ALA | Conducting a Privacy Audit

Print

Conducting a Privacy Audit

The audit process begins by evaluating an organization's existing policies and procedures for legality and consistency with the organization's mission and image. When policies have been reviewed (or established), the data collected can be categorized according to the degree of security necessary. The audit assesses the sensitivity, security risks, and public perceptions of the information the organization collects. The audit examines the necessity for each type of data, how it is collected, and what notice and options are provided to the individuals identified by the information. Mapping how data flows through the organization for access, storage, and disposal can reveal security needs, both electronic and physical. The audit process itself must be managed so that it does not increase risks and its recommendations must be addressed quickly once risks are revealed.

Below is an outline of tasks for conducting a privacy audit:

Review legal context

-- Federal law
-- State Law
-- Local Ordinances

Review current library policies

-- ALA Policy on Confidentiality (ALA Code of Ethics 54.15 pt. 3)
-- Institution's policy
-- Library privacy policy

Conduct assessment of library systems data

-- Library and library records, including circulation records, patron registration, circulation transaction logs, and overdue, billing and payment records
-- Determine whether policies adequately restrict access to records and logs that reveal what was borrowed by a patron to library staff who have a legitimate need to see the record
-- Determine whether to delete circulation records from a patron's file once an item is returned
-- Decide whether to delete patron registration records after the expiration of the borrower's privileges
-- Examine library system transaction logs

Assess institutional network

-- Restrict access to server logs to library staff who have a legitimate need to consult

Examine Internet access to determine vulnerability of library patron records via the World Wide Web.

-- Does the system require users to log-in to use the computer to surf the Internet?
-- Does the system personalize desktop terminals to the personal settings of the user?
-- Do the e-mail features subject the patron to vulnerability?
-- Does the system keep web-server logs of patron Internet activities?

Assess remote systems

-- Inter-Library Loan Partners
-- Database vendors

Define System Rules

-- What data will be retained
-- How user data that is stored on the system protected from unauthorized use
-- Who has access to the data
-- How long is the data retained

Determine & implement desired practices

-- Notify users whenever personally identifiable information will be stored on the system
-- Remove data from dormant accounts
-- Pay attention to system security
-- Set limits on length of time data is stored
-- Create aggregate statistics rather than tracking individual transactions
-- Advise users of limits to library privacy protection when using remote sites.
-- Negotiate for proper and secure logging practices and procedures in contracts

Designate privacy officer

Educate staff

Inform users through library privacy policy

Further information:
Enright, Keith P. [2001]. "Privacy Audit Checklist."
http://cyber.law.harvard.edu/clinical/privacyaudit.html

Flaherty, David H. 1998. "How To Do A Privacy And Freedom Of
Information Act Site Visit."
http://www.pco.org.hk/english/infocentre/files/flaherty-2.doc

Jerskey, Pamela, Ivy Dodge, Sanford Sherizen. [1998]. "The Privacy
Audit: a Primer."
http://www.bc.edu/bc_org/fvp/ia/pri/intro.html