<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Good morning folks!</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">We're revisiting our practices/procedures for protecting our patron privacy and confidentiality. <br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">We'd like to get a sense of how other libraries are handling security, confidentiality, and privacy for patron data and communications. Our ILS breaks associations for physical transactions, but we're starting to think about things like report files, notices, proxy logs, emails, and other electronic transactions.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Example: Historically, our research questions were handled through an email distribution list that only went to (6) research librarians. Overdue notice questions went to the circulation desk (5 people) . Library system and database problems went to a separate library instance of IT Footprints for ticket management (all library staff had access). </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">We're now in a merged IT/library environment. We wanted to move library "tickets" into Springshare so that library tickets would have less exposure, but we are being strongly encouraged to integrate all library inquiries into a single IT/Library Footprints ticketing system. In this system, tickets are viewable by all library and IT staff and students. </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">The students do sign a confidentiality policy, but our librarians are troubled by the fact all queries would be permanently archived and viewable by over 100 individuals. We feel this violates long-standing ALA professional recommendations (See <a href="https://chooseprivacyeveryday.org/">Choose Privacy Every Day</a> for a good overview.) </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">We're also concerned by the amount of information being gathered/exposed on a broader level by our LMS and analytics software for student success. (For more context on this, I recommend the recent C&RL article "<a href="https://crl.acrl.org/index.php/crl/article/view/16603/18645">Learning Analytics and the Academic Library: Professional Ethics Commitments at a Crossroads</a>" by Kyle M.L. Jone and Dorothea Salo.)</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">What is happening in your libraries? Please share your thoughts or answers on any of the following questions:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style=""><ol style=""><li style=""><font face="arial, helvetica, sans-serif">Do you have a formal policy for purging different types of patron data and library transactions?</font></li><li style=""><font face="arial, helvetica, sans-serif">Do you restrict access if you're in a shared library/IT environment? </font></li><li style=""><font face="arial, helvetica, sans-serif">What access do you allow to student workers?</font></li></ol></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Ideally, we'd like to have a policy as rigorous as the <a href="https://libraries.universityofcalifornia.edu/groups/files/sopag/privacy/LTAGPrivacyPolicy.pdf">University of California</a> libraries, but we realize that it might be ambitious for the skill set and staffing of a smaller institution....</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">We'd appreciate anything from quick thoughts to policies you'd be willing to share!</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Thank you in advance.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small">Vickie</div><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><p>Vickie L. Kline <a href="mailto:vkline@ycp.edu" target="_blank">vkline@ycp.edu</a><br>Systems Librarian Phone: 717-815-1459<br>Associate Professor FAX: 717-849-1608 </p>
<p>Library and Technology Services<br><span style="font-size:12.8px">York College of Pennsylvania<br></span><span style="font-size:12.8px">York, PA 17403-3651</span></p>
<p>"If we knew what it was we were doing, it would<br>not be called research, would it?"</p>
<p> -Albert Einstein<br></p><p><a href="http://ce-online.ryerson.ca/ce/badge/?id=14079009" target="_blank"><img src="https://docs.google.com/uc?export=download&id=0B4H55Aq_2aeZc0EyU19ZVlpoSlk&revid=0B4H55Aq_2aeZWFJhR001WGNvRFBjUCt3Rnk0OTJ5S0Y2dlFFPQ" width="96" height="96"></a><br></p></div></div></div></div></div></div></div></div></div></div>