Librarians have historically taken a strong stand on protecting the privacy of their patrons. But how well they accomplish this varies widely with the size of a library, and technology has made it more difficult, according to the first study of privacy practices and challenges in public libraries.
Because no study on this topic had been done before, Bashir and her research group wanted to find out what the current practices and challenges were for public libraries, she said. The team conducted an online survey of public library employees across the country, asking questions about employee training, whether the library published information relating to privacy protections, the processing of law enforcement requests, the use of secure storage methods and responses to data breaches.
The survey was followed by virtual sessions with library information technology employees.
“Technology has really changed the landscape and libraries are becoming much more digitally focused,” Bashir said.
[Clip]
More than 800 library employees completed the survey, and most of the respondents worked at small libraries. The size of the library, as measured by its number of cardholders, was the main factor in the level of privacy protections it provided. Larger libraries were more likely to have an information technology employee or someone dedicated to privacy protection. Rural libraries lacked those resources and often had to share such services with other small libraries.
Nearly all the libraries offered basic protections such as the secure disposal of sensitive data. While two-thirds of the respondents said their libraries provide privacy training to employees, 21% of those said the training was not mandatory and less than one-third had received training in the past year. Two-thirds of the participating libraries did not publish any information for patrons on how to protect their privacy, and more than two-thirds had no documented plan for handling data breaches.
Even more alarming to Bashir: For some libraries, particularly smaller ones, their only online presence is through social media rather than their own website.
“That is very troubling. Facebook collects a lot of data – everything that someone might be reading and looking at. That is not a good practice for public libraries,” she said.
[Clip]
“Public libraries are used by a lot of people in lower socio-economic groups. Privacy protections for these groups are even more important because they are vulnerable populations,” she said.
Gary Price (gprice@gmail.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area.
He earned his MLIS degree from Wayne State University in Detroit.
Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com.
