This checklist is intended to help all libraries take practical steps to improve privacy practices. It can help all libraries implement the principles laid out in the Library Privacy Guidelines for Library Management Systems (LMS).
Priority 1 actions are steps all libraries can take to improve privacy practices. Priority 2 and Priority 3 actions are as important as Priority 1 actions. They help protect user privacy, but may be more difficult for libraries to implement. This is because each library may or may not have the capacity to do Priority 2 or 3, depending on:
- differing technical expertise
- available resources
- organizational structure
Regardless of these factors, libraries can use Priority 2 and Priority 3 actions as talking points with third parties and vendors. These third parties and vendors may have the resources and expertise to help the library implement these actions.
Priority 1 Actions
- Informed Consent: Request consent from users before collecting personal data. Inform the user what data the LMS collects and how it will be used. Clarify what data is mandatory for library operations and what data is optional.
- Minimization: Collect the minimum amount of personal data necessary for library operations. Regularly review what personal data is required.
- Restricted Access: Restrict access to user records in the LMS to staff members with a demonstrated need.
- Staff members should have individual logins to the LMS.
- All staff members with access to LMS user records should have ongoing privacy training.
- Limited Storage: Store only the personal data necessary for library operations.
- Retention and Deletion: Periodically remove data that is no longer necessary for library operations. An example is purchase-request data. Refer to the Data Lifecycles Field Guide for developing policies and procedures.
- Aggregation: Aggregate personal data in reports to the greatest extent possible. Periodically review reports to check that they are not revealing personal data.
- Borrowing History: Disable the borrowing history function by default. In other words, set the LMS to remove transactional data between users and the materials they borrow or access. The data should be removed when it is no longer needed for library operations. For example, a user borrows an item. The library keeps that record until the user returns the item. That borrowing history can then be removed.
- Allow users the ability to opt-in to personalization features. Examples include keeping their checkout history or a list of favorite titles.
- Allow users to later opt-out of features if they change their mind. Delete the data previously retained for these features when users opt out.
- Resetting Passwords and PINs: Develop procedures for when staff assist users in creating and resetting their passwords, including:
- Staff can show users how to set the password or Personal Identification Number (PIN). However, staff should not know the new password or PIN.
- Users, not staff, should set their password and PIN.
- Do not announce the password in a public space, such as the circulation or help desk.
- Encourage users not to share passwords with others, including library staff.
- Do not send the password via unencrypted email or chat.
- Law Enforcement Requests: Develop procedures for library staff on how to handle law enforcement and government requests for user records. Refer to the ALA Laws & Law Enforcement Inquiries for suggested guidelines. These resources can help develop the policies and procedures.
Priority 2 Actions
- Notifications: Configure library notifications to send a minimal amount of personal data. Examples include notifications for holds and overdues.
- Third Parties: Limit and audit the collection, use, storage, retention, and sharing of personal data from the LMS by third parties, such as:
- Departments and offices in the larger organization
- Third party integrations and applications, such as Application Program Interfaces (APIs) and data analytics products
- Data Backups: Encrypt data backups to prevent unauthorized access to personal data.
- Security Updates: Keep LMS applications and underlying server software up-to-date to mitigate the impact of security vulnerabilities:
- Install security patches and updates to local servers, desktop clients, and other locally hosted LMS applications.
- Coordinate security patches and updates with third parties hosting any cloud LMS applications and systems.
- Laws: Check vendor licenses for compliance to relevant library privacy and data privacy regulations, such as:
Priority 3 Actions
- Password Encryption: Encrypt all LMS passwords in storage and in transit using current encryption best practices and standards.
- Encrypting Traffic: Encrypt all traffic between the LMS and any application connections. For example, use a Virtual Private Network (VPN) to encrypt the connection between a checkout station at a branch library to the LMS server at the main library.
- Security Audits: Conduct regular audits of the network and LMS servers. Audits help verify that necessary security measures are in place to prevent unauthorized access. Refer to the Privacy Audits Field Guide for developing policies and procedures.
- Data Breaches: Create procedures to respond to data breaches and mitigate their impact on users.
Approved January 21, 2017 by the Intellectual Freedom Committee; revised January 26, 2020 and April 2022.