Digital Privacy & Technology Guide: ILS Data & Vendors
This guide provides an overview of digital privacy and the tools needed to protect libraries and its users, and thwart surveillance of our communities. This guide was developed by Library Freedom Project and Massachusetts Library Association.
Any information about an individual maintained by an agency, including any information that can be used to distinguish or trace an individual‘s identity and any other information that is linked or linkable to an individual.
One who is responsible for holding valuable information for a beneficiary and protecting that beneficiary's interests, as described in this 2014 post by Jack M. Balkin.
Two learning modules designed to strengthen librarian's understanding of what happens to patrons’ data and best practices for patron privacy. Learners will review data flows for common tasks at the library - writing an email, web searching, borrowing eBooks - and learn common influences on data flows - state/federal law, library data privacy policies, and company policies.
January 2021 article from the Journal of Business Research that provides an overview of methods to reconcile the competing needs to secure patron privacy and to gather actionable analytics about their activity.
Get acquainted with the modern language of privacy using definitions provided by the International Association of Privacy Professionals.
Datatypes Within the ILS
When working with ILS data and vendors it is important to note the types of data that each organization may have access to. Following are the types of data commonly exposed within such systems:
Patron
Information pertaining to patron accounts and personally identifying information about those patrons
User
Information pertaining to staff accounts, including permissions and logins
Holdings
Details of the materials owned by your library such as MARC records
Transactions
Patron and user activity within the system such as checkouts, holds, fines and orders
System
Details of system settings and behaviors
Metadata
Descriptive information within the system such as the labels used for formats and locations or types of patrons that may exist
Privacy Checklists for LMS, ILS, OPACs & Discovery Systems
ALA's Privacy Guidelines are intended to provide libraries using LMS with information about appropriate data management and security practices in respect to library users' personally identifiable information and data about their reading habits and use of library resources.
ALA's checklist is intended to help libraries of all capacities take practical steps to implement the principles that are laid out in the Library Privacy Guidelines for Library Management Systems (LMS) / Integrated Library Systems (ILS).
Provide libraries with information about appropriate data management and security practices in respect to library users' personally identifiable information and data about their reading habits and use of library resources.
ALA's checklist is intended to help libraries of all capacities take practical steps to implement the principles that are laid out in the Library Privacy Guidelines for Library Websites, OPACs, and Discovery Services.
Jeremy Goldstein, Data Curation Librarian for the Minuteman Library Network, offers a primer on considerations to take when working with vendors or systems.
Digital Library Federation's guide to a Data Risk Assessment, which they describe as a process of identifying data the library collects about users, understanding how it manages that data, identifying the risks associated with that data, and then selecting an appropriate risk mitigation strategy.
Risk assessment worksheet developed by the Digital Library Federation for A Practical Guide to Performing a Library User Data Risk Assessment in Library-Built Systems
Conducting a Privacy Audit of your library's various vendors? Consider using Library Freedom Project's audit worksheet to help you through the process!
This project seeks to use the power of library licensing agreements to effect change in third-party platform practices in order to bring them into alignment with library values of privacy, confidentiality, and respect for user control over their own data.
This rubric evaluates data privacy criteria in content platform vendor contracts and privacy policies and aims to assist libraries in identifying potential data privacy risks so that libraries can determine how to address these risks with vendors.
This IFC Privacy Subcommittee-sponsored town hall discusses concerns around privacy that are arising as libraries move to digital platforms and remote services during the COVID-19 pandemic.
The Markup explores what this common phrase means, what it doesn’t mean, and how you can avoid being caught up in the false illusion that “we do not sell your data” creates.