Friday, September 16, 2005

Some notes from LE@D Workshop on Library Privacy

The Texas State Library and Archives Commission has this little program known as LE@D (Library Education at Desktop), which provides online tutorials and workshops on various topics of interest to librarians. I recently completed the online workshop for the topic of "Library Privacy and Confidentiality Law and Policy." This post is mostly for me to keep some notes; if others find it helpful, then so much the better. For the most part, these little workshops are free and do not take longer than an hour to complete. They make for a nice simple way to get some professional development and learn a thing or two.

  • Privacy is implied from the Bill of Rights, from the 1st, 4th, and 5th Amendments. The right to privacy is not mentioned until the Warren and Brandeis article "The Right to Privacy," published in Harvard Law Review (1890). They introduced the idea that we have the freedom and right to expect our tangible possessions as well as our intangibles (personal information: thoughts, beliefs, sayings, reading) "to be safe from public intrusion."
  • Various rulings have explored and expanded this idea of privacy.
  • In legislation, there was the 1966 Federal Freedom of Information Act and the 1974 Federal Privacy Act.
    • FOIA allows persons to request access to federal agency records. It includes provisions for protecting private individual information in those records. In response, states adopted their own open records laws.
    • 1974 Privacy Act: ensures protection of individual privacy from data collected by the government. Prevents agencies from sharing the data. Allows individuals to view, copy, and correct their own records.
  • 1986: Electronic Communications Privacy Act updated wiretapping to electronic medium, protecting en route communications.
  • 1994: Communications Assistance for Law Enforcement Act: forces telecommunications carriers to design systems so law enforcement can tap them if necessary.
  • 2000: COPPA (Children's Online Privacy Protection Act). Requires commercial websites to document parental consent to collect "personally identifiable information from children." It does not mean librarians must reveal what a child views on the Internet or reads.
  • 2000: CIPA. Passed on December 2000, it was upheld by the Supreme Court in 2003. This is the one that requires filters of Internet terminals in institutions that receive federal E-rate or Library Services and Technology Act funding.
What librarians need to know: protocols, cookies, and transaction logs. On logs, they keep IP addresses, dates, times of visits from a user. This, combined with a sign-up sheet, can track a user's internet movements.

PATRIOT Act (2001).
  • Two sites to look over: and
  • Section 215 of the PATRIOT Act allows the Fed access to library records.
  • Section 216 allows for monitoring of computer use.
The library should have a privacy policy in place. It should explain clearly and concisely:
  • that following ALA Policy, the library aims to provide confidentiality for all its users.
  • that library use is protected by state law. The library policy should give concrete examples of privacy protections. For example, when books are returned, the circulation record is erased.
  • that personally identifiable information is gathered or logged, such as e-mail, and this information is covered by the library.
  • that someone from the library (state a name and a job title) can answer questions about privacy and the library.
Some sample privacy policy topics librarians may need:
  • library internet/e-mail use
  • children's records
  • children and then internet
  • privacy of borrower records
Other policy related items that librarians need to know:
  • ALA privacy related policies
  • State public information laws
  • Specific guidelines to follow in the event of a visit or inquiry from law enforcement agents regarding user records.
  • Specific guidelines to follow for receiving court orders, such as search warrants and subpoenas (there is a difference. The warrant has to be executed right away; a subpoena you can wait and pass on to legal counsel to reply).
The library administration needs to assure that a privacy policy is in place and available to all users. It also needs to be posted on a website, if the library has one.

Overall, this is quite a bit of information to think about. Given some current events, issues such as this become more important, so librarians may want to be asking questions, checking on their policies, and seeing what is done at their libraries and what needs to be done.

Update note: As if they knew, I just found this through Docuticker, a link to a white paper on how the War on Terror affects your right to know. The paper is here. By the way, when it comes to government related stuff, Docuticker is a great place to keep up. I may read this and post on it later. In the meantime, readers feel free to go over and have a look.

No comments: