We’ve been getting a lot of questions lately about the Library’s privacy efforts and what patrons can do to increase their privacy when using Library resources, so we sat down with Becky Yoose, The Seattle Public Library’s Library Applications and Systems Manager, to find out more about privacy at the Library.
What is your role in the library’s patron privacy efforts?
I have many roles! The first role is to ensure that the data we collect for evaluating services places as little risk as possible in identifying individual patron activity. Essentially, making sure that we are not unnecessarily storing personally identifiable information about patrons themselves and what the patrons do, like checkouts or computer sessions or reference questions.
Another role is working with the IT Director in making sure that the vendors follow the confidentiality policies that the Library has in place, ensuring that they are treating patron data as securely as we would treat it. The third role that I have is with the Open Data Initiative for the City – I am the privacy champion for the Library.
What are the three most important things that library patrons should know about their privacy at the library?
One of the things they should know is that we are dedicated to making sure that their activity within the library, their use of library services and items and resources, stays private.
A second thing is when working with vendors, we try our best in making sure that anything surrounding sharing information to the public or tracking patron activity, like a feed like you would see in BiblioCommons (our library catalog), is opt-in instead of opt-out. A lot of people want to share what they are reading, but at the same time another whole set of patrons do NOT want any system to keep a history of what they are reading. We have to accommodate both groups, and the best way to accommodate both groups is to have opt-in as default.
Third, we do not keep track of the web searches or the activity done in computer sessions, either while using Library computers or while connected to the Library’s network. Data regarding activity during a computer session is deleted from the library’s records and at the end of a session, all information on that computer is deleted and an entirely new “image” that contains the operating system and all applications is loaded onto the computer. The only thing that is left is the de-identified data, saying we had a computer session at this time, at this date, at this location, and that is it. Not attached to a name, not attached to a patron record.
What do you think is the biggest challenge the Library faces when trying to protect patron privacy?
How much room do you have left? Oh, goodness, what is the biggest challenge? I would say working with vendors. We need to make sure that our vendors are securing patron data on their sites and services at the same level that we would want to protect that activity on our end if it was happening on our own servers. And sometimes vendors do not understand the importance of opt-in verses opt-out for patron services, which leads to some services provided by these vendors being opt-out by default. A good example of this opt-out as default is highlighted in the privacy notice when you are on the Bibliocommons login page. We try to communicate these opt-out defaults to patrons when possible.
What do you think is the most important thing for library patrons do to further protect their privacy when using the library’s materials?
A very good way of doing that is to be sure that you check your privacy settings in your BiblioCommons account: see if your shelves and lists are set to private and check to see if Borrower History is turned on. If it is, and you don’t want it to be turned on, turn it off. Check privacy settings on your accounts with other library services like Overdrive, Zinio, and Library Elf. One thing that patrons should think about is how much they are willing to do for convenience and how much are they concerned about privacy. Think about what are you comfortable with in terms of sharing your library use, and then going from there.
What can library patrons do to further protect their privacy when using the library’s computers?
One important thing to know is that the Library routes all Internet traffic through a small number of network interfaces before the traffic goes to our Internet Service Providers, making it appear that all traffic that originates from the Library is coming from these several devices. Nothing identifies the particular machine being used. In addition to this, you are able to install applications and software on the Library’s public computers, such as the Tor Browser.
What are some of your favorite resources for people who want to learn more about protecting their privacy?
San José Public Library has a great Virtual Privacy Lab. The Electronic Frontier Foundation has a handy Surveillance Self-Defense Security Starter Pack. For library-specific information there is the American Library Association’s Office of Intellectual Freedom, and the ACLU keeps track of emerging issues. As a woman in technology, I also like to share that there are ways to protect yourself against online harassment and defend yourself when people are actively trying to invade your online privacy or dox you.
Thank you, Becky!
Want to know more about the Library’s privacy policies? Here are the Library’s official Confidentiality of Patron Information and Website Privacy Notice. Public computer and Wi-Fi use are also subject to the Public Use of the Internet policy as well as the Library’s Rules of Conduct.
– posted by Robin R.