There are certainly ways to put in safe guards to be able to make
constructive use of circulation and other data while protecting patron
privacy. There is a need for legal safe guards (such as those in place
with medical records) but there is also a responsibility of libraries to
try to "scrub" any personal data so individual people can't be tracked
down by it. Dr. Scott Nicholson has addressed various ways to do this in
his Bibliomining research (http://www.bibliomining.com/). That said, I
would argue that today many librarians typically do a better job talking
about how they don't keep this personal data then they do actually
making sure that they don't (you keep backups, right? how about
transaction logs, e-mail server logs, etc.?). Some libraries are better
at this than others but I bet many librarians would be shocked at how
much private/confidential information they have about some of there
patrons "laying around" if they ever performed an extensive audit.
I'd also argue that this is not a new issue, or a generational issue
(I've seen discussion where more "experienced" librarians have
criticized new librarians who advocate using this data as not
understanding or respecting to a large enough degree patron privacy).
Studies from the 1980s and early 1990s have shown that librarians would
regularly give out the names and topics of mediated searches [1, 2] and
a 1993 study questioned the confidentiality of inter-library loan
records [3]. The concept of government agencies (or others) being
interested in circulation records is not a new issue in 2008, or even in
the 2000's The FBI Library Awareness Program existed in the 1970's and
80's. There was also an earlier program in the 1940's and after the 1968
Democratic National Convention, the FBI examined circulation records in
several public and academic libraries.
Libraries going forward need to figure out what value-added services
they can, and should provide. No longer can libraries stay relevant just
by acquiring resources. The School of Science, for ScienceDirect as the
library can. All they need is a purchase order. One of the ways that
libraries can add value to the institution is by making use of this
trove of information available to them. As Estabrook [4] wrote in 1996,
" in the name of one
good--keeping patron records confidential--we are sacrificing another:
targeted and tailored
services to library users." The trick is how to do this in an
economically feasible, yet useful way while still providing an
acceptable level of privacy/confidentiality. There are a lot of great
possibilities awaiting to be discovered in this area, which makes being
a librarian in this era quite exciting.
Edward
[1] Isbell, Mary K., and M. Kathleen Cook. 1986. Confidentiality of
online bibliographic searches: Attitudes and practices. RQ,. 25: 483-487.
[2] Wilkes, Adeline W., and Susan Marie Grant. 1995. Confidentiality
policies and procedures of the reference departments in Texas academic
libraries. RQ 34 (4): 473.
[3] Nolan, Christopher W. 1993. The confidentiality of interlibrary loan
records. Journal of Academic Librarianship 19 (2):81.
[4] Estabrook, Leigh S. 1996. Sacred trust or competitive opportunity:
Using patron records. Library Journal 121 (2): 48.
Walt Crawford wrote:
> Jonathan, off-list:
>
> What a fine paragraph. The first sentence had me wary (because so many
> people use it as an excuse to weaken privacy policies), and then you
> immediately turn it around with professional responsibility. Great stuff.
> Thanks!
> -walt crawford-
>
> On Wed, May 21, 2008 at 7:42 AM, Jonathan Rochkind <rochkind_at_jhu.edu> wrote:
>
>
>> In general, I think we care about privacy more than the users do. I
>> don't think this means we care about privacy too much; it is indeed our
>> responsibility to safe-guard our user's privacy even when they don't
>> think about it. As with many things, it's our job to think about things
>> so they don't have to.
>>
>> I think there are certainly ways to use reccommender data like this
>> without a privacy invasion though, this stuff seems totally appropriate
>> to me. But it is useful and important to go over various 'attack'
>> scenarios.
>>
>> In Tim's early example where a user is the only person to have checked
>> out two books, which would allow someone to figure out what books they
>> had checked out from reccommender data---wouldn't this require the
>> attacker _knowing_ that they were the only person to check out those
>> books? How would they know that?
>>
>> Jonathan
>>
>> David Pattern wrote:
>>
>>
>>> Because we had a large amount of checkout data to start with (from memory,
>>> it was around 2 million transactions over a 10 year period), we went for a
>>> data point of 7 or 8 (I'd need to double-check the code to find the exact
>>> figure).
>>>
>>> Our "people who borrowed this, also borrowed..." service has been live
>>> since Nov 2005 and has increasingly grown in popularity, getting up to 4000
>>> clicks per month. Our users are also able to view their entire circ history
>>> from within their account page on the OPAC.
>>>
>>> Although I'd argue that we protect user privacy just as strongly in the UK
>>> as you do in the US, the UK's Data Protection Act allows for a more flexible
>>> framework for collecting user generated data. The bottom line is that data
>>> must not be used so that it identifies an individual and data must not be
>>> stored for longer than is necessary. Once a student graduates, their
>>> borrower record is deleted, and that breaks the link between the circulation
>>> transactions and a specific individual.
>>>
>>> When we launched the service, I did expect we'd get a few queries from
>>> users (e.g. "what data is the library collecting?", "what does the library
>>> do with the data?", etc) but, to date, we've not received any.
>>>
>>> regards
>>> Dave Pattern
>>> University of Huddersfield
>>>
>>>
>>>
>>> ________________________________
>>>
>>> From: Next generation catalogs for libraries on behalf of Tim Spalding
>>> Sent: Wed 21/05/2008 03:26
>>> To: NGC4LIB_at_LISTSERV.ND.EDU
>>> Subject: Re: [NGC4LIB] User Privacy (was: [NGC4LIB] bibtip (How it works))
>>>
>>>
>>>
>>> What you people think is the appropriate amount number of data points
>>> necessary to protect patron privacy in a recommendation system?
>>>
>>> One point would be a situation where, if only one user took out or
>>> looked at both Book A and Book B, the recommendation system would
>>> reveal this coincidence. I contend this would violate patron
>>> privacy-if you knew one book someone took out you could discover
>>> others. The logic of small numbers would undermine the idea of
>>> anonymity.
>>>
>>> I'm thinking you need at least three, and probably more. John Blyberg
>>> went for three or more in his SOPAC recommendations
>>> (http://www.blyberg.net/2007/01/31/dynamic-item-recommendations/). I'm
>>> not sure if that was for quality or privacy. That was based on opt-in
>>> data.
>>>
>>> Tim
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> This transmission is confidential and may be legally privileged. If you
>>> receive it in error, please notify us immediately by e-mail and remove it
>>> from your system. If the content of this e-mail does not relate to the
>>> business of the University of Huddersfield, then we do not endorse it and
>>> will accept no liability.
>>>
>>>
>>>
>>>
>> --
>> Jonathan Rochkind
>> Digital Services Software Engineer
>> The Sheridan Libraries
>> Johns Hopkins University
>> 410.516.8886
>> rochkind (at) jhu.edu
>>
>>
Received on Wed May 21 2008 - 10:41:00 EDT