Library Privacy Checklist for Assistive Technology

This checklist is intended to help all libraries take practical steps to improve privacy practices. It can help all libraries implement the principles laid out in the Library Privacy Guidelines for Assistive Technology.

Priority 1 actions are steps all libraries can take to improve privacy practices. Priority 2 and Priority 3 actions are as important as Priority 1 actions. They help protect user privacy, but may be more difficult for libraries to implement. This is because each library may or may not have the capacity to do Priority 2 or 3, depending on:

  • differing technical expertise
  • available resources
  • organizational structure

Regardless of these factors, libraries can use Priority 2 and Priority 3 actions as talking points with third parties and vendors. These third parties and vendors may have the resources and expertise to help the library implement these actions.

 

Priority 1 Actions

  1. Create internal library procedures to protect assistive technology users’ privacy based on:

    a. Library policies related to privacy and confidentiality of user data, especially assistive tech equipment user records, and the use of library resources in all formats;

    b. Federal laws such as the Americans with Disabilities Act and The Rehabilitation Act of 1973 as well as federal privacy laws and state privacy laws regarding library records;

    c. ALA policy statements and resources;

    d. Resources provided by national disabilities associations and state library associations.

    1. Deploy low-tech assistive technology that have fewer user privacy implications such as cardboard communication boards or hand-held magnifiers.
    2. Provide over-the-ear headphones for users to borrow.
    3. Design, test, and implement means to isolate users from being overheard or seen in their assistive technology usage.

      a. If possible, begin discussions to allocate a separate room or facility for exclusive assistive technology use.

      1. Design, test, and implement line-of-sight screening for publically accessible computers.
      2. Configure equipment usage software to delete users’ assistive technology borrowing history and retain only minimally necessary records regarding the use of assistive technology.

        a. Store all records that contain personally identifiable information in a secured area and destroy after business use.

        1. Train multiple members of the library staff on assistive technology equipment usage as well as user privacy assurance support. Assign at least one person per shift to assist users.
        2. Discuss privacy policies with users when they access assistive technology. Adapt presentation of the privacy policies to be responsive to the user’s abilities.

         

        Priority 2 Actions

        1. Educate library boards, administrators, and library workers about assistive technology users’ privacy issues and the confidentiality of user data using a variety of communication methods such as in-service training, newsletters, and email messages.
        2. Add detailed privacy-related resources to the library collection including items related to users’ personal privacy, disability accommodation and privacy rights, and privacy as a national and international issue.
        3. Create a privacy information section on the library web page or a privacy-themed pathfinder with disability accommodation and privacy rights resources.
        4. Provide privacy screens or recessed displays to users.
        5. Provide both black dry-erase boards and white dry-erase boards to give users the option of using either contrast option, depending on their visual needs.
        6. Install restoration software or employ other technological means to remove traces of individual use on public access equipment, including computers, and other devices provided by the library.
        7. Disable usage tracking on public access computers or other assistive technology devices provided by the library.
        8. Train a majority of members of the library staff on assistive technology equipment usage but particularly user privacy assurance support. Assign multiple people per shift to assist users.
        9. Begin planning a separate room or facility for exclusive assistive technology use.

         

         Priority 3 Actions

        1. Educate all library users about assistive technology users’ privacy issues and the confidentiality of user data using a variety of communication methods such as displays, open houses, and website messaging.
        2. Audit the detailed privacy-related resources in the library collection including items related to users’ personal privacy, disability accommodation and privacy rights, and privacy as a national and international issues and increase as needed.
        3. Anonymize transactional logs generated by access control software and network authentication. Destroy usage data when no longer needed.
        4. Routinely perform a security audit of the assistive technology to attempt to locate deficiencies in the security of the systems. This should include software-based and physical inspections.
        5. Designate a separate room or a well-screened section for assistive technology users that allows lighting and other environmental factors to be adjusted based on user preferences.
        6. Train all library staff on assistive technology equipment usage but particularly user privacy assurance support.
        7. Work with all library or library district stakeholders to create an official library privacy policy about assistive technology availability and use records as well as the use of library resources. The policy should include:

        a. Representatives from disability groups and support organizations should be included in the policy creation process;

        b. The privacy policy should be approved by the library’s governing body;

        c. Post the policy in the library and on the library’s website;

        d. Promote the library’s privacy policy within the community;

        e. Work with library officials to incorporate privacy protections into assistive technology requests for proposal and resulting contracts;

        f. Discuss privacy concerns with digital resource and technology vendors when negotiating contracts;

        g. Ensure that all online transactions between client applications and server applications are encrypted.

        h. Ensure that storage of personally identifiable assistive technology information is housed using encrypted storage.

         

         

        Approved June 26, 2021, by the Intellectual Freedom Committee