Developing a Comprehensive Privacy

Policy

“Rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship.”- American Library Association, Privacy Statement 2002

“You have zero privacy anyway – Get over it.”- Scott McNealy, Co-founder, Sun Microsystems, 1999

POINT

COUNTERPOINT

2011 Version

“These are also galvanizing times of promise and opportunity. And yet we can only reap the full benefits if we work together, as a society, to uphold people’s right to privacy.”- Jennifer Stoddart, Privacy Commissioner of Canada, November 2010

“If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place”

- Eric Schmidt, CEO, Google, December 2009

POINT

COUNTERPOINT

The Privacy Landscape

Canadian Libraries are still inconsistent in their Privacy Policies Behind the US in this area Most Canadian Policies are response to

PIPEDA or Provincial Privacy Legislation Some are Response to Events Only 7 of the 20 largest Ontario Public

Library systems have a posted Privacy Policy!

Privacy Legislation

Basic Principles for Personal Information: Collected with consent and for a reasonable

purpose Used and disclosed for the limited purpose for

which it was collected Accurate Accessible for inspection and correction Stored securely

Only a Starting Point!

Importance for Libraries

Libraries have a role to protect Privacy “Protecting user privacy and confidentiality has long been an integral

part of the mission of libraries.”

– American Library Association 2002

Awareness among Staff & Patrons Consistency in handling Data & Issues Guidelines for when Privacy is ‘Tested’

CLA Position Statement

Drafted June 1987 First Sentence: “Rapid advancements in computer and

communications technology…”

Very Limited Scope “That names of library users not be released to any person,

institution, association or agency for any reasons save as may be legally required by Federal or Provincial laws.”

What about Usage Histories? Data Storage?

OLA Position Statement

None Published (nor OLITA or OLBA) Occasional discussions (blogs, mailing lists, etc) Such as May 9, 2006: “The OLA Board at its meeting on May

5 lent OLA's support to a coalition that is challenging digital copyright reform on privacy issues.”

Privacy Dangers

‘Fishing Expeditions’ Data Mining (Identified as threat by

ALA) Pressure to Release Information Hidden caches of Data Unexpected points of access & storage “Retention” versus “Preservation”

Going Fishing…

Police & other authorities may request patron records or usage information

Significant pressure could be applied in certain types of situations Media Pressure Political Pressure – Board, Council, etc Pressure from the Public

In the News…

“Durham Regional Police have laid child pornography charges after an Oshawa man was seen surfing child porn at a public library… On January 7th, 2006, the accused attended the public library in Brooklin and began an extensive search for child pornography using one of the library’s computers… Officers seized two computers from the library and gathered additional information.”

-- Durham Regional Police News Release, April 19 2006

• Police aggressive in attitude towards library• Easier to involve Mayor/Media than obtain a

warrant?

Even Bigger News…

“Security services had bomb plot suspects under surveillance for more than six months… To obtain the ammonium nitrate, [alleged bomb plot suspect Zakaria] Amara searched for suppliers on the internet, using the facilities of a public library…”

-- CBC News Report, June 7 2006

• Mississauga Library Computers seized by RCMP – “pressing matter”

The “Hot Button” Issues

Child Pornography Internet Sexual Predators Terrorism

Can Library Boards & Management Resist Political & Media Pressure on these fronts?

A Different Approach…

The Seattle Public Library Confidentiality Policy

“Minimum records kept”“The Seattle Public Library keeps the minimum number of records necessary for maintaining operations. When a customer logs off a Library Computer, information about that user session is automatically deleted.”

Possible Headlines?

“Library refuses to co-operate with Child Pornography investigation”

“Kidnapping case encounters roadblock in Library”

“Libraries a Terrorist Internet Haven”

“Cyber-Bullies use Library to hide their true identities”

The B-List

Cyber Bullying Stalking Threats Disseminating Hate Fraud The “C-List”: Activism

Privacy Policy “Touchstones”

Last Week: Borrowing Records Yesterday: Public Access Computers,

Internet Logs Today: eBooks, WiFi Access,

RFID,Database Searches, 3rd Party Services, Cloud

Tomorrow: DRM, and ???

“Last Week”: Borrowing Records

Basic Concept: Delete Info after Return “Information about what a person may have borrowed is not retained when the item

is returned except where fines and fees may have occurred”

Watch for Exceptions – Document Visiting Library Services: May want to retain Data Make sure Library Software truly complies (logs; backups; etc) Holds – Does Library Software treat differently?

Other Considerations Patrons may want to see their own historical data; have a choice? Historical data for better service – “Amazon Effect”; Bibliocommons

“Yesterday”:Public Internet Access

Sign-ups: Take Patron Info? Keep it? Keep Session Logs? Internet Acceptable Use Policies (AUP) ISP Responsibility; new US/EU

Regulations

“[Sign up information] is removed as soon as the person who has reserved the computer signs on.” - Seattle Public Library

“[We] delete the history of a user’s Internet session and all searches once an individual session is completed.” - San Francisco Public Library

“Today”: New Challenges

External DataBase Searches eBooks – Borrowing Records, etc 3rd Party Services

“Beyond Control” of Library? Possibly in jurisdiction of USA PATRIOT Act (etc)?

WiFi Access for Patrons Login, Usage Logs, etc?

RFID

Newest Challenges

Cloud Computing Google Docs, Microsoft Office 365, Azure, Amazon Web

Serv Jurisdiction Issues !! Danger, Danger !

Social Networking Interactions Facebook, etc

Hardware & Equipment Photocopiers – some keep images of copies made (really!) Out-of-Lease & Disposed of; Stolen; Serviced; Garbage

Tomorrow: The Fun Never Ends

DRM – Digital Rights Management Letters from major Privacy Advocates and

Stakeholders regarding Privacy Risks with potential Copyright / DRM legal protections

What’s Next?

The Case of the Hidden Data

Many potential Data caches Logs Backups Caches & Mirrors Proxies Upstream storage & ISP’s Partners, Suppliers, 3rd Party Services,

more

More Dangers

Hidden/Undocumented Data Potential Embarrassment & Financial

Liability for failed Policy Protections Loss of Patron Confidence

Unexpected release – ‘garbage bin’ data

Costs (Staff Resources & More) to deliver ‘difficult’ data when requested

The Privacy Ideal

No need to release data you don’t have

Request & Store the absolute minimum

“Think twice before you capture data, and three times before you store it.”

- Electronic Frontier Foundation

Delete Data no longer required

The Privacy Ideal Continued…

Document All Hidden Sources Audit, Monitor, Consult Psychics

Pick two out of three

Ingredients to a Policy Design

Details for common issues Library Cards, Borrowing Records, Computer Use

General Principles for the Future Synchronization with Reality

Make sure you can deliver what you promise!

Special Cases Equipment/Data Seizure Policy; Ethical Research Policy

Policy Frameworks

CSA Model Privacy Code Accountability / Identifying Purposes / Consent / Limiting Collection /

Limiting Use, Disclosure and Retention / Accuracy / Safeguards / Openness / Individual Access / Ability to Challenge

Fair Information Practice Principles (FTC) Notice / Choice / Access / Security / Enforcement

OECD Guidelines on the Protection of Privacy

Collection limitation / Data quality / Purpose specification / Use limitation / Security Safeguards / Openness / Individual Participation / Accountability

Organization Must Decide

Discuss, Debate, and Decide on Scope of Privacy Policy Extent of Data Retention Extent of Assistance to Law Enforcement Extent on Protection for Patron Privacy

Board, Management & Senior Staff should all be involved in process

Policy Must Evolve

New challenges, new technologies New Regulations; US atmosphere Increasing Awareness by Patrons /

Public Board, Management & Staff Must

Understand and buy-in to policy!

Related Policies…

Data Retention Details Should be a Separate Policy, that adheres to Guidelines

set in Privacy Policy

Web Site Privacy Statement Related, but Separate in scope

Staff Privacy Entirely Different Policy with Different Goals

References

American Library Association www.ala.org/ala/issuesadvocacy/intfreedom/librarybill/interpretations/privacy.cfm

Electronic Frontier Foundationwww.eff.org/Privacy/

Electronic Privacy Information Centerwww.epic.org

Center for Democracy & Technologywww.cdt.org

More References

CSA Model Codewww.csa.ca/standards/privacy/Default.asp?language=english

Information & Privacy Commissioner of Ontariowww.ipc.on.ca/docs/library-e.pdf

Office of the Privacy Commissioner of Canadawww.priv.gc.ca

Thank You!

“The role of libraries … must not be compromised by an erosion of the privacy rights of library users.”

-- American Library Association, 1991

George Geczy, Vice-Chair,Hamilton Public Library

Email george@dgtechnical.com