December 14, 2017

Canada: “Patrons’ Data Not Kept in U.S.: Regina Public Library Head”

The article reports on a questions about where servers housing patron data are physically located after a Regina Public Library (RPL) patron received an automated telephone call from a U.S. number about a book he had reserved. The library, part of the Saskatchewan Information and Library Services (SILS) Consortium, migrated to a new ILS last week.

From The Leader-Post (Regina, SK):

[Jeff] Barber, [SILS Consortium president] who is also the RPL [Regina Public Library] director and CEO, said SILS was unsuccessful finding a Canadian company to send automated telephone messages to clients about overdue, or held, books. Part of the search was creating the option for library users to choose between receiving notifications via phone call, text message, email or traditional mail.

“We’re not storing our data in the U.S. We’re not keeping patron data exposed outside the country,” Barber said, adding that SILS worked closely with the office of the privacy commissioner during the process. Mandrill and Twilio, American companies contracted by SILS, are able to access British Columbia servers that now house Saskatchewan library users’ information.

They can pull a client’s name and either their phone number or email address to send the message. After sending the message, the company erases the content and client’s personal information, Barber said.

Read the Complete Article (505 Words)

Note from Gary Price, infoDOCKET Founder/Editor: We wanted to quickly point out that while the SILS Consortium worked to make sure data was stored in Canada, the new catalog (example) sends user queries, that can be tied to a specific user device, over the Internet unencrypted.

We’ve written about this issue many times. It occurs with both library catalogs and vendor databases GLOBALLY. In other words, SILS is one of many (if not most) libraries that need to be aware of this issue and work with vendors to correct this issue.

We believe the entire online research process, both user data and search queries, need to be encrypted.

If Wikipedia, The Wayback Machine/Internet Archive, Google, Scribd, and many other large web sites that involve search can encrypt the entire online process, including search, there is no reason why the library community can’t do the same thing.

Gary Price About Gary Price

Gary Price (gprice@mediasourceinc.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. Before launching INFOdocket, Price and Shirl Kennedy were the founders and senior editors at ResourceShelf and DocuTicker for 10 years. From 2006-2009 he was Director of Online Information Services at Ask.com, and is currently a contributing editor at Search Engine Land.

Share