Task Force to Develop Model Policy on Privacy for Library-Provided Digital Services

Background

Working Documents

  • Farb's List of Privacy Legislation and Policy
  • Ryan's Grid of Potential Privacy Problems Latest (July 18)
  • Snow's List of Elements of Privacy Policies
  • Snow's Survey of Library & Museum Privacy Policies (Excel Spread Sheet)
  • Coyle's sample short privacy policy (revised)
  • Coyle's sample detailed privacy policy
  • Snow's statement on archives and other units
  • CDL Mockup: Creating a Library Systems Privacy Policy
  • Creating a Library Privacy Policy
  • Privacy Audit and Guidelines

    • Deliverables

    The deliverables of this task force will be:

    1. Guidelines for a library digital systems privacy audit, including a checklist of areas where library systems can have an impact on privacy.
    2. Some recommended best practices related to privacy for library systems.
    3. A model privacy policy that can be developed from the results of a library privacy audit.
    4. A suggestion that libraries add "privacy literacy" to their bibliographic instruction and use the library to promote the awareness of privacy issues.

    Schedule

    DateDeliverables
    April 23Send any info gathered to KC prior to meeting
    May 14Send any info gathered to KC prior to meeting
    June 11We will discuss our findings. All drafts must be sent to KC by June 1.
    July 2First draft of recommendations will be discussed
    July 23Final draft of recommendations for SOPAG

    Note: All calls are on Mondays, from 10:00 to 11:00/11:30. KC will set up conference calls.

    Document to SOPAG for discussion in August. (Get SOPAG August meeting date; deliver one week before.)

    Basic issues:

    1. How do we define library? Do we include archives, slide libraries, museum libraries? (It was noted that archives often have a different policy about patron records, including the obligation to maintain records "forever" in the service of the patrons.
    2. The library privacy goal relates primarily to the ethic of intellectual freedom. The task force will emphasize this goal in its recommendations, not privacy in a more general sense.
    3. How do we define privacy and the library's obligation to privacy? Is it: Do not disclose information, or is it: do not disclose without explicit permission? We need to come up with definitions of privacy, confidentiality, and of security, and determine where we draw the line in terms of the role of this task force.
    4. Employee privacy is also an issue, but will not be addressed by this task force.
    5. What is "personally identifiable information?" We have to assume that almost all information that is gathered over time that tracks a user's behavior could eventually become personally identifiable.

    Minutes of Meetings