[Web4lib] Library Website Privacy Policies

Robert Balliot rballiot at gmail.com
Mon Apr 4 15:50:58 EDT 2011


UConn also employs Google Analytics and it is active on the link you
provided.  So, UConn's policy appears to be misleading. As soon as someone
uses the UConn site, data is collected about their session by a
private third party that is allowed to have access by UConn.  That data is
conceivably not covered under confidential public records law and not
afforded the same privacy protections. Google is not a 'unit' of UConn.  Use
under the Patriot Act most likely would not be referred to the campus
attorney. Privacy is an illusion.

In other news, millions of e-mail addresses have been compromised at
Epsilon<http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.html>.
 This includes all sorts of banks that employ InfoSec budgets far beyond
that of most libraries.  Given that the breach would need to be analysed by
law enforcement, it stands to reason that law enforcement would also now
have all of the names associated with all of the emails associated with all
of the accounts.  A honeypot without a warrant.

R. Balliot
http://oceanstatelibrarian.com





On Mon, Apr 4, 2011 at 3:08 PM, Peter Murray <peter.murray at lyrasis.org>
wrote:
> I did some work at the University of Connecticut a while back that was
modeled on the Trust-E recommendations for e-commerce sites.  In the end,
it, too, was boiled down to about a page (
http://www.lib.uconn.edu/about/privacy/).  I also ran a survey of ARL
members asking about their privacy policies.  The executive summary is most
of a decade old, but you might find some useful bits in it:
>
>  SPEC Kit 278 Library Patron Privacy , November 2003
>  http://www.arl.org/bm~doc/spec278webbook.pdf
>
>
> Peter
>
> On Apr 1, 2011, at 7:59 PM, Adams, Jason wrote:
>>
>> Our Web Team put together a nice 2-page privacy policy -- very similar
>> to what you see on most library websites.  When our Policy Review Team
>> revised it, our privacy policy was reduced to two sentences sandwiched
>> between a statement from the ALA Code of Ethics ("We protect each
>> library user's right to privacy...") and a statement about the PATRIOT
>> Act ("The Library System complies with the law as it relates to the
>> U.S.A. P.A.T.R.I.O.T. Act...").
>>
>> It's my understanding that it is "proper" standard practice for website
>> privacy policies to detail a website's information-gathering practices,
>> including a description of why we collect data, what we collect, and
>> what we do with it.  I've seen this mentioned by the Electronic Frontier
>> Foundation, Federal Trade Commission, and the American Library
>> Association (in their document "Guidelines For Developing a Library
>> Privacy Policy").
>>
>> What are your suggestions for helping our less web-savvy library system
>> decision-makers to understand the importance of a more descriptive
>> privacy policy for our library website?  Any links to related articles,
>> other library privacy policies, and statements by the EFF, FTC, ALA,
>> library lawyers, etc. would also be helpful.
>>
>> Thanks in advance for your replies!
>>
>> Jason Adams, Library Assistant II
>>
>>
>>
>> _______________________________________________
>> Web4lib mailing list
>> Web4lib at webjunction.org
>> http://lists.webjunction.org/web4lib/
>>
>
>
> --
> Peter Murray         Peter.Murray at lyrasis.org        tel:+1-678-235-2955
> Ass't Director, Technology Services Development   http://dltj.org/about/
> Lyrasis   --    Great Libraries. Strong Communities. Innovative Answers.
> The Disruptive Library Technology Jester                http://dltj.org/
> Attrib-Noncomm-Share   http://creativecommons.org/licenses/by-nc-sa/2.5/
>
>
>
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
>


More information about the Web4lib mailing list