Respecting Privacy: Consensus Is Reached on NISO Privacy Principles
by Todd A. Carpenter
There are many ways to address differences among various positions, whether they’re in politics, business, or personal relationships. One can take an adversarial approach and advocate a position through legal channels. Another strategy is to negotiate a deal via a contract or similar transactional approach. Additionally, one can work collectively with various parties to find a potential solution, which is how standards are developed. None of these methods is better or worse than the others, and each has its appropriate role in the marketplace.
| There are a wide variety of approaches to protecting, using, and sharing patron data in libraries ...
In the context of privacy, each approach is being undertaken by the variety of organizations in the information landscape. Several organizations in our community are undertaking strong advocacy work on behalf of patron privacy. For example, the American Library Association (ALA) has been a vocal proponent of privacy legislation at both the state and national levels in the U.S., as well as internationally in partnership with organizations such as the International Federation of Library Associations and Institutions (IFLA) and the Electronic Frontier Foundation (EFF). Launched in 2013, the Library Freedom Project, which aims to “make real the promise of intellectual freedom in libraries,” has been an advocate as well as an educator.
From a contractual approach, individual libraries are including language in their contracts regarding privacy and the protection of patron data that’s managed or held by third parties. Many library vendors are supportive of the library community’s perspectives on issues such as the protection of patron data, so negotiations are generally smooth, although the process could be simpler. Also, vendors are challenged by individually negotiated arrangements; without customer consensus, managing the options and systems-development requirements for hundreds or thousands of users can create nearly infinite management complexities.
Given this environment, it makes sense to work toward a consensus to challenges among players in the marketplace. Consensus can take many forms, from moderate guidance to more robust approaches. Within our community, this sliding scale has formal NISO (National Information Standards Organization) standards on the more robust side, developed according to procedures accredited by the American National Standards Institute (ANSI). NISO also offers less formal advice; in descending order of authority, these are recommended practices, white papers, and principles. Each of these has its place. When community practice is more established and systems are reasonably understood, standardization is appropriate. As a situation is developing or when risks are modest, recommended practices are called for. But when community practice is just being formulated, when issues are still being assessed, or when an agreement is proving difficult, lighter consensus or white papers can be used to advance common practice and trust.
Views on Patron Privacy
There are a wide variety of approaches to protecting, using, and sharing patron data in libraries, and there’s even more diversity among vendors. Motivation is key. Librarians are motivated to protect privacy and intellectual freedom because of deep-seated historical and ethical principles. The concept of privacy surrounding patron activity dates back at least to the early 20th century and has been core to the ALA’s Code of Ethics since it was first released in 1939.
Many other related parties are deeply committed to patron privacy, but approach the issues with different motivations and perspectives. While serving the library and the end user are critically important, vendors face business risks from players who lack the same views on protection of patron information. Those closest to libraries are more likely to share librarians’ concerns, while vendors more deeply involved in areas such as advertising or IT might differ. In addition to competitive threats, library vendors face regulatory, legal, and perception risks. Advocacy efforts surrounding privacy in the library community mean that regulations or laws could be passed impacting system design and management; they could even prohibit a given system from being offered in libraries at all.
Vendors also face potential liability when it comes to handling customer and patron data. If there is a breach, a company could be liable for the costs of rectifying any loss of personal information. Finally, public awareness of a breach or of a data-sharing arrangement that goes against the spirit of intellectual freedom and privacy protections could jeopardize a company’s reputation. Several firms have faced, if not legal or financial liability, related reputational damage.
It’s important to note that not all breaches of privacy are malicious or hacks. Similarly, not all privacy issues are clear cut. An approach that is justifiable in one context might comprise dubious data sharing in another. Libraries and suppliers occasionally face competing demands regarding data protection and privacy. Strict adherence to data protection rules might run against larger institutional challenges of, for example, academic assessment. Data collection and analysis can provide extremely useful tools for creating improvements in services, usability, and product enhancement. Some products and features (such as personal bookmarking, citation management, and bookshelf services) require personal information to function. Personal data collection, analysis, and use are also justifiable—even necessary—when researching user behavior or calculating usage metrics.
Consensus Principles on Users’ Digital Privacy in Library, Publisher, and Software-Provider Systems: The NISO Privacy Principles
1. Shared privacy responsibilities
It is the responsibility of all parties involved in the delivery of library services to work individually and collectively to protect patrons’ private information. Those with access to patron data should recognize this obligation and act accordingly. This includes training of staff members who have access to data.
2. Transparency and facilitating privacy awareness
Privacy in a digital environment involves a complex set of services and options; these should be made as clear as possible to patrons so that they can make informed choices. Information providers should make available clearly readable policies and practice vigilance in activities that use patrons’ private data. All parties involved in providing services should effectively communicate those choices to users and develop systems that support them.
Security practices should be kept up-to-date to protect sensitive data, and staffers should be well-trained in these efforts. Any breach should be addressed as quickly as possible and communicated to users.
4. Data collection and use
Decisions about data collection and use should be advanced from the perspective of improving the user’s experience or services. Data should only be collected for the express purposes explained to the user. Many services, such as circulation, are only available when personal information is collected, but related data should only be retained as long as is necessary to effectively manage library services. Some types of data are potentially more sensitive than others and therefore necessitate greater focus on privacy protections.
As much data as possible should be scrubbed of personally identifiable information using anonymization practices. While it’s not perfect, this provides some measure of protection.
6. Options and informed consent
Users should be allowed to make informed choices about their use of digital systems and about the amount of information that is tracked and maintained. They need to be able to understand the options available to them and have some way to act on those choices. Users should be opted out of library services until they explicitly choose to opt in. After a service has been rendered, the service provider should not make retroactive changes without patron approval.
7. Sharing data with others
Sharing data is often an inherent part of getting services to function, and in the increasingly distributed context of digital information services, sharing is inevitable. However, the sharing of private data should be limited to the provision of services, and privacy concerns should be considered when setting up data-sharing arrangements. Generally, user activity data that will be shared should be anonymized and aggregated to a level that minimizes privacy risks to individual users.
8. Notification of privacy policies and practices
Privacy policies should be made easily available and understandable to users. Users should be notified of changes, and these should not be applied retroactively without users’ consent, except as required by law.
9. Supporting anonymous use
Whenever possible, options should be available to use library services in an “anonymous mode.” It may not be possible to provide all types of services to patrons who remain anonymous. If a service is not available without tracking users’ information, patrons should be made aware of this situation.
10. Access to one’s own user data
Users should have the opportunity to review information about themselves in library, publisher, and vendor systems. If errors are found, users should be provided the opportunity to correct or delete information whenever practical.
11. Continuous improvement
Institutions should constantly improve their practices, policies, and technologies in reaction to changes in perceptions, threats, and business practices.
Since trust is a core element in the protection of privacy, it was recognized that there needed to be some form of review. Those involved with providing service to library users should have their policies and practices periodically reviewed to ensure policy, procedures, and legal compliance by a third party. Service providers should supply the results of those reviews to their clients.
The NISO Principles
In this complicated environment, NISO endeavored to find community consensus on a core set of principles related to privacy and patron data. Over the course of 9 months in 2015, the organization brought together more than 100 representatives from the library, publisher, and software provider sectors to craft a set of principles related to patron information in service provider systems. The conversations were robust and occasionally contentious. While all parties brought a respect for privacy to the table, views on what constituted protection or privacy varied, and not always along organizational type, as one might expect.
The principles outlined in the sidebar cover the issues, not from a perspective of advocacy or comprehensiveness, but from a point of common ground. These are areas where consensus exists to move the state of privacy forward across all players and all services in the community. One might expect to hear complaints about the robustness of the principles—such as that they are not comprehensive enough or that they lack forceful enough protections. This may be the case, but again, consensus is not the same as advocacy, and the results cannot be expected to be the same. In some ways, some community contributors were pushed as far as they could reasonably go, while in other areas, some points were as lenient as others could be willing to accept. For each principle, the perspectives were as carefully balanced and weighted as possible.
NISO’s consensus principles cover a range of privacy-related topics. Together, these form a cohesive set of approaches necessary to protect patron information and maintain patron trust in libraries. While data protection is a vital component of the principles, protection of privacy involves much more. It requires clarity of information about policies, practices, and accountability. Many of these principles, such as security, would be obvious to even the most uninitiated, while others, such as anonymization, are more nuanced and specialized. The sidebar contains brief summaries of the principles that can be found in their full detail at ow.ly/XNKM8.
The principles mentioned—which we hope find wide agreement—are a starting point for future conversations within NISO and in the library world. This project is envisioned as being the first of many steps related to privacy that NISO will undertake. A separate project on privacy and its implications for research data sharing is already underway within the organization. Additional work based on the principles is likely, as there are a variety of potentially related issues. A subcommittee of NISO’s Business Information Topic Committee, which oversaw this work, is already reviewing the principles with an eye toward implementation—developing audit procedures is just one example of the work ahead.
NISO is actively soliciting feedback and comment from the community to help support areas of focus for our next steps. If additional work is approved, more information will be distributed by the organization later this year.
NISO would like to thank the Andrew W. Mellon Foundation for its generous support of this effort. Thanks are also due to the dozens of community members who contributed ideas and thoughts throughout the project.
American Library Association. History of the Code of Ethics. Retrieved from ala.org/Template.cfm?Section=History1&Template=/ContentManagement/ContentDisplay.cfm&ContentID=8875.
American Library Association. State Privacy Laws Regarding Library Records. Retrieved from ala.org/advocacy/privacyconfidentiality/privacy/stateprivacy.
American Library Association. (2004). Policy Concerning Confidentiality of Personally Identifiable Information about Library Users. Retrieved from ala.org/advocacy/intfreedom/statementspols/otherpolicies/policyconcerning.
American Library Association. (2016). Choose Privacy Week. Retrieved from chooseprivacyweek.org/category/protecting-privacy.
Library Freedom Project. (n.d.) Our Work. Retrieved from libraryfreedomproject.org/ourwork.
National Information Standards Organization (NISO). (n.d.) Consensus Framework to Support Patron Privacy in Digital Library and Information Systems. Retrieved from niso.org/topics/tl/patron_privacy.
Todd A. Carpenter is executive director of NISO (National Information Standards Organization). Carpenter is principal investigator on the Andrew W. Mellon Grant that supported this project, and he served as chair of the working group that developed these consensus principles on privacy.