An Examination of Academic Library Privacy Policy Compliance with Professional Guidelines

Authors

  • Greta Valentine University of Kansas Libraries, Lawrence, Kansas, United States of America
  • Kate Barron Stanford Libraries, Stanford, California, United States of America

DOI:

https://doi.org/10.18438/eblip30122

Keywords:

privacy, privacy policies, professional values, data ethics

Abstract

Objective – The tension between upholding privacy as a professional value and the ubiquity of collecting patrons’ data to provide online services is now common in libraries. Privacy policies that explain how the library collects and uses patron records are one way libraries can provide transparency around this issue. This study examines 78 policies collected from the public websites of U.S. Association of Research Libraries’ (ARL) members and examines these policies for compliance with American Library Association (ALA) guidelines on privacy policy content. This overview can provide library policy makers with a sense of trends in the privacy policies of research-intensive academic libraries, and a sense of the gaps where current policies (and guidelines) may not adequately address current privacy concerns.

Methods – Content analysis was applied to analyze all privacy policies. A deductive codebook based on ALA privacy policy guidelines was first used to code all policies. The authors used consensus coding to arrive at agreement about where codes were present. An inductive codebook was then developed to address themes present in the text that remained uncoded after initial deductive coding.

Results – Deductive coding indicated low policy compliance with ALA guidelines. None of the 78 policies contained all 20 codes derived from the guidelines, and only 6% contained more than half. No individual policy contained more than 75% of the content recommended by ALA. Inductive coding revealed themes that expanded on the ALA guidelines or addressed emerging privacy concerns such as library-initiated data collection and sharing patron data with institutional partners. No single inductive code appeared in more than 63% of policies.

Conclusion – Academic library privacy policies appear to be evolving to address emerging concerns such as library-initiated data collection, invisible data collection via vendor platforms, and data sharing with institutional partners. However, this study indicates that most libraries do not provide patrons with a policy that comprehensively addresses how patrons’ data are obtained, used, and shared by the library.

Downloads

Download data is not yet available.

References

Affonso, E. P., & Sant’Ana, R. C. G. (2018). Privacy awareness issues in user data collection by digital libraries. IFLA Journal, 44(3), 170–182. https://doi.org/10.1177/0340035218777275

American Library Association. (2014). Privacy Tool Kit. ALA Intellectual Freedom Committee. https://alair.ala.org/handle/11213/16714

American Library Association. (2017a). Privacy | Advocacy, Legislation & Issues. https://web.archive.org/web/20171101171848/https://www.ala.org/advocacy/privacy

American Library Association. (2017b). Privacy and Confidentiality Policy. Tools, Publications & Resources. https://web.archive.org/web/20170322042558/http://www.ala.org/tools/challengesupport/privacypolicy

American Library Association. (2021a). Privacy. Advocacy, Legislation & Issues. https://www.ala.org/advocacy/privacy

American Library Association. (2021b, April 28). Developing or Revising a Library Privacy Policy. https://web.archive.org/web/20210428022310/http://www.ala.org/advocacy/privacy/toolkit/policy#sectionstoinclude

American Library Association. (2021c, October 21). Privacy Field Guides for Libraries. Privacy policies. https://libraryprivacyguides.org/privacy-policies/

Asher, A. (2017). Risk, Benefits, and User Privacy: Evaluating the ethics of library data. In B. Newman & B. Tijerina (Eds.), Protecting Patron Privacy: A LITA Guide (pp. 43–56). Rowman & Littlefield. https://hdl.handle.net/2022/22035

Asher, A., Briney, K. A., Gardner, G., Hinchliffe, L., Levernier, J., Nowviskie, B., Salo, D., & Shorish, Y. (2018). Ethics in Research Use of Library Patron Data: Glossary and Explainer. https://osf.io/xfkz6/

Atkinson & Coffey: Atkinson, P. A. & Coffey, A. (1997). Analysing documentary realities. In D. Silverman (Ed.), Qualitative research: Theory, method and practice, London: Sage, 45–62.

Beile, P., Choudhury, K., & Wang, M. C. (2017). Hidden treasure on the road to Xanadu: What connecting library service usage data to unique student IDs can reveal. Journal of Library Administration, 57(2), 151–173. https://doi.org/10.1080/01930826.2016.1235899

Bettinger, E., Burnett, M., Gibeault, M., Shorish, Y., & Walker, P. (2019). Technologies of Surveillance Group Advocacy Action Plan. https://doi.org/10.17605/OSF.IO/J5K8S

Bowen, G. A. (2009). Document analysis as a qualitative research method. Qualitative Research Journal, 9(2), 27–40. http://dx.doi.org/10.3316/QRJ0902027

Briney, K., Yoose, B., Ockerbloom, J. M., Swauger, S., Harper, C., Levernier, J., & Shorish, Y. (2018). A Practical Guide to Performing a Library User Data Risk Assessment in Library-Built Systems. https://doi.org/10.17605/OSF.IO/V2C3M

Choudhry, A. J., Baghdadi, Y. M., Wagie, A. E., Habermann, E. B., Heller, S. F., Jenkins, D. H., Cullinane, D. C., & Zielinski, M. D. (2016). Readability of discharge summaries: with what level of information are we dismissing our patients? The American Journal of Surgery, 211(3), 631–636. http://dx.doi.org/10.1016/j.amjsurg.2015.12.005

Coombs, K. A. (2005). Protecting user privacy in the age of digital libraries. Computers in Libraries, 25(6), 16–20.

Crawford, K., & Schultz, J. (2014). Big data and due process: Toward a framework to redress predictive privacy harms. Boston College. Law School. Boston College Law Review, 55(1), 93–128.

Drachsler, H., & Greller, W. (2016, April 25). Privacy and Analytics – it’s a DELICATE Issue. A Checklist for Trusted Learning Analytics. https://doi.org/10.1145/2883851.2883893

Duke University Libraries. (2013, September 6). Duke University Libraries Privacy Statement Duke University Libraries. https://library.duke.edu/about/privacy

Elo, S., & Kyngäs, H. (2008). The qualitative content analysis process. Journal of Advanced Nursing, 62(1), 107–115. https://doi.org/10.1111/j.1365-2648.2007.04569.x

Erlingsson, C., & Brysiewicz, P. (2017). A hands-on guide to doing content analysis. African Journal of Emergency Medicine, 7(3), 93–99. https://doi.org/10.1016/j.afjem.2017.08.001

Farkas, M. (2018). We can, but should we? When trends challenge our professional values. American Libraries, 49(3–4), 46–47.

Flesch, R. F. (1979). How to Write Plain English: A Book for Lawyers and Consumers. New York: HarperCollins.

Guest, G., MacQueen, K. M., & Namey, E. E. (2012). Applied Thematic Analysis. Thousand Oaks, CA: Sage Publications.

Illinois University Library. (2017). Privacy Policy. General Information. https://www.library.illinois.edu/geninfo/policies/p_policy/

Jones, J. (2010). Using Library Swipe-Card Data to Inform Decision Making. University Library Faculty Presentations. https://scholarworks.gsu.edu/univ_lib_facpres/21

Jones, K. M. L., & Salo, D. (2018). Learning analytics and the academic library: Professional ethics commitments at a crossroads. College & Research Libraries, 79(3), 304-323. https://doi.org/10.5860/crl.79.3.304

Kritikos, K. C., & Zimmer, M. (2017). Privacy policies and practices with cloud-based services in public libraries: An exploratory case of BiblioCommons. Journal of Intellectual Freedom and Privacy, 2(1), 23–37. http://dx.doi.org/10.5860/jifp.v2i1.6252

Magi, T. J. (2007). The gap between theory and practice: A study of the prevalence and strength of patron confidentiality policies in public and academic libraries. Library & Information Science Research, 29(4), 455–470. https://doi.org/10.1016/j.lisr.2007.07.001

Magi, T. J. (2010). A content analysis of library vendor privacy policies: Do they meet our standards? College & Research Libraries, 71(3), 254–272. https://doi.org/10.5860/0710254

Nichols Hess, A., LaPorte-Fiori, R., & Engwall, K. (2015). Preserving patron privacy in the 21st century academic library. The Journal of Academic Librarianship, 41(1), 105–114. https://doi.org/10.1016/j.acalib.2014.10.010

Oakleaf, M. (2010). The value of academic libraries: A comprehensive research review and report. Association of College & Research Libraries. http://www.ala.org/acrl/sites/ala.org.acrl/files/content/issues/value/val_report.pdf

O’Brien, P., Young, S. W., Arlitsch, K., & Benedict, K. (2018). Protecting privacy on the web: A study of HTTPS and Google Analytics implementation in academic library websites. Online Information Review, 42(6), 734–751. http://dx.doi.org/10.1108/OIR-02-2018-0056

Pekala, S. (2017). Privacy and user experience in 21st century library discovery. Information Technology and Libraries (Online), 36(2), 48–58.

Perry, M. R., Briney, K. A., Goben, A., Asher, A., Jones, K. M. L., Robertshaw, M. B., & Salo, D. (2018). Learning Analytics, SPEC Kit 360. https://publications.arl.org/Learning-Analytics-SPEC-Kit-360/

Prindle, S., & Loos, A. (2017). Information ethics and academic libraries: Data privacy in the era of big data. Journal of Information Ethics, 26(2), 22–33.

Rubel, A., & Jones, K. M. L. (2016). Student privacy in learning analytics: An information ethics perspective. Information Society, 32(2), 143–159. https://doi.org/10.1080/01972243.2016.1130502

Sturges, P., Davies, E., Dearnley, Iliffe, U., Oppenheim, C., & Hardy, R. (2003). User privacy in the digital library environment: An investigation of policies and preparedness. Library Management, 24(1/2), 44–50. http://dx.doi.org/10.1108/01435120310454502

Sutlieff, L., & Chelin, J. (2010). ‘An absolute prerequisite’: The importance of user privacy and trust in maintaining academic freedom at the library. Journal of Librarianship and Information Science, 42(3), 163–177. https://doi.org/10.1177/0961000610368916

Tenopir, C. (2010). Measuring the value of the academic library: Return on investment and other value measures. The Serials Librarian, 58(1–4), 39–48. https://doi.org/10.1080/03615261003623005

University of Arizona Libraries. (2016, August 24). Privacy statement. University Libraries. https://new.library.arizona.edu/policies/privacy

University of Florida Libraries. (2019). Privacy Policy. About: Overview. https://uflib.ufl.edu/about/user-policies/privacy-policy/

Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g; 34 CFR (1974). https://studentprivacy.ed.gov/ferpa

Vaughan, J. (2020). Library Privacy Policies. Library Technology Reports, 56(6), 5–53.

Voeller, S. (2007). Privacy policy assessment for the Livingston Lord Library at Minnesota State University Moorhead. Library Philosophy and Practice. https://digitalcommons.unl.edu/libphilprac/151/

Yoose, B. (2018, February 13). Data Analytics and Patron Privacy in Libraries: A Balancing Act. Code4Lib, Washington, D.C. https://osf.io/xb4mf/

Downloads

Published

2022-09-19

How to Cite

Valentine, G., & Barron, K. (2022). An Examination of Academic Library Privacy Policy Compliance with Professional Guidelines. Evidence Based Library and Information Practice, 17(3), 77–96. https://doi.org/10.18438/eblip30122

Issue

Section

Research Articles