[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Privacy and ICOLC



>From my viewpoint, a great deal more needs to be done to protect users'
privacy, including the actions that David Goodman outlines below.  Other
steps that I see as being necessary include advocacy for legislation (or
changes in existing legislation) to protect privacy; articulation of what
it means to protect user privacy in relation to electronic resources, as
David does below; and consumer action (not necessarily focused on
electronic information resources, as there are much broader issues
involved).

The privacy of the individual user has long been regarded as one of the
most basic ethical principles of librarianship.  One example of the
expression of this principle can be found on the American Library
Association's web site at
http://www.ala.org/Content/NavigationMenu/Our_Association/Governance/Policy_Manual/Services.htm
see:  52.4 Confidentiality of Library Records:

[snip]

The ethical responsibilities of librarians, as well as statutes in most
states and the District of Columbia, protect the privacy of library users.
Confidentiality extends to "information sought or received, and materials
consulted, borrowed, acquired," and includes database search records,
reference interviews, circulation records, interlibrary loan records, and
other personally identifiable uses of library materials, facilities, or
services.

[snip - there's more on the site]

The significance of the ICOLC Privacy Guidelines, from my point of view,
is this:

Those who are responsible for purchasing electronic resources in a very
great many of the world's libraries considered the question:  do
individual users have the right to expect privacy in the realm of
electronic resources?  And the answer was a resounding yes, as expressed
in the ICOLC Privacy Guidelines.  In particular, the question of whether
gathering information about individuals to resell for advertising purposes
could be seen as an acceptable business practice was soundly rejected, as
being a serious violation of this fundamental principle.  The Guidelines
themselves are deliberately somewhat broad and philosophical in nature
(like the ALA statement above), recognizing that changes in technology
could render obsolete any specific procedural proscriptions.

a personal opinion by,

Heather Grace Morrison


liblicense-l@lists.yale.edu writes:
>>In my view, the IOCLC statement offers minimal protection.
>>
>>At the most basic level, as I read it, it does not even prevent requiring
>>personal information about a user to obtain access or services. Very few
>>providers do in fact still require this information for access, but most
>>do require personal information for such services as stored searches.
>>This is not technically necessary--they could ask the user to provide an
>>arbitrary id and password to retrieve the information, or send the
>>emailed information through a blind mailing facility at the users' 
>>institution which conceals the individual name from the provider.
>>
>>At a more subtle level, the user ip address are normally known to the
>>provider. It would easily be possible to route all such traffic through a
>>suitable proxy, such that the specific ip of the originating address was
>>not disclosed beyond the users' institution. This would still provide the
>>possibility of tracing in case of suspected license violation.
>>
>>The user does, of course, have the potential protection of using a
>>computer in the library. Essentially all contracts provide for anonymous
>>use in such cases. I think it is our obligation to protect our users even
>>when, for convenience, they choose to use more identifiable facilities.
>>Some libraries violate the spirit of such anonymous access by requiring
>>log in from library computers, even when (as usual) the license does not
>>require it. Indeed some librarians have commented to me that they would
>>need to pay extra for such licenses, which is simply not generally true.
>>
>>I accept as a basic principle of our profession that all academic and
>>public libraries have the obligation to protect their users against any
>>possibility of disclosing or identifying the contents of a search, just
>>as they have the obligation to protect them against disclosure of the 
>>use of a particular book or periodical. No library records can ever be 
>>safe from legally-ordered disclosure, and the permissible scope of such 
>>disclosure is widening, at least in the United States. The only true 
>>protection is to ensure that no such records are recorded in the first 
>>place. Doing otherwise is the equivalent of locating a video camera to 
>>record every computer user and transaction.
>>
>>Merely including the phrase "except as required by law" is in this
>>context no longer sufficient for academic freedom.
>>
>>Speaking personally, David Goodman