Library Privacy Checklist for Library Management Systems/Integrated Library Systems

This checklist is intended to help libraries of all capacities take practical steps to implement the principles that are laid out in the Library Privacy Guidelines for Library Management Systems / Integrated Library Systems.  Library Management Systems (LMS) are also known as Integrated Library Systems (ILS).

Priority 1 are actions that hopefully all libraries can take to improve privacy practices. Priority 2 and Priority 3 actions may be more difficult for libraries to implement depending on their technical expertise, available resources, and organizational structure.

Priority 1 Actions

  1. Develop a privacy policy about patron information in the LMS and publish it on the library’s website in a place that is easy to find.
  2. Request and store only the personal information about patrons necessary for library operations. Periodically remove data that is no longer necessary for library operations (e.g. purchase-request data).
    1. If the LMS supports it, use “fuzz” demographic information wherever possible (e.g. use a “minor/not a minor” classification instead of recording full birth date).
  3. Aggregate or anonymize reports to remove personally identifiable information. Reports should be periodically reviewed to ensure they are not revealing this type of information.
  4. Configure the LMS by default to remove transactional data between patrons and materials they borrow / access when it is no longer needed for library operations.
    1. Allow patrons the ability to opt-in to personalization features like keeping their checkout history or a list of favorite titles.
    2. Allow patrons to later opt-out of features if they change their mind. Ensure that data previously retained for these features is deleted when patrons opt out.
  5. Develop procedures for library staff on how to handle law enforcement and government requests for patron records.

Priority 2 Actions

  1. Restrict access to patron records in the LMS to staff members with a demonstrated need for it. For example, circulation staff need access but shelvers do not.
  2. Configure library notifications for holds, overdues, etc. to send a minimal amount of personal information.
  3. Develop policies and procedures regarding the extraction, storage, and sharing of patron data from the LMS for in-house or contracted third-party use.
    1. Restrict access to the extracts to appropriate staff.
    2. The policy should include disposal/deletion of extracts.
  4. Encrypt offline data backups to prevent access by unauthorized personnel.
  5. Keep LMS applications and underlying server software up-to-date to mitigate the impact of security vulnerabilities.

Priority 3 Actions

  1. Store all passwords (patron and staff) in a secure fashion using a proper cryptographic hash function. At this time bcrypt or better are good standards.
  2. Encrypt all traffic between the LMS server and any client connections outside a secure LAN. For example, use a VPN to encrypt the connection over the Internet of a checkout station at a branch library to the LMS server at the main library.
  3. Conduct regular audits of the network and LMS servers to make sure reasonable security measures are in place to prevent unauthorized access.
  4. Create procedures to handle data breaches to unauthorized parties and mitigate their impact on patrons.

Resources

Marshall Breeding, Privacy and Security of Automation and Discovery Products, Smart Libraries Newsletter (2015)

Electronic Privacy Information Center (EPIC) Code of Fair Information Practices

Marshall Breeding, Privacy and Security for Library Systems, Library Technology Reports [May/June 2016]  

Approved January 21, 2017 by the Intellectual Freedom Committee