Practical Privacy Pointers For Libraries - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Practical Privacy Pointers For Libraries

Description:

IP address. Can contain user's library id. Search user performed. Index searched. Search terms ... Why not mask entire IP address? ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 24
Provided by: karenc5
Category:

less

Transcript and Presenter's Notes

Title: Practical Privacy Pointers For Libraries


1
Practical Privacy PointersFor Libraries
  • Karen A. Coombs
  • Electronic Services Librarian
  • SUNY Cortland
  • coombsk_at_cortland.edu
  • http//www.librarywebchic.net/presentations/cil200
    5

2
Why libraries should care about privacy?
  • Library Bill of Rights ALA Code of Ethics
  • Legislation at the state and Federal Level
  • User trust
  • Users trust that we are protecting their privacy
    even if we are not or cannot.
  • User expectations
  • Most commercial websites and corporations have
    some sort of privacy policy.
  • In a world where libraries are being

3
Why do we need practical privacy pointers?
  • Digital libraries can be wonderful supports for
    spying.
  • Roy Tennant
  • ALAs Guidelines lack a technical perspective
  • Privacy is an onion
  • Lots of layers

4
(No Transcript)
5
Where to begin
  • Decide on a Privacy Strategy
  • Assess Where Use Data Can be Collected
  • Understand the effects of the policy you put in
    place
  • How is the policy going to effect your data
    collection procedures and library systems?
  • What technologies are you going to use to execute
    the policy?

6
Decide on a Privacy Strategy
  • Collect only what is absolutely necessary.
  • Keep only what you're willing to give up. Destroy
    everything else.
  • Roy Tennant 7/15/2003 Issue of Library Journal
  • Lots of leeway here
  • Degree of vigilance and thoroughness varies from
    library to library and what you consider
    personably identifiable information

7
Assessing Where User Data can be collected
  • Integrated Library Systems
  • Interlibrary Loan Systems
  • Web Servers
  • Proxy servers
  • Public Computers
  • E-reference systems

8
What user data are we currently collecting?
  • Name
  • Address
  • ID Number
  • Phone
  • Email
  • IP address

9
What data do we need to collect?
  • Daily operations
  • Example user data for circulation
  • Security
  • Example Username and passwords
  • Troubleshooting
  • Example Server log files and User IDs
  • Assessment
  • What questions do you want to answer?

10
Data We Had and Dont Need
  • Birthdate
  • Social Security Number
  • Identity Theft Issues
  • Do you have all the information for someone to
    complete a credit card application?
  • How is user information the library collects used
    in other campus systems?
  • Default PINs

11
Thinking About Protecting Privacy
  • Implemented ALEPH
  • ALEPH designed by Ex Libris
  • Not based in United States
  • Many initial clients in Europe and other parts of
    the world
  • European privacy laws very different from US
  • Link between user and item borrowed not broken
    when items returned

12
Integrated Library System
  • Older versions of ALEPH do not break the link
    between user and the items they borrowed when
    items are returned
  • Data about who borrowed what is stored in three
    tables
  • Oracle relentlessly saves data
  • Backups
  • Log files

13
Integrated Library System
  • Ex Libris developed script to de-link user
    information from items
  • Alters three tables in ALEPH to remove user id
  • Can still get generic demographic information
    about user
  • Status (faculty, staff, student)
  • Run delinking script before your backups

14
WebOPAC Server Log Files
  • IP address
  • Can contain users library id
  • Search user performed
  • Index searched
  • Search terms
  • Cleaned out weekly

15
Interlibrary Loan System
  • ILLiad
  • SQL Server database
  • Table for Transactions
  • Each transaction is associated with a specific
    username
  • Keeps track of what users borrow

16
Interlibrary Loan System
  • Atlas provides SQL script to break link between
    user and items interlibrary loaned
  • If use script lose all demographic information
  • Wanted to keep demographic info
  • Created new script
  • Writes demographic information to a new table
  • Breaks link between user and items interlibrary
    loaned
  • Need to synch script with SQL server backups

17
Web Servers
  • Contain IP address of user
  • Collected as daily files
  • Last octet of IP address masked at end of day
  • Why not mask entire IP address?
  • Collect statistics about where users are using
    library resources
  • Subnets

18
Mechanics of log washing
  • Determine the previous days date
  • Wash log files for previous day
  • Add information from previous days log file to
    web server statistics

19
EZProxy Server
  • Contain IP address of user
  • Can contain users ID information
  • Prevent user id from being written to proxy
    server log files
  • Currently
  • Collected as monthly files
  • Monthly files discarded after processed for
    statistical information
  • Future Plans
  • Collect as daily files
  • Mask last octet at end of day
  • Why not mask entire IP address?
  • Collect statistics about where users are using
    library resources
  • Subnets

20
Open URL Resolver
  • SFX
  • Has log files which contain
  • Users IP address
  • OpenURL request
  • Citation for item
  • Server Maintained by the SUNY Office of Library
    and Information Services
  • Log files dont seem to be purged on a regular
    basis

21
Public Computers
  • Configuration
  • Set Temporary Internet Files to 2MB
  • Set History to zero days
  • Leave Cookies on
  • Form Memory turned off
  • Deep Freeze
  • Clears computers when they are rebooted
  • Fall 2005
  • All computers will require authentication
  • Pros
  • Cache will be cleared when user logs out
  • If computers are left logged in and inactive they
    will rebooted
  • Cons
  • Non-college users will have to obtain a guest
    user account to use library computers

22
Lessons Learned
  • A Privacy Policy is more than a written document
  • You dont always control the systems where your
    user data is being stored
  • Data can be stored in places you didnt think of
  • How you purge user data can effect your libraries
    ability to function

23
  • Questions?
  • Further Resources
  • ALA Guidelines for Developing a Library Privacy
    Policy
  • Web Log Washing
  • http//sunsite.berkeley.edu/Web4Lib/RefCenter/logw
    ashing.html
Write a Comment
User Comments (0)
About PowerShow.com