Dear Katherine,

thanks for your question! I can not answer in the name of the
editorial team, so the following are personal thoughts.

> Are you saying you will not accept papers where the topic relates to personal data?
Papers, that utilize individuals’ personal data. That is our will,
until we do not have a clear process how and what to check in such
proposals.

> I am also slightly bemused that even a basic understanding of PowerBI files was beyond the expertise of the entire editorial committee of a coding journal.
First: there are quite a number of technologies in the Code4Lib space.
I personally use R, Python, spreadsheets, Apache Spark and JavaScript
libraries for data analysis and visualization, but never worked with
PowerBI. In the journal each paper have and editor and a second
reader, they are responsible for checking the details, for others it
is an option. It is possible that an editor who have an expertise in
technology X is involved in many other papers, and no energy left for
one which also has something on X.

> is this not something the editors can initiate themselves with some research?
No, we invited colleagues to share knowledge with us, but it does not
mean, that we put the responsibility to the community. We are aware
some subsets of the relevant literature, but none of us have an expert
knowledge, so we asked for help in this process. If we will not get
any help, we will do it ourselves.

Best,
Péter


On Thu, Feb 22, 2024 at 5:20 AM Katherine O'Brien
<[log in to unmask]> wrote:
>
> Thanks for updating us, Péter
>
> I have a few questions about the extra editorial, and I hope it comes across that I am asking this in good faith because I think these are important discussions to have.
>
> The editors have stated that they "will not accept or publish papers that utilize individuals’ personal data". The issue arose in this most recent instance because you were not aware that the files contained personal data. It's unclear to me how this will be assured not to happen again. Are you saying you will not accept papers where the topic relates to personal data?
>
> I am also slightly bemused that even a basic understanding of PowerBI files was beyond the expertise of the entire editorial committee of a coding journal.
>
> You ask for colleagues to recommend sustainable guidelines. There have been a number of blog posts and commentaries on data security issues in the Code4Lib journal going back to at least 2020. I understand that editing this journal is a volunteer role and all good things rely on community input, but is this not something the editors can initiate themselves with some research? There are many resources available online for basic guidelines. What do the editors plan to do if colleagues do not contribute to developing guidelines?
>
> I think Code4Lib journal and associated community is a really valuable resource.
>
> But the response from the editorial committee feels like it falls short, especially given patron data issues have occurred on multiple occasions - this is not the first instance of this happening in Code4Lib. Clearly something that we as a library community also need to put front and centre in our work and our research.
>
> Cheers,
>
> Katherine
>
>
> Katherine O’Brien  (she/her<https://pronouns.org/what-and-why>)
>
> Application Administrator, Online Services
>
>
>
> University Library | ND13
>
>
>
> The University of Notre Dame Australia
> 19 Mouat Street (PO Box 1225) Fremantle WA 6959
> T +61 8 9433 0703 | [log in to unmask]<mailto:[log in to unmask]>
>
> MS Teams<[log in to unmask]" target="_blank">https:[log in to unmask]> | Zoom<https://notredame-au.zoom.us/my/kobrien?pwd=d2pkTVg4OU5HWUVPTk15QjFUdE9YQT09> | Library<http://library.nd.edu.au/> | AskUs<http://askus.library.nd.edu.au/> | notredame.edu.au<https://www.notredame.edu.au/>
>
> CRICOS Provider:  01032F
>
> I respect and acknowledge the Traditional owners of the land on which I live and work as the First People and Custodians of this country.
>
>
>
>
> ________________________________
> From: Code for Libraries <[log in to unmask]> on behalf of Péter Király <[log in to unmask]>
> Sent: Tuesday, 6 February 2024 3:01 PM
> To: [log in to unmask] <[log in to unmask]>
> Subject: Re: [CODE4LIB] Code4Lib Journal Issue 58 now available
>
> Dear Code4Lib community,
>
> we the editors of the Code4Lib Journal just published an extra
> editorial to summarize the patron data breach incident in our latest
> issue, and the measures we introduced in the editorial workflow to
> prevent similar future events:
>
> https://journal.code4lib.org/articles/18040<https://journal.code4lib.org/articles/18040>
>
> We invite colleagues who are knowledgeable in establishing relevant
> policies and procedures to support the Code4lib Journal by using their
> expertise to recommend sustainable guidelines that are informed by
> existing best practice, either independently or in the form of a
> journal article.
>
> We are grateful to all of those who worked to raise this important
> issue and look forward to collaborating with the community on best
> practices going forward.
>
> In accordance to this, we modified the Call for submission as well:
> https://journal.code4lib.org/call-for-submissions<https://journal.code4lib.org/call-for-submissions>
>
> Best,
> Péter Király
>
> On Sat, Dec 9, 2023 at 5:47 PM Péter Király <[log in to unmask]> wrote:
> >
> > Dear all,
> >
> > as one of the editors of Code4Lib Journal I would like beg your pardon
> > for the security incident.
> >
> > Since the journal is edited by a group of volunteers and we do not
> > have any formal organizational structure, we as a journal do not have
> > yet an common answer, but I can tell you my private opinion. Right now
> > we are considering the suggestions of the open letter. Some of them
> > could be implemented and there is a high chance that will be
> > implemented. In this particular case we made a couple of editorial,
> > communication related and technical mistakes, but we are aware of the
> > importance of the problem, and I personally disagree that the data
> > breach happened because we did not take care of the ethical concern.
> > In this case - and again speaking only from my part - I did not have
> > the necessary knowledge to check the content of files in a particular
> > (Power BI) format, and thus I was not aware of the real content of
> > that files (the article itself doesn't tell details about the content
> > of the attached file).
> >
> > It is sure we are taking care of this issue and the open letter, and
> > we act accordingly. I hope that in the following days we will also
> > have a better statement than mine, that will reflect the opinion of
> > all editors.
> >
> > I beg your pardon again,
> > Péter Király
>
>
>
> --
> Péter Király
> software developer
> GWDG, Göttingen - Europeana - eXtensible Catalog - The Code4Lib Journal
> http://linkedin.com/in/peterkiraly<http://linkedin.com/in/peterkiraly>
>
> Disclaimer
>
> The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
>
> This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.



-- 
Péter Király
software developer
GWDG, Göttingen - Europeana - eXtensible Catalog - The Code4Lib Journal
http://linkedin.com/in/peterkiraly