As editor of the Journal of Intellectual Freedom & Privacy, I’m excited to present the journal’s first special-themed issue on Privacy.
Within libraries, a patron’s intellectual activities are protected by decades of established norms and practices intended to preserve patron privacy and confidentiality, most stemming from the American Library Association’s Library Bill of Rights and related interpretations. As a matter of professional ethics, most librarians protect patron privacy by engaging in limited tracking of user activities, instituting short-term data retention policies, and generally enabling the anonymous browsing of materials. These are the existing privacy norms within the library context, and the cornerstone of what makes up the “librarian ethic.”
However, these norms are being increasingly challenged from numerous fronts: law enforcement and government agencies continuously pressure libraries to turn over data on patron activities; Library 2.0 and related cloud-based tools and services promise to improve the delivery of library services and enhance patron activities, yet require the tracking, collecting, and retaining of data about patron activities; and given the dominance of social media—where individuals increasingly share personal information on platforms with porous and shifting boundaries—librarians and other information professions are confronted with possible shifts in the social norms about privacy.
With valuable insights from library practitioners, information technology professionals, compliance officers, and academic researchers, the work gathered in this special issue engages head on with this growing challenge to longstanding privacy norms within libraries.
The special issue includes two feature articles exploring the privacy implications of the growing practice of leveraging patron data to enhance library services. In “Balancing Privacy and Strategic Planning Needs: A Case Study in De-Identification of Patron Data,” Becky Yoose, library applications and systems manager at Seattle Public Library, discusses how libraries increasingly seek information about specific patron demographic groups to provide effective targeted programs and services while recognizing that such collection and use of patron data might jeopardize patron privacy. Using the recent planning and implementation of a data warehouse and de-identification plan at Seattle Public Library as an example, Yoose details how libraries can both be “data-informed” and remain protectors of patron privacy through the use of de-identified patron data within their data warehouses.
In “Privacy Policies and Practices with Cloud-Based Services in Public Libraries: An Exploratory Case of BiblioCommons,” Katie Chamberlain Kritikos and I, from the University of Wisconsin-Milwaukee Center for Information Policy Research, report on the results of a pilot research study investigating how libraries are implementing third-party cloud computing services, how these implementations might affect patron privacy, and how libraries are responding to these concerns. After examining policies and records from thirty-four public libraries that use the cloud-based BiblioCommons discovery layer, we provide recommendations for tailoring privacy policies, practices, and patron communication for other libraries seeking to leverage cloud-based patron services.
Complementing these two feature articles, this special issue includes four short commentaries that provide helpful insights on various privacy-related issues for librarians and information professionals. First, in “The Path to Creating a New Privacy Policy: NYPL’s Story,” Bill Marden, director of data privacy and compliance at New York Public Library, gives us an insider’s view of the process—and the philosophy—the drove NYPL’s recent update to its patron privacy policy. Second, Jessica Garner, a librarian at Georgia Southern University, provides additional advice for libraries seeking to communicate better with patrons—as well as the public—regarding the importance of privacy in her commentary, “We Can’t All Be Rock Stars: Reaching a Mass Audience with the Message of Library Privacy.” Next, Mike Robinson from the Consortium Library at University of Alaska Anchorage, shares pragmatic guidance in “How to Get Free HTTPS Certificates from Let’s Encrypt,” detailing his experiences moving his library’s servers and services to Let’s Encrypt to provide more security and privacy for their systems and patrons. The fourth commentary, “Libraries and the Right to be Forgotten: A Conflict in the Making?,” by Eli Edwards, summarizes the challenges libraries will inevitably face in the wake of recent European court rulings that suggest personal information that is irrelevant, outdated, or inaccurate should not be readily accessible to the general public.
The special issue closes with Rudy Leon’s thoughtful review of the new book Protecting Patron Privacy: A LITA Guide, co-edited by Bobbi Newman and Bonnie Tijerina, and published through the Library Information Technology Association.