[Eril-l] Patron Privacy and ITSM (IT helpdesk ticketing software)

Vickie Kline vkline at ycp.edu
Tue Jan 8 06:32:48 PST 2019 

Good morning folks!

We're revisiting our practices/procedures for protecting our patron privacy
and confidentiality.

We'd like to get a sense of how other libraries are handling security,
confidentiality, and privacy for patron data and communications.     Our
ILS breaks associations for physical transactions, but we're starting to
think about things like report files, notices, proxy logs, emails, and
other electronic transactions.

Example:   Historically, our research questions were handled through an
email distribution list that only went to (6) research librarians.  Overdue
notice questions went to the circulation desk  (5 people) .   Library
system and database problems went to a separate library instance of IT
Footprints for ticket management (all library staff had access).

We're now in a merged IT/library environment.   We wanted to move library
"tickets" into Springshare so that library tickets would have less
exposure, but we are being strongly encouraged to integrate all library
inquiries into a single IT/Library Footprints ticketing system.    In this
system, tickets are viewable by all library and IT staff and students.

The students do sign a confidentiality policy, but our librarians are
troubled by the fact all queries would be permanently archived  and
viewable by over 100 individuals.  We feel this violates long-standing ALA
professional recommendations (See Choose Privacy Every Day
<https://chooseprivacyeveryday.org/>  for a good overview.)

We're also concerned by the amount of information being gathered/exposed on
a broader level by our LMS and analytics software for student success.
(For more context on this, I recommend the recent C&RL article  "Learning
Analytics and the Academic Library: Professional Ethics Commitments at a
Crossroads <https://crl.acrl.org/index.php/crl/article/view/16603/18645>"
by Kyle M.L. Jone and Dorothea Salo.)

What is happening in your libraries?    Please share your thoughts or
answers on any of the following questions:


   1. Do you have a formal policy for purging different types of patron
   data and library transactions?
   2. Do you restrict access if you're in a shared library/IT
   environment?
   3. What access do you allow to student workers?

Ideally, we'd like to have a policy as rigorous as the University of
California
<https://libraries.universityofcalifornia.edu/groups/files/sopag/privacy/LTAGPrivacyPolicy.pdf>
libraries, but we realize that it might be ambitious for the skill set and
staffing of a smaller institution....

We'd appreciate anything from quick thoughts to policies you'd be willing
to share!

Thank you in advance.

Vickie

-- 

Vickie L. Kline                vkline at ycp.edu
Systems Librarian           Phone:  717-815-1459
Associate Professor        FAX:    717-849-1608

Library and Technology Services
York College of Pennsylvania
York, PA 17403-3651

"If we knew what it was we were doing, it would
not be called research, would it?"

   -Albert Einstein

<http://ce-online.ryerson.ca/ce/badge/?id=14079009>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eril-l.org/pipermail/eril-l-eril-l.org/attachments/20190108/b4f47747/attachment.html>

More information about the Eril-l mailing list