New Resource: “A Practical Guide to Performing a Library User Data Risk Assessment in Library-Built Systems”
The following guide and worksheet were recently published by the Digital Library Federation’s (DLF) Privacy and Ethics in Technology Working Group.
A Practical Guide to Performing a Library User Data Risk Assessment in Library-Built Systems
John Mark Ockerbloom
From the Introduction and Scoping Statement
Libraries collect data about the people they serve every day. While some data collection is necessary to provide services, responsible data management is essential to protect the privacy of our users and uphold our professional values. One of the ways to ensure responsible data management is to perform a Data Risk Assessment. A Data Risk Assessment is a process of identifying data the library collects about users, understanding how it manages that data, identifying the risks associated with that data, and then selecting an appropriate risk mitigation strategy.
While libraries often have vendor-based data collection systems, we focus here on library-built systems that collect data. Such systems include stand-alone open source technology, as well as systems and data that interact with third-party products. There will naturally be some overlap of risks and mitigation strategies between library-built and vendor-built systems, but there are additional considerations when working with vendor-built technologies that are not addressed here and are worthy of consideration. This document covers important definitions to understand the different types of data that exist and what threats are associated with each, strategies that libraries can use to reduce the likelihood that the data they collect will harm anyone, and tools that could be helpful in performing a Data Risk Assessment.
Direct to Full Text Guide and Worksheet
See Also: Webinar Recording
Recorded April 29, 2020
Filed under: Data Files, Digital Collections, Interactive Tools, Libraries, Management and Leadership, News, Patrons and Users, Reports
About Gary Price
Gary Price (firstname.lastname@example.org) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. He earned his MLIS degree from Wayne State University in Detroit. Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com. Gary is also the co-founder of infoDJ an innovation research consultancy supporting corporate product and business model teams with just-in-time fact and insight finding.