STEPHENSON 1

Name: Crystal Stephenson

Course: Foundations of Library and Information Science
Assignment: Legal / Ethical Issues Essay
Due Date: July 8, 2018
Library Privacy and Security
Concerns over invasion of privacy and threats to security in the digital age have come to

dominate our conscience with the prevalence of data collection and data mining traditionally

associated with consumer information and marketing strategies, and security breaches of well-

known banks and credit bureaus, but while we recognize that our personal information can be

compromised, libraries are no exception. Public libraries are integral to the very fabric of the

communities they serve, but vulnerability exists with public use and access, from basic privacy

issues, like openly displayed screens and Internet search history on public computers, to more

technical concerns over data and Wi-Fi exposures (Falk, 2004) and those bred from personalized

services. Threats to security also infiltrate “every component of a library’s technical

environment” (Breeding, 2016), but the “challenges of establishing adequate defensive measures

have never been more daunting” on the aggregate level, as most “libraries lack the on-site

resources that must be dedicated to security in this hostile context.” The purpose of this paper is

to review some of the existing privacy and security issues libraries face at present and the ethical

dilemma therein, followed by a brief analysis of the published research, policies and

recommendations documented in studies addressing the problem.

The American Library Association “views privacy as essential to the exercise of free

speech, free thought, and free association” (Falk, 2004), but as libraries “provide Internet access

for patrons, or keep computer-based records, employ electronic techniques for circulating and

tracking the use of library materials,” the association has released statements of intent

acknowledging that preservation of patron privacy is of utmost importance while providing a

broad guide for the behavior of library personnel. Confidentiality is integral to the trust a patron
 STEPHENSON 2

has in their institutions, and for this reason, the ALA has also developed privacy guidelines that

many libraries have adopted in an effort to protect user privacy. Every patron should feel free to

seek out “and share information and ideas without scrutiny or other negative effects” (Hirsh,

2015, p. 346), thus information professionals are not only “tasked with managing information,”

but “benefit from an understanding of the laws affecting the collection, use, and storage of

personal data.” The release of personal information to third parties and the reality of data

collection, or data mining, is often considered when using our credit cards, shopping at the store

or reviewing our credit, but libraries “are not free from the problem of personal information

leakage in that they retain user personal information such as mobile phone numbers, family

relations, occupations, and other information as well as resident registration numbers.” (Noh,

2016) With “convenience come problems, such as the exposure of patron private information and

library usage records” (Kim & Noh, 2014), so libraries must “think carefully about how they are

collecting, using, and storing” this sensitive material.

While libraries help to bridge the digital divide for patrons by providing access to

computers and Wi-Fi, this public use breeds vulnerability, from the basic intrusion of privacy

resulting from openly displayed screens and Internet search history to the more technical

consequence of data and Wi-Fi exposures. Personalized services are often lauded but also

increase the possibility of breach of privacy, as seen with user predictions and preferences, book

recommendations, location-based services, the tracking of borrowed materials, and reference

assistance, all of which require personal information for allocation and efficiency. While

predicting a patron’s “needs and creating more effective modes of interaction allow users to

obtain the best information with the least effort” (Noh, 2013), “these individual-specific services

require as much personal data as possible, and thus libraries and librarians often obtain and

manage a large amount of personal information.” The library services we have come to hold so
 STEPHENSON 3

dear “are gradually becoming more sophisticated, owing to information technology providing

user-customized services by tracing reading habits and searching trends.” However, as

convenience is the hallmark of innovation, we lose anonymity in the process through such

services as those designed to “inform users of newly arrived books, new information on areas of

interest, newly subscribed journals and return times for borrowed books through e-mail.”
“Concerns for security apply to every component of a library’s technical environment”

(Breeding, 2016), including hardware, software, mobile devices, applications, and internal

networks, an intrusion of which would thereby mean that “any data within the system can be

exposed or destroyed and the operation of the systems can be vandalized or rendered

inoperable.” Although violations can occur through hacking and illegal use of data, issues of

security may reach beyond nefarious intent. One point of contention over user security stems

from the U.S. Patriot Act of 2011 passed following the terrorist attacks on September 11th. The

ethical question as to whether a person’s privacy should be compromised in the name of security

has yet to be answered, but while the debate continues, libraries are not exempt from the

crossfire. A bill was introduced to the U.S. House of Representatives in 2003 “to free libraries

and bookstores from intrusive provisions of the USA Patriot Act” (Falk, 2004), but failed to be

taken up by the Senate. Since then, over “250 US cities, towns and counties have enacted

resolutions or ordinances to protect the civil liberties against undesirable features” of the Act,

and the “American Booksellers Association, the American Library Association, and the writers

group PEN American Center” have collectively taken steps towards engaging the public to push

“congress to amend the law.” One journal in 2008 reported that, “As libraries have become

subject to government invasions of privacy in the name of national security, librarians have come

to understand that there is no better way to protect national security than to make sure that due

process and basic rights are not sacrificed in the name of expedience.” (Kniffel, 2008) Therefore,
 STEPHENSON 4

the “state of privacy in our democracy demands a renewed advocacy for the readers’ right to

privacy,” which goes “beyond crafting effective policy” and “political advocacy,” but librarians

must also do their part to “engage their own community readers in the discussion.”
An analysis of privacy concerns would be incomplete without acknowledging the

inherently ethical dilemma libraries contend with. Intellectual freedom is a core value to a

library’s operation, so it is a dichotomous issue at best. For instance, patrons “search and use

various information data at the library or on the library’s website, and that use pattern is

monitored and analyzed” (Noh, 2017), and as consequence, that “collected data is then utilized

without the users’ consent.” On the other hand, “libraries are established in order to protect the

intellectual freedom of citizens, and the citizens have the right to keep confidential the

information that they request, access, and use.” A library’s integrity is at risk when patron’s fear

their computer use is “monitored and all the information about their books borrowed, websites

visited, contents of SMS communication and e-mails, and subjects researched are recorded” and

“could be leaked at any time” due to “failure by the library to secure the users’ intellectual

freedom without discrimination, the library’s very reason for existence.”

Libraries have already codified some policies in respect to user privacy through

statements of will and intent, but these established rules and guidelines “are not enough in

libraries that provide internet access, maintain computer-based records, trace the use of library

resources, or use electronic technology for the return of borrowed books.” (Noh, 2013) The

“ethical, legal, and practical” policies adopted “for the sake of public interests” must be tempered

by “the interest of the concerned individuals.” A study released in 2014 recommended a private

information management plan encouraging public education of the collection and preservation of

usage records, terms and conditions of service clearly defined for users, and a revised system of

monitoring library networks for leaks, which can “come from both inside and outside the
 STEPHENSON 5

institution” (Kim & Noh, 2014), followed by immediate action to rectify in such a case.

Education is key, urges Younghee Noh, who “developed an education program along with

comprehensive investigation and analysis of the privacy infringement probability in the library”

(Noh, 2014), adding a summation of this “training session for librarians” in her report. The “duty

to protect user privacy,” Noh concludes, is “one of the most basic responsibilities of libraries and

librarians,” and in keeping with these values, recommends stronger engagement, communication,

education, and training for all affected parties.

While a patron’s personal information may be compromised in the name of convenience

and efficiency, the debate over privacy in the twenty-first century forges on. Libraries must

contend with this complicated issue, made more complex by “the filter bubble argument” and

“anxiety about records and location information utilized by communication companies” (Noh,

2013). Librarians now face “access demands affected by the legal issues surrounding file sharing,

filtering, and copyright violations” in addition to the collection and management of records kept

on patrons, which can easily be “exposed to vendors or institutions like the federal government.”

Ethical issues of privacy and security remain at the forefront of our digital information age, but

the research suggests a more intensive monitoring of library network leakage, swift action in

response, and improved education for all involved in an effort to mitigate threats of violations

and intrusions going forward, as a lack of public trust and confidence could hinder our most

valuable institution in the long run.

 STEPHENSON 6

References
Breeding, M. (2016). High Security and Flexible Privacy for Library Services. Computers in
Libraries, 36(5), 12-15. doi:10.1108/02640470410541697
Falk, H. (2004). Privacy In Libraries. The Electronic Library, 22(3), 281-284.
doi:10.1108/02640470410541697
Hirsh, S. (2015). Information Privacy and Cybersecurity. In Information Services Today: An
Introduction (p. 346). Lanham, MD: Rowman & Littlefield.
Kim, D. S., & Noh, Y. (2014). A Study of Public Library Patrons’ Understanding of Library
Records and Data Privacy. International Journal Of Knowledge Content Development

And Technology, 4(1), 53-78. doi:10.5865/IJKCT.2014.4.1.053

Kniffel, L. (2008). From the Editor: Delusions of Privacy. American Libraries, 39(8), 4-4.
Retrieved from http://www.jstor.org.ezproxy.lib.usf.edu/stable/25650046
Noh, Y. (2014). Digital Library User Privacy: Changing Librarian Viewpoints Through
Education. Library Hi Tech, 32(2), 300-317. doi:10.1108/LHT-08-2013-0103
Noh, Y. (2017). A Critical Literature Analysis of Library and User Privacy. International
Journal Of Knowledge Content Development And Technology, 7(2), 53-83.

doi:10.5865/IJKCT.2017.7.2.053