. This is more PII than other library e-content vendors would require (OverDrive requires library card numbers only, Hoopla requires a library card and email). After a user creates an account, they are prompted to then add employment history and import their email contacts – under the presumption to help users expand their professional network. So LinkedIn would not only have patron information, but also information for others who did not agree to use its platform. [emphasis added]
In the post, Lee pointed out that several libraries have already decided not to renew their Lynda subscriptions. In the comments section, two commenters related their less-than-positive experiences in asking their vendor representative about the proposed changes, as well one commenter a vendor representative, explaining why the changes were being made.
This recent change highlights the long-standing tension between libraries and vendors regarding patron data. As Lee mentioned, other vendors do use some patron data to verify that the patron is with that particular library and can use the service. This tension is complicated by a number of factors, from the administrative (what data is being collected and why) to the technical (what data is needed for the service to function). Cloud-based applications add another layer of complicating factors, particularly if third-party contractors (sub-contractors) are involved in providing the infrastructure or other services for the application, which then increases the number of potential people that have access to patron data.
Some libraries use the contract negotiations and/or renewal phases to include contract clauses holding vendors to privacy and confidentiality policies set by the library, along with other privacy and security requirements surrounding patron data. Other times vendors work with libraries to create privacy-driven development and practices, closely aligning their applications to the standards of privacy laid out by libraries. And then there are times when vendors are proactive in creating a service or application with patron privacy in mind!
The Lynda.com change seems to be following the usual conflict pattern if you read through the comments – libraries pushing vendors for changes, vendors pushing libraries about why the changes are necessary. Sometimes, though, one party leaves the negotiations in hopes to gain an advantage over the other party. This is not without risk. Considering that many library patrons use Lynda.com for professional development and learn much-valued technical skills, some libraries might hesitate leaving the Lynda.com contract on the table. Nonetheless, some libraries are taking that risk in hopes that if there is a critical mass of unsigned contract renewals, then the vendor would have to respond to their requests. As Lee states, “If LinkedIn Learning cannot take our profession’s concerns seriously… then we can and will take our business elsewhere. Maybe then they will be willing to adopt the changes we require to protect patron privacy.” There is already some momentum for this strategy as mentioned by Lee and the commenters, and perhaps we might observe a critical mass sooner than later.