No subject

Bridge, Frank BridgeF at chesterfield.gov
Wed May 18 15:13:16 EDT 2005


Hello Everyone--

I see this matter as indistinguishable from that of a customer providing
his/her library card and PIN to another family member for information
retrieval concerning an account.  The loss of privacy is at the risk of
the person who furnishes this information to anyone else, including a
third party like LibraryELF.  I do not believe that LibraryELF has the
responsibility to warn library customers about the privacy expectations
of other family members who have already and voluntarily given up such
expectations by furnishing their library card numbers and PIN's.  

Library automation vendors typically have contractual clauses that
obligate a library to reasonable control over the vendor's proprietary
information.  Typical system operations embody the essence of such
control, including customer record retrieval from and transactions via
the OPAC.   A third party can develop an automated script that
replicates the keystroking of a library patron who uses the system
legitimately, and I see little difference between the two information
retrieval methods.  Consequently I do not believe that a library
automation vendor has any leverage here.  

Furthermore, I do not see that it is appropriate for a library to
institute a rule prohibiting registration with a third party for such
data retrieval purposes.  We do not bar our customers from sharing their
PIN's with other people.  Instead, our typical approach is to remind
customers that they are responsible for all uses of their accounts.  

However, I do believe that it is appropriate to advise customers of the
risks associated with relinquishing PIN's, particularly with any third
party system vendor:  

--the loss of confidentiality; 
--the possibility of unrestricted harvesting (and even altering) of
their personal information from the library automated system; 
--the risk of identity theft through the illegitimate use of such
information.  

We could indicate that the Library does not endorse or control the
actions of such third parties.  We could also remind customers they
assume all risks associated with furnishing such information to any
third parties, including all transactions in their own accounts.  

---
Frank R. Bridge
Technology Management Administrator
Chesterfield County Public Library
PO Box 297
9501 Lori Rd.
Chesterfield, VA  23832-0297
Voice:   804-748-1980
Fax:      804-751-4679


-----Original Message-----
From: web4lib at webjunction.org
[mailto:web4lib at webjunction.org] On Behalf Of Andrew Mutch
Sent: Saturday, January 15, 2005 12:11 PM
To: Multiple recipients of list
Subject: [WEB4LIB] Re: Third party access to patron information


This also raises issues of who and how the data is being accessed from
our library systems. While I understand the desire of users to use these
tools to access information in ways that our automation vendors are
unable or unwilling to provide, I'm guessing that this is going to raise
all kinds of red flags with our vendors and systems administrators.

I don't recall discussions about "acceptable use" of library automation
systems but I think there are legitimate questions about third-parties
accessing that information, especially those who are doing so for
profit. I think an argument can be made that the data stored on our
systems is specifically intended only for use by our system and for the
direct use by our patrons. I wouldn't be surprised if we see systems
starting to institute "acceptable use" policies for patrons to disallow
the possibility of data scraping by third parties.

Andrew Mutch
Library Systems Technician
Waterford Township Public Library
Waterford, MI


> Michael, et al.
>    That's the problem--I don't think LibraryELF users are being made
> aware of the reprocussions or that LibraryELF's privacy statement is 
> adequate. I don't see anything on the LibraryELF site that informs 
> people that other family members, even children, may have expectations

> that their library records are confidential.
>    They also do not disclose that although they don't collect personal

> information via the their own sign-up process, the library card number

> and PIN you give them also can provide access (depending on the local 
> library system, but most do so) to street addresses, phone numbers, 
> birthdates, student numbers, etc.
>    Were they to beef up their privacy policy and at least acknowledge 
> that confidentiality even within a family may be a concern, I would 
> feel less troubled.




---
Frank R. Bridge
Technology Management Administrator
Chesterfield County Public Library
PO Box 297
9501 Lori Rd.
Chesterfield, VA  23832-0297
Voice:   804-748-1980
Fax:      804-751-4679




*********************************************************************
Due to deletion of content types excluded from this list by policy,
this multipart message was reduced to a single part, and from there
to a plain text message.
*********************************************************************



More information about the Web4lib mailing list