The Open Library: Realizing the Promise and Mitigating the Peril

Cindy Gibbon, Access Services Coordinator of Multnomah County Library (MCL), Oregon, opened the discussion about privacy and intellectual freedom in a web 2.0 world by sharing the results of a study of MCL’s users. Some things MCL users said they want:

Notification when requested items are added to the catalog
Public comments and recommendations of books read
Blogs, podcasts, reference via instant messaging
Text message alerts
Saved lists of titles checked out or of interest
RSS feeds
Ability to communicate online with other library patrons

She then shared some compelling data from the December 2007 Pew Internet & American Life Project Survey about the ubiquity of mobile communications technologies. The bottom line: MCL patrons want a 2.0 library experience.

Some library patrons indicated that it is important to them that their library records remain private, and some did not. Cindy pointed out that it is librarians’ responsibility to protect patrons’ privacy on their behalf, and then proceeded to illuminate some challenges presented by web 2.0. Libraries are now creating records–such as blog posts and comments, and chat transcripts–that never existed before. We are keeping records like never before (think reading lists and MyLibrary tools), we’re sending records into realms beyond our control (in the forms of text messages, rss feeds, and more), and we’re inviting our users to personalize and participate in the evolution of our products and services.

Cindy aptly drew a comparison between opening the doors of the physical library and to the virtual library. Libraries have policies to protect patrons in the physical library; the same should be true for the virtual environment. The Fair Information Practices section of ALA’s Intellectual Freedom Manual can help libraries update their privacy policies. Privacy warnings can be provided, and patrons should be given the choice to opt into (not out of) of services that involve any risk.

Cindy also talked about what can happen when a library creates a public forum, and pointed out that there are two types–open forums (a.k.a. the “free-for-all”), and limited or designated public forums. Unlike the open forum, the limited or designated public forum has rules, boundaries, and guidelines. Important when using social software to create a limited forum:

Make explicit what you are trying to accomplish
Explain the type of forum and its purpose
Make clear the rules and the penalties for violation
Identify when, how, and by whom posts will be vetted
Create a notice and appeal process

Digital library consultant Karen Coyle then talked about technical and legal issues that librarians launching interactive web-based services need to consider. She pointed out that when we say “privacy,” we often mean “confidentiality,” and that there are three exceptions to the confidentiality of patron records:

Librarians have access to patron records
Records of money owed to the library are not protected
Records are not protected in the case of a court order

Karen pointed out that as social networking and libraries evolve together, the context of the networking is likely to be broader than the user’s “home” library. The larger the network, the greater its value. But the greater the risk as well. Facebook is routinely asked by law enforcement for the personal data of its users, and as a private company, is responsible only for complying with its own privacy policy. Libraries, on the other hand, must comply not only with their own privacy policies, but also with state laws that require libraries to protect certain data.

So how can we protect information over which we have limited control?

We can make clear to our users which virtual spaces are protected and which are not. We can have conversations with our IT departments about allowing users to remain anonymous in certain cases, and again, we can require users to opt into services where records may not be totally protected. We can undergo a security audit, make sure we have the knowledge and capability to secure our systems, and we can discuss with our vendors and help shape the policies and practices they employ when it comes to the security of our patrons’ library use data.