Dr. David Weinberger is the Director of the The Harvard Library Innovation Laboratory at Harvard Law School, the host of the new Library Lab/The Podcast, blogs at Joho The Blog, and has been published in a number of publications including several articles linked to directly from home page of Joho the Blog. Dr. Weinberger’s bio is available here and includes info/links to all of his books.
The other day Dr. Weinberger posted an excellent piece on the web site for the upcoming Hyper-Public: A Symposium on Designing Privacy and Public Space in the Connected World taking place at Harvard in early June.
The column is titled, “Rebooting Library Privacy in the Age of the Network” and it’s well worth your time to read and discuss.
Now, just like Raganathan’s “Five Laws of Library Science” we know have Weinberger’s “Three Laws of Library Privacy.” Here they are:
1. Users own their data.
Users decide who has access to the data about their own interactions with the library and what may be done with that data.
2. The library fiercely protects the decisions made according to Principle #1.
The library enforces the user’s decisions about privacy, and enables public and social access in accord with the user’s decision.
3. The library is transparent, except where it affects Principles #1 or #2.
The library is transparent about its principles, and about how it is handling users’ decisions about privacy, except when such transparency would betray information users have decided not to make public or social.
One of many questions we would like to discuss with Dr. Weinberger is what does the continuing decentralization of library resources mean for library staff and users as it relates to privacy? In theory, decentralization shouldn’t mean a thing. The importance of library privacy, being vigilant about it, and fiercely protecting it is more important now than ever before.
Decentralization in this case means that a number of companies and people outside of the direct control of the the library have potential access to user data.
Users electronic requests for data have to leave the library, traverse the Internet, and then return back over the Internet. A few years ago (literally) a lot of data (tapes, CD-ROM’S, print materials. etc.) were all handled by the library or by a nearby university run IT department.
So, there are a lot more eyes and hands that have to handle the data going both ways. In many cases a library has no control over those who even have the remotest potential of getting access to user data. Of course, strong security is essential but unfortunately it’s far from a guarantee that problems will not occur.
So, what do we require of data providers/vendors? Are there any requirements they need to meet? How do they screen job candidates? What type of training do new hires receive?
Do we need to start some type of certification? What about the companies the vendor hires to transport the data or repair broken machines? How is it data destroyed?
Finally, since it’s likely that something will go wrong at some do libraries need to put some sort procedures in place if/when something does go wrong? As Dr. Weinberger correctly points out library transparency is very important.