Computers in Libraries
Vol. 21, No. 6 • June 2001 

Table of Contents Subscribe Now! Previous Issues ITI Home
Pass the Cookies and Uphold the Privacy
by Kim Guenther

The use of cookies has no doubt received the most press regarding consumer privacy. In a previous column, "Knock, Knock, Who's There? Authenticating Users" [March CIL, p. 54], I explained that cookies don't exactly authenticate a user, but rather they associate a user with a particular PC and authenticate the PC. On the surface this may seem benign, although the potential to collect data using cookies seems almost unlimited when it's tied to a unique identifier residing on the company's server. Concerns arise when collected information is used to push out additional sales information, such as via e-mail following a purchase, or when it is shared or sold to third-party vendors or marketers in order to influence your purchasing behaviors at other sites. Or it can even be given to different branches of the same company. For instance, a dot-com may share collected data with its brick-and-mortar equivalent. Should we be concerned? Consider this ...

On Monday I get an unsolicited e-mail message from a florist alerting me that Easter is just around the corner and that I should buy some flowers. The message also reminds me that Mother's Day is soon to follow. On Tuesday another unsolicited e-mail tells me I might want to look at some new books and CDs hot off the press. On Wednesday a financial institution tells me it's having a money sale, and on Thursday I'm told there's a new type of tomato seed that would be perfect for my garden this summer. All of these were unsolicited. True, I have visited all of these sites and either made a purchase or perused down their virtual aisles, but at no time did I ask to be reminded weekly or monthly of newly released products or upcoming sales. This is disturbing on several levels. First, I've been added to these companies' lists without my knowledge. Second, they've made a choice for me—to fill my already overflowing mailbox with unsolicited junk e-mail. 

Worse yet, when one of these companies hits hard times, I notice a little story in the newspaper about its bankruptcy. The following week, I get 40 e-mails instead of four—my personal information and purchasing habits data have been sold! 

Where Worlds Collide
Our physical and virtual worlds are colliding. We truly are what we eat, drink, read, and now, browse. So many of our day-to-day interactions now take place online, and the digital trail we leave behind reveals more and more of who we are and what we do; we become defined by our online profiles made up of bits and bytes. Even some of the stores where I physically shop now wish to know my e-mail address so they can complete my profile. The bank knows my behavior from ATM transactions, the grocery knows what I buy through my club card membership, and now the Web sites where I visit or make transactions remind me each time there's a sale. If I ever need an alibi, I know that the trail of electronic bread crumbs spread behind my electronic transactions will fit the bill perfectly.

Webster's defines a profile as, "a set of characteristics or qualities that identify a type or category of person or thing." A profile may be associated with an individual by several means. A person may voluntarily provide information. Or, an inference may be made by combining data like ZIP code and date of birth (referred to as triangulating data). Another way is through "synchronization" with other data sources where personal information is stored and shared with other companies (usually for a fee). Creating a user profile when the information is not volunteered by the end-user is most often done with cookie files, those pesky little computer files residing on your computer that the desktop and server pass back and forth. 

Online profiling is one of the most incendiary privacy issues on the Internet, especially when your digital identity is used at another site because your personal information was captured in a database and then sold or shared with companies you've never heard of. There's a growing backlash against online profiling from consumer advocacy groups and increasingly from concerned individuals who are caught in the crossfire between demanding increased connectivity and desiring to maintain their anonymity. 

So why should this matter to you and your library? Most states have enacted laws that protect the privacy of our patrons. But the Internet didn't exist when these kinds of laws were enacted, and they were written to protect patron information as it related to physical materials circulation. We know that these same laws apply to our digital library counterparts, but do our patrons? 

I don't know of any libraries that conduct true online profiling, but we do maintain records for authentication purposes, for interlibrary loan, or when we ask patrons to define their preferences so that information can be better tailored online to meet their needs, such as for a personal portal page. We store much of this information electronically in a database. Are patrons aware of information collected from our digital library Web sites, how this information is used, and who has access? To assure that they do know how their information is being collected and used, a library should craft a privacy policy. 

Consider Privacy Policies
Providing a privacy policy is not a requirement for most organizations. In 1998, the Federal Trade Commission (FTC) responded to the tremendous backlash to online profiling and asked companies in the online industry to voluntarily explain and post their privacy policies in more detail. The FTC's intention was to make initial progress in creating an electronic environment with some protection of consumer privacy, and perhaps to allow online companies to carry out self policing as an alternative to regulating an ill-defined environment. In response, several of the industry's heavy hitters, like Microsoft and IBM, formed an alliance called TRUSTe to better educate the public and to promote "fair information practices." 

According to the TRUSTe program (

TRUSTe is an independent, non-profit initiative whose mission is to build users' trust and confidence in the Internet by promoting the principles of disclosure and informed consent. Because this site wants to demonstrate its commitment to your privacy, it has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe. When you see our TRUSTe seal, you can be assured that the Web site will disclose:
  • What personal information is being gathered about you 
  • How the information will be used 
  • Who the information will be shared with, if anyone 
  • Choices available to you regarding how collected information is used 
  • Safeguards in place to protect your information from loss, misuse, or alteration 
  • How you can update or correct inaccuracies in your information.
As the digital library becomes a preferred route of choice for services, the need for a library privacy policy becomes unavoidable. Perhaps those in the library field should also form an alliance to come up with a similar privacy "seal of approval."

If you are planning to write a privacy statement, there are several examples worthy of note. First, check out the policy statement for Excite based on the TRUSTe disclosure statement at Another example is not a privacy statement at all; it's a privacy statement generator developed by the Organisation for Economic Co-operation and Development (OECD; The generator is available directly from The OECD privacy policy generator is incredibly thorough, though it includes some issues that have no bearing in a library environment. I've paraphrased some of the OECD high points you'll want to address in the sidebar below. 

Two Different Hats
Currently there is no framework to address the many legal issues that arise in cyberspace. Just to give you an idea, consider all of these areas in a non-electronic environment: trademark, copyright, liability, fraud and theft, defamation, disclosure, search and seizure, invasion of privacy, evidence, and jurisdiction. Most are pretty tangible, right? Now consider each one of these issues as it relates to the Internet. You'll find that each has an entirely different meaning when you try to translate it. Let's consider one issue, jurisdiction: "the territory over which authority is exercised." As e-mail messages and Web pages are sent or downloaded around the world, how do you define "territory"? 

So, let's get back to online profiling and consumer privacy. Is this something we should be concerned about in our library environments? 

When I put on my Webmaster hat (a pointy hat with stars), my answer is "no." From a standpoint of designing the most user-focused site that I can, profiling helps us to target services better. Targeted services can mean delivering information specific to an individual's preferences or formatting and packaging information delivery to meet my end-user's needs (like to a PDA). Or it could mean clustering products, content, and services to serve communities, such as a group with common interests and needs, for example, physicians. Profiling helps me design user-centric Web sites. 

Now let me put on my librarian's hat. Now, my answer is "yes," we should be concerned about online profiling and consumer privacy in our libraries. Our users assume that their privacy is protected by law. The Internet didn't exist when the laws were written and enacted to provide protection to those who checked out materials. The phrase "digital library" was not around, although we know these same laws provide protection in both our traditional and digital libraries. But do users know this? Like much of today's legislation, little case law exists to see how the laws will actually be applied in an electronic environment. 

As the law tries to keep pace with Internet technology, we need to protect our patrons and ourselves, to be proactive in our organizations, and to educate our patrons as best we can. A privacy statement provides a much-needed proactive measure and also re-emphasizes the role we play on behalf of our patrons—that of pathfinder and trusted agent. Privacy has always been a library priority. When we educate our users about privacy we not only help them protect it, we also decrease our risk of liability if privacy is compromised.


Some of the High Points from OECD's Privacy Policy Generator

Collection Limitation: The personally identifiable information that is collected to include both anonymous and personally identifiable information; statement should identify what is collected including information that cannot be tied back to a specific person (this is information you cull from your log files reflecting server traffic)

Data Quality: Ensuring the integrity of the data collected is maintained so that it continues to be relevant to the purpose for which it was collected

Purpose of Collection: Clearly defined purpose for collecting the data, including the start and end dates if the data is used for a specific event or project

Data Use: States how the data is to be used and if it will be used for other purposes other than those stated

Security and Confidentiality Safeguards: The security procedures that are in place to protect against the unauthorized access, loss, use, or destruction or modification of data

Individual Participation: States the rights of the individual to obtain, confirm, and challenge data related to them personally

Organizational Information: Provides information to visitors to include the business of your organization, broadly who you serve, and the "legal entity which controls the processing of personal data"

Use of Third-Party Web Service Provider: Identifies where data may be gathered by third-party vendors such as an outside content provider, Internet service provider, or application service provider. (This is extremely important in a library environment when visitors are connected to purchased content residing on a remote server.)

Automatic Collection of Information: "Information automatically collected, via cookies or other means such as programming, may not be linked to an individual. However, if you link the information that you capture automatically, via cookies or other programming means, with personal data about a specific individual, your visitors should be made aware of this."

Technical Administration of the Web Site: Information collected for the purpose of administrating the Web site such as account login, IP, or domain name

Customer Administration: Data captured to provide services to the customer such as account information to process an interlibrary loan request, or address information to deliver bibliographic search requests

Marketing: Data captured in order to target user types for content, formatting, and delivery purposes

Kim Guenther is the director for the University ofVirginia Health System Web Center and the Health System Webmaster. Her e-mail address is

Table of Contents Subscribe Now! Previous Issues ITI Home
© 2001