On 6/16/14, 1:49 PM, Galen Charlton wrote:
However, I think that's only part of the picture for ILSs. Other parts
would include: * staff training on handling patron and circulation
data * ensuring that the ILS has the ability to control (and let users
control) how much circulation and search history data gets retained *
ensuring that the ILS backup policy strikes the correct balance
between having enough for disaster recovery while not keeping
individually identifiable circ history forever * ensuring that
contracts with ILS hosting providers and services that access patron
data from the ILS have appropriate language concerning data retention
and notification of subpoenas. Regards, Galen
Echoing Galen, staff training is very important. One way to begin this
is by having the staff do a privacy audit, where they make sure that the
library understands the reality of its practices, and makes changes
where it should and can. I have examples and materials at:
http://kcoyle.net/privacy_audit.html
although these were developed mainly for public libraries.
Part of the process is setting up a chain of command for privacy issues.
For US libraries, Mary Minow has given talks to librarians on what to do
if law enforcement shows up at your door. According to her experience,
they often try to find a library staff member who has access to systems
but who isn't at a management level, and they tend to try to (and mostly
succeed to) intimidate. Knowing the law makes a difference. So for US
libraries, there is:
http://librarylaw.com/Privacy.html
kc
--
Karen Coyle
kco...@kcoyle.net http://kcoyle.net
m: 1-510-435-8234
skype: kcoylenet