On 6/16/14, 1:49 PM, Galen Charlton wrote:
> However, I think that's only part of the picture for ILSs. Other parts
> would include: * staff training on handling patron and circulation
> data * ensuring that the ILS has the ability to control (and let users
> control) how much circulation and search history data gets retained *
> ensuring that the ILS backup policy strikes the correct balance
> between having enough for disaster recovery while not keeping
> individually identifiable circ history forever * ensuring that
> contracts with ILS hosting providers and services that access patron
> data from the ILS have appropriate language concerning data retention
> and notification of subpoenas. Regards, Galen
Echoing Galen, staff training is very important. One way to begin this
is by having the staff do a privacy audit, where they make sure that the
library understands the reality of its practices, and makes changes
where it should and can. I have examples and materials at:
http://kcoyle.net/privacy_audit.html
although these were developed mainly for public libraries.
Part of the process is setting up a chain of command for privacy issues.
For US libraries, Mary Minow has given talks to librarians on what to do
if law enforcement shows up at your door. According to her experience,
they often try to find a library staff member who has access to systems
but who isn't at a management level, and they tend to try to (and mostly
succeed to) intimidate. Knowing the law makes a difference. So for US
libraries, there is:
http://librarylaw.com/Privacy.html
kc
--
Karen Coyle
[log in to unmask] http://kcoyle.net
m: 1-510-435-8234
skype: kcoylenet
|