Some Elements of Library Privacy Policies

Introduction

• Committment to privacy
  • doesn't collect info
  • does collect info but doesn't retain
  • does collect info, retains to provide better service
• a statement that explains how protected information is, risks
• areas of vulnerability
  • chat rooms
  • message boards
• whether policy covers all host web pages or not

Why info collected

• to improve service, analyze trends
• create summary statistics
• to determine technical design specifications
• to identify system performance problem areas
• to prevent hacking (denial of service, changed info, hardware damage)
• to use for marketing

Type info collected

• i.p. addresses aggregate (by domain) or individual
• personally identifiable information
  • name
  • address
  • zipcode
  • email address
  • social security
  • credit card
  • bank account, password
  • birth date
  • gender.
• pages visited, aggregate and individual
• info volunteered by visitor
• info requested by host
• browsers used
• operating systems used
• cookies
  • no cookies
  • no persistent cookies

Who: who gets info

• only authorized personnel
• only this institution
• our marketing people
• 3rd parties
• law enforcement, if required, only if subpoenaed

Duration: how long info retained

• not at all
• short time
• specified amount of time

Opt out options

• you don't have to opt out as we consider you automatically opted out
• you can opt out only if you contact us

Intrusion Detection

• whether monitoring software is used
• which monitoring software
• why used

Links warning

• links may take users to other domains where privacy is not protected

Privacy policy review

• policies change, user should review again,
• time suggested (3 months, 6 months)

Definitions of terms

• personally identifiable information
• cookies
• opt out

Examples of info collected

• what is returned to computer when you access a web page

Contact

• how to contact host