 |
 |
On 6/16/14, 1:49 PM, Galen Charlton wrote: > However, I think that's only part of the picture for ILSs. Other parts > would include: * staff training on handling patron and circulation > data * ensuring that the ILS has the ability to control (and let users > control) how much circulation and search history data gets retained * > ensuring that the ILS backup policy strikes the correct balance > between having enough for disaster recovery while not keeping > individually identifiable circ history forever * ensuring that > contracts with ILS hosting providers and services that access patron > data from the ILS have appropriate language concerning data retention > and notification of subpoenas. Regards, Galen Echoing Galen, staff training is very important. One way to begin this is by having the staff do a privacy audit, where they make sure that the library understands the reality of its practices, and makes changes where it should and can. I have examples and materials at: http://kcoyle.net/privacy_audit.html although these were developed mainly for public libraries. Part of the process is setting up a chain of command for privacy issues. For US libraries, Mary Minow has given talks to librarians on what to do if law enforcement shows up at your door. According to her experience, they often try to find a library staff member who has access to systems but who isn't at a management level, and they tend to try to (and mostly succeed to) intimidate. Knowing the law makes a difference. So for US libraries, there is: http://librarylaw.com/Privacy.html kc -- Karen Coyle [log in to unmask] http://kcoyle.net m: 1-510-435-8234 skype: kcoylenet