This was a joint presentation by Daniel Ayala (Proquest); Michael C. Robinson (Univ Alaska-Anchorage) and Nettie Lagace (NISO) for the NISO-BISG Forum held on June 24, during the 2016 ALA Annual Conference in Orlando, FL.
2. Nettie Lagace, Associate Director of Programs, NISO
@abugseye
Daniel Ayala, Director Information Security, ProQuest
@buddhake
Michael Robinson, Head of Library Systems, University of
Alaska - Anchorage
@mikerobinson_ak
3. NISO as a “Switzerland”
A meeting place for libraries, vendors, publishers to
discuss common issues and create consensus solutions
4. An Issue of Privacy
ALA code of ethics
Publishers/vendors who serve
users are not librarians
Libraries are servers in the cloud and user
interactions are managed by third parties
5. NISO & Patron Privacy Framework Intro
Can libraries and service providers develop valuable services that are
based on user activity data, or improve existing services using activity
data, in a way that simultaneously protects privacy?
6. NISO & Patron Privacy Framework Intro
Can we build a framework to protect patron privacy that is based on
consensus that simultaneously recognizes the nuances with this issue?
7. NISO & Patron Privacy Framework Intro
Goal: Establish a consensus framework of principles that prescribe how
information systems should respect the privacy of patron data
8. What we arrived on...Overview
Preamble
1. Shared privacy responsibilities
2. Transparency & facilitating privacy awareness
3. Security
4. Data collection and use
5. Anonymization
6. Options and informed consent
7. Sharing data with others
8. Notification of privacy policies and practices
9. Supporting anonymous use
10. Access to one's own user data
11. Continuous improvement
12. Accountability
Glossary
9. So how does this tie to
User Experience?
Security & Privacy User Experience
10. Balance of UX & Privacy
Suppliers (Publishers, Service Providers)
TrustBalance privacy and
functionality
Metrics on usage
Operational info to
keep the service “up”
Multiple customers:
creators and users
11. Libraries
Balance of UX & Privacy
Metrics to fuel funding
and buying decisions
Wide array of
positions on data use
Assessment mandates
Fundamental privacy
tenets as baseline
Expertise
Enablement of users to
make informed decisions
12. Users
Balance of UX & Privacy
Control
Personalisation and
recommendations
Fast, easy, mobile,
ubiquitous access
Informed control over
own privacy and data
Consumer-like
features expected
14. The Librarians
Both ends of the
spectrum...
Legal & Ethical Obligation to Protect
Reader Privacy
1st amendment (free inquiry), ALA policy,
professional ethics
State laws on confidentiality of library records
15. The Librarians
Both ends of the
spectrum...
Libraries Need to Embrace the Modern
Web
E-content, personalization, user experience
Operational needs, business intelligence,
educational assessment
16. The Librarians
Both ends of the
spectrum...
False Dichotomies
Privacy is dead vs privacy at all costs
Abandoning ethics vs fettering
competitiveness
17. UX Focus on the Framework
How do you define what gets collected automatically
vs explicitly asked for?
PII/Sensitive InformationBrowser/Application
Fingerprint
18. UX Focus on the Framework
How do you define what gets collected automatically
vs explicitly asked for?
Persistent Cookies
Tracking
Session Cookies Tracking
19. UX Focus on the Framework
How do you define what gets collected automatically
vs explicitly asked for?
User BehaviourReader Behaviour
(Free Inquiry)
20. UX Focus on the Framework
How do you define what gets collected automatically
vs explicitly asked for?
US Privacy LawsEU Privacy Laws
21. UX Focus on the Framework
What does consent look like?
EU Right to be ForgottenFTC Fair Information
Practises
Legal
22. UX Focus on the Framework
What does consent look like?
Notification via Terms of
Service
Existing Consent Models are Broken
23. UX Focus on the Framework
What does consent look like?
Opt-In & Opt-OutNotification via Terms of
Service
Existing Consent Models are Broken
24. UX Focus on the Framework
What does consent look like?
Data sharing disclosures
Existing Consent Models are Broken
25. UX Focus on the Framework
What does consent look like?
Consent via NagwareData sharing disclosures
Existing Consent Models are Broken
26. UX Focus on the Framework
What does consent look like?
CHOICENO REAL
Existing Consent Models are Broken
34. What’s next for the community?
Consensus building / discussion of principles over the past 2 years
NISO Privacy Principles
Privacy Guidelines from ALA Intellectual Freedom Committee & Digital Content Working Group
LITA Patron Privacy Interest Group
Library Digital Privacy Pledge
35. What’s next
for the
community?
Now is the time for action
How do we put these principles into practice
Iterative process - implement, learn, change
Expectations & perspectives may change as
practices develop
37. The Next Step
Use the shared partnership amongst the vendors, libraries and users to create a
shared ecosystem to build a model
Model language for RFP and Contract
Audit standards and responses
Mapping of principles to local and regional privacy laws
Share implementation best practices amongst libraries and suppliers
Encourage ALA Privacy Summit to move the topic forward
38. Resources
NISO Consensus Framework to Support Patron Privacy in Digital Library and Information Systems - http:
//www.niso.org/topics/tl/patron_privacy/
ALA Code of Ethics - http://www.ala.org/advocacy/proethics/codeofethics/codeethics
ALA Office of Intellectual Freedom - https://chooseprivacyweek.org
ALA Library Privacy Guidelines for e-book Lending and Digital Content Vendors - http://www.ala.
org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
Library Digital Privacy Pledge - https://libraryfreedomproject.org/ourwork/digitalprivacypledge/
Stock Photography Source: Shutterstock and Stocksnap.io