The following guide and worksheet were recently published by the Digital Library Federation’s (DLF) Privacy and Ethics in Technology Working Group.
John Mark Ockerbloom
From the Introduction and Scoping Statement
Libraries collect data about the people they serve every day. While some data collection is necessary to provide services, responsible data management is essential to protect the privacy of our users and uphold our professional values. One of the ways to ensure responsible data management is to perform a Data Risk Assessment. A Data Risk Assessment is a process of identifying data the library collects about users, understanding how it manages that data, identifying the risks associated with that data, and then selecting an appropriate risk mitigation strategy.
While libraries often have vendor-based data collection systems, we focus here on library-built systems that collect data. Such systems include stand-alone open source technology, as well as systems and data that interact with third-party products. There will naturally be some overlap of risks and mitigation strategies between library-built and vendor-built systems, but there are additional considerations when working with vendor-built technologies that are not addressed here and are worthy of consideration. This document covers important definitions to understand the different types of data that exist and what threats are associated with each, strategies that libraries can use to reduce the likelihood that the data they collect will harm anyone, and tools that could be helpful in performing a Data Risk Assessment.
Direct to Full Text Guide and Worksheet
See Also: Webinar Recording
Recorded April 29, 2020