Online data privacy and the role of library staff

July 14, 2017

Share this story


by Aude Charillon, Library and Information Officer, Newcastle Libraries and Carnegie Partner

This is part of a blog series examining the theme of online data privacy and public libraries. More information about the wider project can be found here.

 

In the previous blog in this series, Catherine Stihler highlighted that we are not always aware either that we are being tracked or what really happens to our personal data. That’s one of the reasons I believe we library staff have a role to play regarding data privacy – we can simply do more of what we already do in other fields, that is: enabling citizens to make informed decisions. In this case that could mean equipping citizens with the knowledge of how their personal data is used when they access digital services and with the skills needed to take steps to protect their information.

 

Being transparent about our own services

You are usually asked for your personal details when you become a member of a library, but are library staff being clear when you join how long we keep this information for and where it is stored? Are there library authorities in the UK that clearly state how long book borrowing history is retained? If you use a computer in your local library, are you being made aware that your Internet browsing history is being recorded and how many months it is kept? When you use an online service your library subscribes to on your behalf (e-books, dictionaries, digitised newspaper archives, etc.), do you know what happens to your data?

Citizens have a right to know what information we keep about them when they use their local library. On the study trip to New York, we met Bill Marden, the Director of Privacy and Compliance at the New York Public Library (NYPL), who told us how NYPL reviewed its privacy policy and took steps to make it more widely known to both staff and users of the library. Deborah Caldwell-Stone, Deputy Director of the American Libraries Association’s Office for Intellectual Freedom, also highlighted the Office’s privacy guidelines and checklists for US libraries.

At Newcastle Libraries we do not (yet) have a formal privacy policy – though being more transparent about the information we collect when citizens use our services is something we have recently started working on. You may be shocked when for example you learn how long we keep your Internet browsing history (I was); it may not be something we can change because of legal requirements, but at least when you use our computers to access the Internet you are informed of what we do with your personal data.

 

Equipping citizens with the skills to protect their privacy

Another facet of the role of library staff is to support citizens in gaining the digital skills needed to protect their privacy. Privacy is about choice: you need to be aware of the risks to your personal data online and of the tools that may help you protect it better to then be able to make an informed choice of whether to take steps to actively protect your privacy.

For library staff to explain to citizens what happens to their data on the Internet and recommend privacy-enhancing tools, we need to learn about those ourselves. In the US initiatives like the Library Freedom Project have been delivering training to librarians. While we were in New York we met Melissa Morrone from Brooklyn Public Library and some of the other partners involved in the Data Privacy Project – a training programme that was delivered to groups of library staff from across New York City and which has been adapted as short online learning modules. In the UK, the Scottish PEN with support from the Scottish Library and Information Council (SLIC) and CILIP in Scotland has been delivering workshops on privacy and digital security for library and information professionals.

There are many ways we can engage citizens on privacy issues, such as incorporating online security and privacy into our existing digital literacy programmes or hosting specific events to discuss the issues and/or learn about the tools. We do not need to do this alone, especially if we feel our own knowledge is not quite up to scratch. Both Newcastle and Manchester Libraries partnered with members of the Open Rights Group to host CryptoParties – informal events where citizens can discuss, learn and share their knowledge of tools to protect their privacy and electronic communications.

The two points I detailed above are not the only actions we library staff can take to defend citizens’ rights to privacy. Another would be to review (reduce) how long we keep your information, and another to offer an Internet browser on all our computers with privacy-enhancing features. However, I think being transparent about what we collect when citizens use library services and equipping citizens with the skills to protect their privacy online are the basics – the “easier” steps that library staff in all public library authorities across the UK should consider.