Slide 1

Protecting Library Users' Privacy in a Digital Age Swedish Library Association May, 2014 Barbara Jones, American Library Association

Slide 2

The Shifting Landscape of Privacy

Slide 3

Privacy Myths

Slide 4

People Care About Their Privacy

Slide 5

Our Data Who we are What we read and think Where we go and when we go there Who we talk to, and what we say to them What we earn, how we manage it, what we spend it on

Slide 6

Privacy and Pointillism

Slide 7

In February, 2010 advertising and marketing startup Clearsight Interactive announced that it had purchased enough personally identifiable information about individuals to enable it to link 65 million home IP addresses with their actual users. Daily Online Examiner, February 25, 2010 http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=123280&lfe=1

Slide 8

Every day, collection systems at the National Security Agency intercept and store 1.7 billion e-mails, phone calls and other types of communications. "A hidden world, growing beyond control," The Washington Post, July 19, 2010 http://projects.washingtonpost.com/top-secret-america/

Slide 9

Privacy Means Many Things Confidentiality Limits on information use Freedom from surveillance Personal choice and control

Slide 10

Protecting What Matters Personal privacy Consumer privacy Online privacy Youth and privacy Government surveillance Reader privacy

Slide 11

Privacy in the Library In a library (physical or virtual), the right to privacy is the right to open inquiry without having the subject of ones interest examined or scrutinized by others. Privacy: An Interpretation of the Library Bill of Rights http://ifmanual.org/privacyinterp

Slide 12

Privacy in the Library Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf. Privacy: An Interpretation of the Library Bill of Rights http://ifmanual.org/privacyinterp

Slide 13

ALA Code of Ethics We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted. Article III, ALA Code of Ethics http://ifmanual.org/codeethics

Slide 14

Slide 15

Laws That Protect Library Users' Privacy First Amendment Fourth Amendment Court Opinions

Slide 16

In New York, any library record that contains the name or other personally identifying details of a library user, including (but not limited to) circulation records, computer database searches, interlibrary loans, reference queries, photocopies of library materials, and hold or reserve requests is confidential and shall not be disclosed. ~~ NY CLS CPLR 4509 See also In the Matter of Quad/Graphics, Inc.v. Southern Adirondack Library System, 174 Misc. 2d 291, 664 N.Y.S.2d 225 (1997)

Slide 17

Federal Laws and Reader Privacy Video Privacy Protection Act Electronic Communications Privacy Act USA PATRIOT Act

Slide 18

USA PATRIOT Act & Libraries Section 215 Foreign Intelligence Surveillance Act Orders Section 505 National Security Letters

Slide 19

PATRIOT Act Gag Orders Gag Orders attached to these orders prohibit recipients from disclosing the existence of the warrant, or the fact that records were turned over to the FBI. Exceptions: legal counsel persons needed to comply with the order

Slide 20

NSA and The PATRIOT Act Section 215 used to authorize the bulk collection of U.S. phone call metadata on the grounds that the data, when queried, may produce information relevant to an investigation. Section 702 of the Foreign Intelligence Surveillance Act used to authorize the collection and examination of stored communications and other Internet data from ISPs. (PRISM)

Slide 21

Impact on Library Users

Slide 22

Privacy in the Library: Law Enforcement Inquiries

Slide 23

Subpoena Search Warrant Electronic Communication Orders FISA Orders and National Security Letters Forms of Court-Authorized Orders

Slide 24

Request for voluntary cooperation Exigent Circumstances (threat to life or physical safety) Evidence in plain view Informal or Warrantless Inquiries

Slide 25

Legal Limits on Law Enforcement Inquiries Statutes Bill of Rights Court-ordered limitations

Slide 26

It can happen anywhere The one-room Deming Public Library, part of the rural Whatcom County Library System was served with an FBI subpoena that sought the names and addresses of persons who borrowed a biography of Osama Bin Laden.

Slide 27

Vs. What should you keep confidential?

Slide 28

Tips and Reminders Library records are not public records subject to inspection Only FBI agents are permitted to serve and use a FISA order or NSL Establish a cordial working relationship with local law enforcement authorities Law enforcement should be left to the police

Slide 29

Privacy in the library: Ensuring privacy for library users Scimus Quae Legis, Et Non Dicimus (We know what you read, and we're not telling)

Slide 30

Crafting Privacy Policies Communicate the librarys commitment to protecting library users personal information Explain how users personal information is used, stored, and protected Explain when library records might be disclosed to third parties and law enforcement

Slide 31

ALA Privacy Policies Intellectual Freedom Manual, 8 th ed. www.ifmanual.org Policy on the Confidentiality of Library Records Policy Concerning Confidentiality of Personally Identifiable Information about Library Users Resolution on the Retention of Library Users Records

Slide 32

Conducting a Privacy Audit What data is recorded? Where is it located? Who has access? How long is data kept? Evaluate existing privacy policy Resource: Karen Coyle, Library Privacy Audits http://www.kcoyle.net/privacy_audit.html

Slide 33

Policy: Records Retention Retention plan Destruction schedules Purging personally identifiable information State laws (New York Freedom of Information Law and associated statutes as well as any local records act)

Slide 34

Policy: Law Enforcement Identify who is responsible for responding to requests for library records and information Describe the scope of employees and volunteers authority to respond to requests for library records or for information about library users Identify circumstances under which the library will release library records or information about library users

Slide 35

Self-Service Holds

Slide 36

--Lusty Reader blog August 11, 2010 lustyreader.wordpress.com/

Slide 37

Consider using systems employing obscurity or anonymity for self-serve holds

Slide 38

User Data the Library Doesnt Control Library Consortia Internet Service Providers Resource: ICOLC Privacy Guidelines for Electronic Resources Vendors http://www.library.yale.edu/consortia/2002privacyguidelines.html

Slide 39

Arizona 41-151.22. Privacy of user records; violation; classification; definition A.Except as provided in subsection B OF THIS SECTION, a library or library system supported by public monies shall not allow disclosure of any record or other information which, INCLUDING E BOOKS, THAT identifies a user of library services as requesting or obtaining specific materials or services or as otherwise using the library. B. Records may be disclosed: 1.If necessary for the reasonable operation of the library. 2.On written consent of the user. 3.On receipt of a court order. 4.If required by law. C. Any person who knowingly discloses any record or other information in violation of this section is guilty of a class 3 misdemeanor. D. FOR THE PURPOSES OF THIS SECTION, "E-BOOK" MEANS A BOOK COMPOSED IN OR CONVERTED TO DIGITAL FORMAT FOR DISPLAY ON A COMPUTER SCREEN OR HANDHELD DEVICE.

Slide 40

California Government Code Section 6267 All patron use records of any library which is in whole or in part supported by public funds shall remain confidential and shall not be disclosed by a public agency, or private actor that maintains or stores patron use records on behalf of a public agency, to any person, local agency, or state agency except as follows: a)By a person acting within the scope of his or her duties within the administration of the library. b)By a person authorized, in writing, by the individual to whom the records pertain, to inspect the records. c)By order of the appropriate superior court.

Slide 41

Questions? Want More Information? Email: bjones@ala.org www.ala.org/oif 1-800-545-2433 x4224