Entrée principale:
Pedley, Paul. author.
Titre et auteur:
A practical guide to privacy in libraries / Paul Pedley.
Publication:
London : Facet Publishing, 2020
©2020
Description:
xviii, 201 pages ; 24 cm
Notes:
Includes bibliographical references (pages 181-194) and index.
1. Setting the scene -- 1.1 Examples of how privacy issues arose in the 19th and 20th centuries -- 1.1.1 Browne issue system -- 1.1.2 Cards used to sign out a book -- 1.1.3 Library Awareness Program -- 1.1.4 Publishing lists of borrowers with overdue books -- 1.1.5 Names of people requesting German language books turned over to the authorities -- 1.1.6 Library patron numbers used for several purposes -- 1.1.7 Russian revolutionary emigrés use of the British Museum Library -- 1.2 Why are the risks to library user privacy so much bigger in the 21st century than before? -- 1.3 Why is the privacy of library users important? -- 1.3.1 The chilling Effect -- 1.3.2 Nothing to hide -- 1.3.3 The functional relationship of privacy with other values -- 1.3.4 Protecting library user privacy is not merely an issue of data protection -- 1.3.5 The different types of privacy -- 1.4 The types of personal data collected by libraries -- 1.5 The privacy of the library as a public space -- 2. How privacy is regulated in the United Kingdom -- 2.1 Legislation -- 2.1.1 Data protection -- 2.1.2 Human rights -- 2.1.3 Surveillance -- 2.1.4 Terrorism -- 2.1.5 Voyeurism -- 2.2 Contracts -- 2.2.1 Third countries where there is no adequacy decision -- 2.3 Guidelines -- 2.4 Standards -- 2.5 Ethical/professional values -- 2.5.1 Professional ethics -- 2.5.2 Michael Gorman's eight enduring values of librarianship -- 2.6 Case law -- 2.6.1 Breach of confidence -- 2.6.2 English legal cases on privacy -- 2.6.3 American legal cases on privacy in bookshops and libraries -- 3. Practical examples of privacy issues arising in a library context -- 3.1 Self-service holds -- 3.2 Receipts from self-service machines -- 3.3 Refgrunt (Librarians venting publicly about interactions with patrons) -- 3.3.1 Risk of being dooced -- 3.4 Online databases and personalisation -- 3.4.1 The filter bubble -- 3.5 Telephone notification -- 3.6 Co-location -- 3.7 How long do you retain loan history data? -- 3.7.1 E-book circulation data -- 3.7.2 Anonymising data so it is still available for statistical purposes -- 3.8 Letting commercial interests into libraries -- 3.9 Use of CCTV in libraries -- 3.9.1 Why it is important to balance both privacy and security considerations -- 3.9.2 Can libraries be too intrusive in their use of CCTV cameras? -- 3.9.3 Cameras used to solve the disappearance of ancient books -- 3.10 Fingerprinting as a form of ID for use of library system -- 3.11 Use of "enrichment" on the library catalogue -- 3.12 Insecure software -- 3.13 Use of web analytics tools on library sites -- 3.14 Use of cloud computing services to store personal data -- 3.14.1 Potential risks/threats -- 3.14.2 Protections -- 3.15 Offshoring & outsourcing -- 3.16 Zines, libraries and privacy issues -- 3.17 Books on Prescription -- 3.18 Implications of GDPR for archiving information about living individuals -- 3.19 Volunteer run libraries -- 3.19.1 Building a relationship of trust with the user -- 3.19.2 Volunteers and sensitive personal data -- 3.19.3 Disclosure & Barring Service (DBS) checks (formerly CRB checks) -- 3.19.4 Data protection training -- 3.20 Copyright declaration forms -- 4. Case studies -- 4.1 Case Study 1: CASSIE -- Computer Access Software Solution -- 4.2 Case study 2: Library participation in learner analytics programs -- 4.2.1 The data that can be captured and fed into a learning management system -- 4.2.2 What protections are there in place to protect user privacy? -- 4.2.3 Learning analytics and professional ethics -- 4.3 Case study 3: Rollout of a shared library management system -- 4.3.1 WHELF shared LMS project -- 4.3.2 Case study 4: Single digital presence for public libraries in England -- 4.3.3 Case study 5: Single library management system for all public libraries in Ireland -- 4.3.4 Case Study 6: Introduction of National Entitlement Cards in Scotland -- 5.Cybersecurity -- 5.1 Least-privilege model -- 5.2 Offering training on cyber-security and related topics -- 5.3 Protecting personal data -- 5.4 Bring your own device (BYOD) -- 5.4.1 Plan for security incidents where devices are lost, stolen or compromised -- 5.4.2 Network architecture design -- 5.4.3 Network separation -- 5.4.5 BYOD policies -- 5.4.6 Ensure the BYOD policy is workable -- 6. Personal data breaches -- 6.1 Personal data breach response plan -- 6.1.1 Implementing the five-step plan -- 6.1.2 Testing the personal data breach response plan -- 6.2 Communications strategy -- 6.2.1 Documenting personal data breaches -- 6.2.2 Notification of a personal data breach to the supervisory authority (GDPR Article 33) -- 6.2.2 Communication of a personal data breach to the data subject (GDPR Article 34) -- 6.3 Payment card data -- 6.4 Library examples of personal data breaches -- 6.4.1 Leaked emails reveal what a politician borrowed from the library -- 6.4.2 Newspaper publishes details of books borrowed by famous writer -- 6.4.3 Inadvertent data breach relating to a library user -- 6.4.4 Data breach at university library -- 6.4.5 Failed attempt to obtain library customer data -- 6.4.6 Social security numbers in library books -- 6.4.7 Lost USB stick containing sensitive data accessed in a library -- 6.4.8 Reviews and ratings on library website -- 6.4.9 Librarian sues Equifax over data breach -- 6.5 Causes of data breaches -- 7. Access to and sharing of user data -- 7.1 Responding to requests for patron records -- 7.1.1 What records are you being asked to share? -- 7.2 Examples of where library user data was accessed by third parties -- 7.2.1 London Bridge terrorist -- 7.2.2 Murder of Jo Cox MP -- 7.3 Potential risks in releasing datasets for open data initiatives -- 8. Privacy policy statements -- 8.1 What the privacy policy notice should cover -- 8.2 Children and the age of consent -- 8.3 Cookie policy -- 8.3.1 Types of cookie -- 8.3.1 Background -- 8.4 How is personal data being used by the library? -- 8.5 The purpose of a library privacy policy -- 8.6 RFID privacy policy -- 8.7 Privacy policies and public access terminals in libraries -- 8.8 Examples of library privacy policy notices -- 8.9 Third party access -- 8.10 Payment card details -- 8.11 How are privacy policies communicated to users? -- 9. Data protection & privacy audits -- 9.1 Why carry out a data protection audit? -- 9.2 Know your data -- 9.2.1 Sensitive personal data -- 9.3 Deletion of data -- 9.3.1 Hidden data -- 9.4 Conducting a library privacy audit -- 9.4.1 Preparing for the audit -- 9.4.2 The audit process -- 10. Data protection impact assessments -- 10.1 What the data protection impact assessment must contain -- 10.2 Impact on privacy -- 10.3 Steps involved in a data protection impact assessment -- 10.4 Examples of where DPIAs would be used in libraries -- 11. Privacy issues and vendors -- 11.1 Vendors and data breaches -- 11.2 Working with library vendors to maximise privacy -- 11.2.1 Points to consider before purchasing technology or content from external providers -- 11.2.2 Identifying security vulnerabilities in products you already have -- 11.3 Vendor privacy policies -- 11.3.1 Due diligence -- 11.3.2 The ideal scenario -- 11.4 Measuring the cybersecurity of vendors -- 12. Practical steps to protect the privacy of library users -- 12.1 Twenty-six practical steps to protect your users' privacy -- 13. The right to be forgotten -- 13.1 Right of oblivion -- 14. Conclusion -- 14.1 Intellectual privacy -- 14.2 The freedom to read anonymously -- 14.3 Potential for information about reading habits to be misused -- 14.4 Where do libraries fit into the defence of privacy? -- 14.4.1 The role of information professionals -- 14.4.2 Legal and ethical responsibility -- 14.4.3 Privacy training and awareness -- 14.4.4 Becoming more privacy-conscious -- 14.4.5 Improving things for the future -- 14.4.6 Give library users control over how their personal data is used -- 15. Further reading, toolkits and other resources -- 15.1 Books and reports on privacy in libraries -- 15.2 Checklists -- 15.3 Web links -- 15.4 Toolkits -- 15.5 Tools.
Résumé:
Privacy is a core value of librarianship and yet as a concept, it is difficult to define. In practice, it is a challenge to uphold. This book considers how privacy issues can arise in a library context and what library and information professionals can do to protect the privacy of their users. The book features a range of practical examples of such issues, providing insights and practical steps which readers can follow. In-depth case studies and scenarios support the examples laid out in the book, while examples of data breaches which have occurred in a library setting, and the lessons we can learn from them, are also included. The book also covers the main legislation governing data protection - GDPR - which will be particularly relevant to European librarians, and international librarians offering services to EU citizens. The book provides a range of tools through which libraries can communicate how they handle the personal data of their users whilst ensuring that they are following best practice with their privacy policy statements, their privacy audits, and data protection impact assessments. Privacy is not the same thing as data protection, and the book outlines the differences between these two concepts. Nevertheless, the book has been written with the requirements of data protection law very much in mind. -- Publisher.
ISBN:
9781783304691 (hardcover)
1783304693 (hardcover)
9781783304684 (paperback)
1783304685 (paperback)
Sujet:
Library administration Social aspects.
Privacy, Right of.
Data protection.
Bibliothèques Administration Aspect social.
Protection de l'information (Informatique)
Protection de l'information (informatique) Droit européen.
Protection de l'information (informatique)
Droit à la vie privée.
Exemplaires:
Localisation: Bibliothèque main 319404
Cote: 319404
Exemplaire: 1
Statut: Disponible