 |
April 2004 Volume 6 Number 2 Page 3 |
 It's 2004: Do You Know Where Your Patron Data Is?by Michael Matis, University at Albany |
|
Cover Story Features Additional SUNYConnect Updates Link to the SUNYConnect Committees List
|
Since the passage of the USA PATRIOT Act, a
great deal of attention has been paid to the possibility of increased surveillance of
library records. Library associations around the country are calling for the repeal of
sections of the PATRIOT Act that relate to library records. However, libraries do not need
to wait for legislative action to take active steps to protect the privacy of their patron
records. They can review their data collection practices to assure themselves that data
associated with personally identifiable information (PII) will be stored only as long
as it serves a legitimate business purpose. The method used to conduct this survey is a
privacy audit. A privacy audit is a systematic review of the data-collection practices of an organization to determine if the practices are consistent with the privacy policies of the organization. It helps to ascertain what the life-cycle of patron data should be, i.e., how data with PII about patrons is collected, how it is used, how long it is stored, and when it should be deleted. A privacy audit does not mandate the disposal of records. Rather, it is an opportunity
for a library to have a structured conversation about when and how library records are
stored in furtherance of the library's business needs. It is an opportunity for librarians
to discuss the role of data in the library. Some may think they do not need to do a privacy audit because they already de-link circulation records when items are returned. However, are they aware if their vendor backs up the circulation data? And what about all other areas where data is collected? Computer sign-in sheets? Email reference questions? Web server logs? Increasingly libraries offer digital services that generate transactional data by default. Conducting an audit allows a library to discover just how much data they are collecting and set retention policies consistent with the mission of the library. Others may think they do not need to conduct an audit because they destroy any data as soon as any transactions concerning the data are concluded. However, destroying data links is a Draconian measure because it removes a valuable source of data about the trends of the library users. It is possible to "scrub" data such as circulation records and email requests of PII and restructure it to capture some of the demographic data that the records contain. To learn more about this process of "bibliomining" see the article by Scott Nicholson. To learn more about how to plan for a privacy audit, consult the ALA privacy toolkit. IT organizations have learned that doing an audit for one purpose has yielded
unexpected benefits in another area. Prior to the year 2000, many organizations were very
concerned about the "Y2K" problem (Editor's note: Michael will be presenting on the topic of library privacy audits at SUNYLA 2004 in Cortland.) |
and took active steps to
prevent any disruptions to their operations by doing a thorough 
![[Image: Bobby Approved Logo]](approved.gif){kind=small}