Libraries have long been committed to protecting patron records, but it might be said that we have not kept up with the technologies that challenge that commitment. I attended library school immediately following the passage of the USA PATRIOT ACT, and the conversations at the time were still surrounding circulation records. Fifteen years later, Protecting Patron Privacy: A LITA Guide (edited by Bobbi Newman and Bonnie Tijerina) makes a timely and essential entrance on the scene. The material covers basics (privacy law in the United States and library interpretations and applications), ethics, a discussion of how third-party systems trade information across systems, and it provides ideas for training staff and patrons. It is both a useful textbook for students pursuing their MLS degrees and an essential primer for all library workers. It is also written (mostly) in a manner very accessible to nontechnical public services people (at least, to this one).
The book most focuses on four topics: (1) foundations of privacy law and implementation of privacy practices in libraries; (2) ethics of library patron data collection and use; (3) third-party systems and their impacts on library patron privacy; and (4) training staff and patrons for more effective privacy protections. The chapters vary between being practical, theoretical, and descriptive. I find the balance works for the individual topics under discussion.
The four sections of the book are clearly organized and mostly excellent. The one exception is “Third-Party Services in Libraries” by William Marden. The material is too dense and not explained at the level of the majority of the book. My sense is that this chapter suffers from trying to force what should be a book in its own right into a single chapter précis. In its current state, the chapter raises more questions than it answers, but it certainly stands as enough of an introduction to allow readers to effectively research any questions they develop over the course of the reading. The subject matter is worthy of expansion, and I hope Marden will consider book-length treatment of the material.
Matt Beckstrom’s “Use, Security, and Ethics of Data Collection: Data Collection, Retention, Use, and Security” is an example of one of the highly descriptive chapters. Beckstrom provides information I personally have long wished to have—a narrative map of how library tools interact with each other and with third-party systems, identifying where patron information might pass from system to system, vendor to vendor. The elucidation of these complex systems, in a manner accessible to people who never work with the technical side of library systems, is incredibly valuable. I suspect this value is also present for many library staff working on the technical side. This chapter alone allows for asking more informed questions of our vendors and ourselves.
In addition to the excellent coverage of the material, Beckstrom’s chapter also excels at laying out one of the primary concerns of the book: that librarians interested in patron privacy recognize that privacy must be protected with decisions at the levels of collection, retention, and use, as well as how we share information about our patrons inadvertently or through ignorance.
The remaining chapters are all quite good. “Foundations of Privacy in Libraries” (Michael Zimmer and Bonnie Tijerina) and “Privacy Law and Regulation” (Michael Zimmer and Deborah Caldwell-Stone) should become required readings in Library Foundations courses. The chapters providing examples of staff and patron privacy training, “Privacy Training for Staff and Patrons: The Data Privacy Project at Brooklyn Public Library” (Melissa Morrone) and “Privacy Training for Staff and Patrons: Privacy Initiatives at The City University of New York (CUNY)” (Martha Lerski and Stefanie Havelka), were inspiring, so much so that I began designing workshops of my own after reading them. This book lends itself to that kind of practical action.