Abstract
This chapter discusses five major types of data that libraries may be responsible for the collection, storing, or analyzing of and the threats to privacy faced when dealing with each: web data collection and usage, patron records, learning analytics, research data, and data sharing. It highlights how a lack of clear and consistent policy, improper handling and storage of the data, misuse of the data, and lack of proper informed consent procedures can all compromise patrons' privacy and present threats to patrons' trust in the library. To ensure that data is handled with care, this chapter further introduces four frameworks for ethical data practices, which have recently been proposed in the scholarly literature, and discusses how each may apply to library data issues. By following an ethical framework and developing solid procedures, librarians can ensure private, equitable, and mutually-beneficial data relationships with their patrons, regardless of what new types of data technologies emerge in coming years.
TopWeb Data Collection And Usage Policy
Web data collection and usage can be some of the more overt examples of infringement on patrons’ data. According to Lund (2021), only about 45% of public libraries surveyed had a data privacy policy available on their website, of which about one-third had not been updated since 2015. Additionally, only about 10% of these websites provided any kind of educational information about how data may be used or how to preserve personal privacy. Of the privacy policies that did exist, 14% simply stated that there should be no expectation of privacy when using library computers and websites; 20% stated that there should be no expectation of privacy but that the library would do what it could to preserve it; 14% cited legal frameworks as the basis of their policy (i.e., data privacy laws); 27% cited the American Library Association’s Bill of Rights as a framework for their policy; and 25% (only 110 libraries of the 1000 total surveyed) provided a unique (specific to their library) and detailed privacy policy. This illustrates the substantial gaps that may exist in individuals’ awareness about how their data is being collected and used by the library itself, let alone third-party sites.
Key Terms in this Chapter
Privacy Literacy: The acquisition of a set of knowledge and skills necessary to understand the meaning of privacy, the existence of privacy risks, and measures that can be taken to preserve one’s privacy.
Data Privacy: Ethical principles that guide how data ought to be collected, stored, shared, and analyzed in order to preserve data subjects’ rights to privacy and anonymity. Considerable debate in data science centers on the extent to which privacy of data and the use of data to inform novel insights must be balanced (with some favoring the maximization of data uses, and others strictly defending privacy).
Learning Analytics: Data analyses performed on educational data (e.g., students’ scores, assessments, backgrounds) with the intention of using the findings to inform better educational services.
Personally Identifiable Information (PII): Information that can be used, either by itself (such as a list of names and social security numbers) or in conjunction with other information (such as an ID number that can be associated with a name, address, and phone number in a separate data set), to identify and/or locate an individual.
Research Data Management: The process of maintaining data throughout all stages of the research lifecycle; includes the assurance of data privacy throughout the research process.
Informed Consent: The obligation of a researcher/data analyst to inform data subjects about how data will be collected, stored, shared, and analyzed, their rights as participants, and their ability to opt-out of the data collection, accompanied by the data subject’s agreement to these terms.
Data Ethics: A philosophy or set of ethical principles that guide how data ought to be collected, stored, shared, and analyzed.
Transparency (Data Transparency): Providing individuals/data subjects with a clear understanding of how their data will be collected, stored, shared, and analyzed, as well as who will be responsible for the data.
Machine Learning: The use of “smart” (advanced and specialized) computer algorithms that “learn” (improve operations) from existing data and use this knowledge (refined operations) to process future data inputs.
Data Subjects: The subject/population from whom data is collected (e.g., in learning analytics, students of the university/program would likely be the data subjects).