SOPAG Privacy Task
Force
DRAFT 6/1/2001
Where privacy info is lurking and what might be done to protect privacy
|
Potential location of privacy info |
Library manages:
What might we do |
Others manage:
What might we do |
Library ILS |
|
|
|
Circulation records |
Delete individual identity when transaction is complete, track only by category |
|
|
OPAC search logs |
Log only category of user if possible If individual identify is logged, delete individual information as soon as possible, keep searching information by category only |
|
|
Overdue & billing records |
Keep only as long as required by institutional financial record policies Restrict access to authorized users only |
|
|
Paging from RLF and storage, both requests and transactions |
Delete individual identity when transaction is complete, track only by category |
|
|
Document delivery & ILL requests and transactions |
Delete individual identity when transaction is complete, track only by category |
|
|
Patron records |
Restrict access to only those staff members who have a legitimate need to consult |
|
|
Personalization profiles, including saved searches and sets |
Advise users of the privacy exposures involved in using personalization profiles Restrict access to only those staff members who have a legitimate need to consult Purge unused profiles regularly |
Advise users of the privacy exposures involved in using personalization profiles |
|
Search histories |
Advise users to close their searching session when complete Advise users of the privacy exposures involved in saving search histories beyond a session Limit the time that search histories are preserved beyond a session |
|
|
Downloads/emails of search results |
Don’t log downloads or emails of search results |
|
|
Z39.50 session logs |
|
|
|
Displays of patron borrower records, patron-initiated renewals, etc |
Time out displays Advise patrons to close session before leaving public workstations, lab machines, etc. Disable ability to use back button to re-display patron borrower screens |
|
Other public service systems |
|
|
|
Email reference queries and answers |
Delete messages as soon as answered. If answers are kept in a “knowledge bank” for re-use, delete information on the asker before saving. |
|
|
Digital reference queries and answers |
Don’t log reference queries and answers without user permission If logged, keep for limited amount of time (no more than 1 month) |
|
|
SDI profiles |
Advise users of the privacy exposures involved in using SDI profiles Restrict access to only those staff members who have a legitimate need to consult Purge unused profiles regularly |
|
|
Billing records for fee-based services |
Keep only as long as required by institutional financial record policies Restrict access to authorized users only |
|
|
|
|
|
Library server logs |
|
|
|
Library Web server logs |
Keep only those logs for which there is a clear and legitimate purpose Keep logs secure and limit access to authorized users only Delete log files frequently (at least monthly), keeping only aggregate data for statistics tracking |
Advise users to understand the logging practices and policies of any Web site visited. |
|
Proxy server logs (especially if using to track usage statistics) |
Keep only those logs for which there is a clear and legitimate purpose Keep logs secure and limit access to authorized users only Delete log files frequently (at least weekly) |
Advise users to understand the logging practices and policies of any proxy server used. |
|
Mail server logs |
Keep only those logs for which there is a clear and legitimate purpose Keep logs secure and limit access to authorized users only Delete log files frequently (at least weekly) |
Advise users to understand the logging practices and policies of any mail provider used. |
|
Usage statistics for digital library content, etc managed by the Library |
Keep aggregate statistics only, by category and not by individual user |
|
|
|
|
|
Library public workstations |
|
|
|
Local cache |
Erase cache frequently, preferably every day |
|
|
Cookies |
Advise users of the privacy exposures involved in using cookies Consider making cookie file read-only after installing cookies for any content sites of importance |
Advise users of the privacy exposures involved in using cookies |
|
Certificates |
Advise users to always password control on certificates? Erase certificate files frequently, preferably every day? [Not sure how feasible these suggestions are] |
Advise users to always password control on certificates |
|
Paper sign-up sheets |
Retain for limited amount of time only (no more than 1 week) |
|
|
Login records |
Retain for limited amount of time only (no more than 1 week) |
Advise users to inquire about retention policies |
|
Bookmarks |
Make bookmark file read only |
Advise users to delete personal bookmarks from shared machines |
|
Back button to return to previous patron’s screens |
Disable ability to “back” to patron record screens in applications likely to be used on public machines Advise users to close sessions before walking away |
|
|
Mail messages |
If mail allowed from public workstations, log messages for limited time (no more than 1 week) |
|
|
Peeping Toms (patron watching what her neighbor is doing) |
Consider installing privacy screens If possible, position workstations so screens can’t be easily seen from neighboring workstations. |
|
|
|
|
|
Network services |
|
|
|
Router logs |
|
|
|
SMTP gateway logs |
|
|
|
|
|
|
|
Licensed content
vendors, other remote Web sites |
|
|
|
Login prompts |
|
|
|
Personalization profiles (such as PubMed Cubbies |
|
|
|
Usage statistics |
|
|
|
Service offers for personal information (“give us your email address and we’ll notify you of new titles in your area of interest”) |
|
|
|
Server logs |
|
Include proper and secure logging practices and procedures in contract Advise users of limits to library privacy protection when using remote sites. Monitor server privacy policy statements for acceptable practice |
|
|
|
|
Logs for Outsourced Services |
|
|
|
Web hosting |
|
Include proper and secure logging practices and procedures in contract Advise users of limits to library privacy protection when using remote sites. |
|
Proxy services |
|
Include proper and secure logging practices and procedures in contract Advise users of limits to library privacy protection when using remote sites. |
|
Contracted surveys and user studies |
|
Include proper and secure privacy protection in contract. Ensure that studies adhere to UC policies for the protection of human subjects |
|
|
|
|
Directory services |
|
|
|
Directories for users to search |
Be sure that directory is “FERPA aware” Allow users to choose to “opt out” of being listed for public view |
|
|
Directories for application queries |
Be sure that directory is “FERPA aware” Limit the amount of personal info returned to applications Control access to the directory to trusted applications only Document clearly what information is provided and to whom |
|
|
|
|
|
Email services |
|
|
|
Mail message files |
Ensure management is consistent with UC policy on electronic communication Keep files secure and limit access to authorized users only |
|
|
Mail server logs |
Keep only those logs for which there is a clear and legitimate purpose Keep logs secure and limit access to authorized users only Delete log files frequently (at least weekly) |
|