Edward M. Corrado said:
"Studies from the 1980s and early 1990s have shown that librarians would
regularly give out the names and topics of mediated searches [1, 2] and
a 1993 study questioned the confidentiality of inter-library loan
records."
And I can remember librarians thinking nothing about sending out overdue notices, notices that an item was being held for a user, etc., in postcard form, where anyone could see the user's name, address and the titles of some of the materials they had checked out. When I would raise this point, I was surprised to see how few librarians thought it was a bad thing, even though it was a direct violation of the Illinois Library Records Confidentiality Act.
Bernie Sloan
--- On Wed, 5/21/08, Edward M. Corrado <ecorrado_at_ECORRADO.US> wrote:
> From: Edward M. Corrado <ecorrado_at_ECORRADO.US>
> Subject: Re: [NGC4LIB] User Privacy
> To: NGC4LIB_at_LISTSERV.ND.EDU
> Date: Wednesday, May 21, 2008, 11:02 AM
> There are certainly ways to put in safe guards to be able to
> make
> constructive use of circulation and other data while
> protecting patron
> privacy. There is a need for legal safe guards (such as
> those in place
> with medical records) but there is also a responsibility of
> libraries to
> try to "scrub" any personal data so individual
> people can't be tracked
> down by it. Dr. Scott Nicholson has addressed various ways
> to do this in
> his Bibliomining research (http://www.bibliomining.com/).
> That said, I
> would argue that today many librarians typically do a
> better job talking
> about how they don't keep this personal data then they
> do actually
> making sure that they don't (you keep backups, right?
> how about
> transaction logs, e-mail server logs, etc.?). Some
> libraries are better
> at this than others but I bet many librarians would be
> shocked at how
> much private/confidential information they have about some
> of there
> patrons "laying around" if they ever performed an
> extensive audit.
>
> I'd also argue that this is not a new issue, or a
> generational issue
> (I've seen discussion where more
> "experienced" librarians have
> criticized new librarians who advocate using this data as
> not
> understanding or respecting to a large enough degree patron
> privacy).
> Studies from the 1980s and early 1990s have shown that
> librarians would
> regularly give out the names and topics of mediated
> searches [1, 2] and
> a 1993 study questioned the confidentiality of
> inter-library loan
> records [3]. The concept of government agencies (or others)
> being
> interested in circulation records is not a new issue in
> 2008, or even in
> the 2000's The FBI Library Awareness Program existed in
> the 1970's and
> 80's. There was also an earlier program in the
> 1940's and after the 1968
> Democratic National Convention, the FBI examined
> circulation records in
> several public and academic libraries.
>
> Libraries going forward need to figure out what value-added
> services
> they can, and should provide. No longer can libraries stay
> relevant just
> by acquiring resources. The School of Science, for
> ScienceDirect as the
> library can. All they need is a purchase order. One of the
> ways that
> libraries can add value to the institution is by making use
> of this
> trove of information available to them. As Estabrook [4]
> wrote in 1996,
> " in the name of one
> good--keeping patron records confidential--we are
> sacrificing another:
> targeted and tailored
> services to library users." The trick is how to do
> this in an
> economically feasible, yet useful way while still providing
> an
> acceptable level of privacy/confidentiality. There are a
> lot of great
> possibilities awaiting to be discovered in this area, which
> makes being
> a librarian in this era quite exciting.
>
> Edward
>
> [1] Isbell, Mary K., and M. Kathleen Cook. 1986.
> Confidentiality of
> online bibliographic searches: Attitudes and practices.
> RQ,. 25: 483-487.
>
> [2] Wilkes, Adeline W., and Susan Marie Grant. 1995.
> Confidentiality
> policies and procedures of the reference departments in
> Texas academic
> libraries. RQ 34 (4): 473.
>
> [3] Nolan, Christopher W. 1993. The confidentiality of
> interlibrary loan
> records. Journal of Academic Librarianship 19 (2):81.
>
> [4] Estabrook, Leigh S. 1996. Sacred trust or competitive
> opportunity:
> Using patron records. Library Journal 121 (2): 48.
>
>
>
> Walt Crawford wrote:
> > Jonathan, off-list:
> >
> > What a fine paragraph. The first sentence had me wary
> (because so many
> > people use it as an excuse to weaken privacy
> policies), and then you
> > immediately turn it around with professional
> responsibility. Great stuff.
> > Thanks!
> > -walt crawford-
> >
> > On Wed, May 21, 2008 at 7:42 AM, Jonathan Rochkind
> <rochkind_at_jhu.edu> wrote:
> >
> >
> >> In general, I think we care about privacy more
> than the users do. I
> >> don't think this means we care about privacy
> too much; it is indeed our
> >> responsibility to safe-guard our user's
> privacy even when they don't
> >> think about it. As with many things, it's our
> job to think about things
> >> so they don't have to.
> >>
> >> I think there are certainly ways to use
> reccommender data like this
> >> without a privacy invasion though, this stuff
> seems totally appropriate
> >> to me. But it is useful and important to go over
> various 'attack'
> >> scenarios.
> >>
> >> In Tim's early example where a user is the
> only person to have checked
> >> out two books, which would allow someone to figure
> out what books they
> >> had checked out from reccommender
> data---wouldn't this require the
> >> attacker _knowing_ that they were the only person
> to check out those
> >> books? How would they know that?
> >>
> >> Jonathan
> >>
> >> David Pattern wrote:
> >>
> >>
> >>> Because we had a large amount of checkout data
> to start with (from memory,
> >>> it was around 2 million transactions over a 10
> year period), we went for a
> >>> data point of 7 or 8 (I'd need to
> double-check the code to find the exact
> >>> figure).
> >>>
> >>> Our "people who borrowed this, also
> borrowed..." service has been live
> >>> since Nov 2005 and has increasingly grown in
> popularity, getting up to 4000
> >>> clicks per month. Our users are also able to
> view their entire circ history
> >>> from within their account page on the OPAC.
> >>>
> >>> Although I'd argue that we protect user
> privacy just as strongly in the UK
> >>> as you do in the US, the UK's Data
> Protection Act allows for a more flexible
> >>> framework for collecting user generated data.
> The bottom line is that data
> >>> must not be used so that it identifies an
> individual and data must not be
> >>> stored for longer than is necessary. Once a
> student graduates, their
> >>> borrower record is deleted, and that breaks
> the link between the circulation
> >>> transactions and a specific individual.
> >>>
> >>> When we launched the service, I did expect
> we'd get a few queries from
> >>> users (e.g. "what data is the library
> collecting?", "what does the library
> >>> do with the data?", etc) but, to date,
> we've not received any.
> >>>
> >>> regards
> >>> Dave Pattern
> >>> University of Huddersfield
> >>>
> >>>
> >>>
> >>> ________________________________
> >>>
> >>> From: Next generation catalogs for libraries
> on behalf of Tim Spalding
> >>> Sent: Wed 21/05/2008 03:26
> >>> To: NGC4LIB_at_LISTSERV.ND.EDU
> >>> Subject: Re: [NGC4LIB] User Privacy (was:
> [NGC4LIB] bibtip (How it works))
> >>>
> >>>
> >>>
> >>> What you people think is the appropriate
> amount number of data points
> >>> necessary to protect patron privacy in a
> recommendation system?
> >>>
> >>> One point would be a situation where, if only
> one user took out or
> >>> looked at both Book A and Book B, the
> recommendation system would
> >>> reveal this coincidence. I contend this would
> violate patron
> >>> privacy-if you knew one book someone took out
> you could discover
> >>> others. The logic of small numbers would
> undermine the idea of
> >>> anonymity.
> >>>
> >>> I'm thinking you need at least three, and
> probably more. John Blyberg
> >>> went for three or more in his SOPAC
> recommendations
> >>>
> (http://www.blyberg.net/2007/01/31/dynamic-item-recommendations/).
> I'm
> >>> not sure if that was for quality or privacy.
> That was based on opt-in
> >>> data.
> >>>
> >>> Tim
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> This transmission is confidential and may be
> legally privileged. If you
> >>> receive it in error, please notify us
> immediately by e-mail and remove it
> >>> from your system. If the content of this
> e-mail does not relate to the
> >>> business of the University of Huddersfield,
> then we do not endorse it and
> >>> will accept no liability.
> >>>
> >>>
> >>>
> >>>
> >> --
> >> Jonathan Rochkind
> >> Digital Services Software Engineer
> >> The Sheridan Libraries
> >> Johns Hopkins University
> >> 410.516.8886
> >> rochkind (at) jhu.edu
> >>
> >>
Received on Wed May 21 2008 - 11:13:07 EDT