Categories

Subscribe to my Podcast
Subscribe to this blog's feed

Contributing Authors

Recent Comments

Recent Posts

Blog powered by TypePad
Member since 04/2004
AddThis Social Bookmark Button

Categories

Privacy

July 10, 2010

C&CI Update: Student Papers and FERPA

(by Peter Hirtle)

In Section 12.9 of Copyright & Cultural Institutions, I discuss briefly whether FERPA, the Family Educational Rights and Privacy Act of 1974, governs the digitization of student papers and theses.  I concluded “In order to digitize and distribute papers from its students, therefore, the cultural heritage institution will need to secure the student’s permission.”

A much more thorough discussion of the issue was recently published in D-Lib Magazine.  In “FERPA and Student Work: Considerations for Electronic Theses and Dissertations,” Marisa Ramirez and Gail McMillan share several campus approaches to FERPA and electronic student work.  I was particularly pleased to learn about a 1993 opinion from the FERPA office that suggested that if the normal practice at a school was to make student papers available through the library, no change in practice was required (so long as students were made aware of this policy).  Some of the examples given in the article of how to notify students that their papers will be available online are also very useful. 

This article will be required reading for anyone who wishes to digitize student work.

Posted by Peter Hirtle on July 10, 2010 in Digitization projects , Privacy | | Comments (0) | TrackBack (0)

| | | |

May 03, 2010

Neil Gaiman, Cory Doctorow, teenagers and others on What Privacy Means to Them

I just watched Neil Gaiman in the kick-off video (20 minutes) for the first-ever Choose Privacy Week.  I recommend it highly. Find out what he has to say,about his family’s privacy, and his idea for a sequel to his “I Google You” (late at night when I don’t know what to do) song.  Cory Doctorow tells the truth about why he cares about privacy. I also really liked all the students who say what privacy means to them. Not what I expected.   The week’s activities and resources  are sponsored by ALA’s Office for Intellectual Freedom, Choose Privacy Week, made possible in part by a grant from the Open Society Institute. Lots more resources on engaging the public in privacy awareness discussions at www.privacyrevolution.org, including possible events in your area. And yes, the inevitable ironic social media outreach at www.facebook.com/chooseprivacyweek and www.twitter.com/privacyala with #chooseprivacy tag.

One of my all time favorite resources is the epic privacy tools page, where you can go to find sources for snoop proof email, anonymous surfing, cookie busters etc.  More at Epic.org (scroll down for EPIC privacy tools), and policy news at epic.org, privacy.org and privacycoalition.org.

Posted by Mary on May 03, 2010 in Patron Records, Privacy | | Comments (0)

Technorati Tags:

| | | |

December 09, 2009

unstaffed libraries - privacy concerns

I just read about the King County unstaffed library. It's a great concept for the users - a spot where you can make and receive requests for books systemwide, drop off your books, browse paperbacks, and even use a telephone to get some assistance.

The concern I have is with privacy. If users must swipe their library card to get in, I assume this information is tracked. Surveillance cameras keep a close eye on what folks are doing. While I can appreciate the security basis for these measures, it seems that new types of records are being created that track not just our behavior, but what we choose to read as well.

Posted by Mary on December 09, 2009 in Patron Records, Privacy | | Comments (2)

| | | |

November 11, 2009

Action alert: reader privacy

From Larry Siems, Director, Freedom to Write and International Programs

Dear Core Freedoms Friends and Supporters,

Now is the time to raise your voice in support of reader privacy.

This week, the House Judiciary Committee approved a bill to amend the Patriot Act’s bookstore and library provisions. This proposed bill would essentially accomplish the principal goals we’ve been working towards with our partners in the Campaign for Reader Privacy. The USA Patriot Amendments Act of 2009 (H.R. 3845) will now head to the floor for a vote, which could come any day.

Your representatives need to hear from supporters like you.

Currently, Section 215 of the Patriot Act allows the FBI to secretly obtain any “tangible thing,” which includes any business records that are “relevant” to an ongoing investigation, including the records of people who are not suspected of any criminal acts.

The new legislation will prohibit the use of Section 215 to search the records of a library patron or bookstore customer unless there are “specific and articulable facts” to show that the person is “a suspected agent of a foreign power” or someone who is in contact with or known to the suspected agent. H.R. 3845 thus allows readers to borrow and purchase books without fear that the government is monitoring their reading selections.

Please take a moment to call, email or fax your representative and ask him or her to support H.R. 3845 in its present form with its welcome and necessary protections for the privacy of bookstore and library records.

To find your representative’s contact info, please visit http://www.house.gov/

You can read the Campaign for Reader Privacy’s press release on the legislation here: http://www.pen.org/viewmedia.php/prmMID/4293/prmID/1331

Thank you for taking action!



Posted by Mary on November 11, 2009 in Patron Records, Privacy | | Comments (0)

| | | |

October 13, 2009

California Library Association passes new Patriot Act Resolution

The California Library Association (CLA) has just announced a resolution calling on Congress to dramatically revise the up-for-renewal USA PATRIOT Act, passed hurriedly in the weeks following the 9/11 attacks.

CLA's resolution calls for Congress to allow Section 215 to sunset, to amend Section 505 to "include a clear exemption for library records," and in general to intensify Congressional oversight of the use of the Act.

Posted by Mary on October 13, 2009 in PATRIOT Act, Patron Records, Privacy | | Comments (1)

Technorati Tags: ,

| | | |

September 23, 2009

Can library management legally access employee's Facebook and Myspace pages?

A New Jersey jury recently found that a restaurant did not violate employee privacy or cause emotional distress by accessing an invitation-only Myspace page. The page served as a venting spot for employees.  The restaurant was, however, found to be in violation of federal and New Jersey laws prohibiting accessing the information without permission. The employer asked another employee for her password, and she testified that she thought she “would have gotten in some sort of trouble” if she refused to cooperate. Shortly thereafter, the company terminated plaintiffs based on their comments on the site and involvement in creating it. Pietrylo v. Hillstone Restaurant Group. 

Mr. Victor Schacter of Fenwick & West LLP writes in the Fenwick Employent Brief (Sept. 2009):

"This case highlights the challenges employers face with respect to employees’ blogs and social networking sites that contain work-related speech. While this decision does not restrict an employer’s right to monitor communications and information within its own computer networks, it demonstrates the risks of attempting to access an employee’s restricted online content without the employee’s authorization. Employers should consider implementing written policies that address employee work-related speech on social networking and other online sites to require that employees observe appropriate guidelines when referring to the company, its employees, services, and customers."

Posted by Mary on September 23, 2009 in Court cases, Employment, Privacy | | Comments (1)

| | | |

September 06, 2009

Google, libraries, and readers' privacy

(posted by Peter Hirtle)

So Google, perhaps in response to Mary Minow's post, has issued a new privacy policy for Google Books.  To no one's great surprise, EFF finds it a good start but insufficient.

I would point out that Google's statement is entirely compatible with current library standards for confidentiality in licensed resources.  Specifically, it begins by stating that "We do not share your personal information with third parties, except in the narrow circumstances described in the Privacy Policy, such as emergencies or in response to valid legal process."  The CLIR/DLF Model License has this to say about confidentiality:

Licensor and Licensee agree to maintain the confidentiality of any data relating to the usage of the Licensed Materials by Licensee and its Authorized Users. Such data may be used solely for purposes directly related to the Licensed Materials and may only be provided to third parties in aggregate form. Raw usage data, including but not limited to information relating to the identity of specific users and/or uses, shall not be provided to any third party.

Similarly, SERU, Shared E-Resource Understanding, has this to say on confidentiality of user data:

The subscribing institution and the publisher respect the privacy of the users of the content and will not disclose or distribute personal information about the user to any third party without the user’s consent unless required to do so by law. The publisher should develop and post its privacy policy on its website.

And the International Coalition of Library Consortia's statement on "Privacy Guidelines for Electronic Resources Vendors" gives two primary requirements: that publishers do not share information with 3rd parties and that they have a published privacy policy. 

The bottom line: Google is more than compliant with current library standards for 3rd-party privacy protection.  EFF argues that "Given the important free expression interests at stake and the long history of protecting reader privacy by libraries and bookstores, readers need a durable guarantee of protection enforceable by a court."  No library has been demanding such a guarantee before now.  One has to wonder if the current criticism of Google wouldn't be better directed at libraries and their privacy requirements when working with outside vendors. 

Posted by Peter Hirtle on September 06, 2009 in Licensing, Privacy | | Comments (6)

Technorati Tags: , , ,

| | | |

September 04, 2009

Rate Obama's privacy record

The Electronic Privacy Information Center (EPIC) is promoting the Privacy Coalition campaign to get the public to weigh in on the Obama Administration's work on privacy. Cast your vote on its privacy report card.

It's short, fun, and because you're actively engaged in voting, you're more likely to read the quick summaries of Obama's progress (or lack thereof) on key privacy issues.

Cast your vote and get instant feedback.

Posted by Mary on September 04, 2009 in Privacy | | Comments (0)

Technorati Tags: , , , , ,

| | | |

August 28, 2009

How to negotiate with web 2.0 services for better terms of service - yes we can

I often wonder about libraries that use flickr, youtube etc. Good in so many ways, but who in the library is actually signing the contracts with these companies and negotiating the the terms?  In the old days, a new vendor contract would go through purchasing and someone with at least some familiarity with terms like "venue" and "choice of law" would ensure that the license complied with local requirements.  But now, with so many services offered for free, and the signature line turned into a mere click (with the actual terms tucked away on another page), I suspect there are a number of libraries that need to take another look and see if there are terms that can and should be negotiated.

The federal government has negotiated some terms. The Library of Congress negotiated its license with Flickr, and the Government Services Administration (GSA) has negotiated on behalf of federal government agencies for various 2.0 services. 

Now you can see some of those contracts. The Electronic Privacy Information Center is sharing nine contracts between the federal government and web 2.0 services that it obtained using Freedom of Information requests. GSA was able to get explicit obligations to comply with privacy or freedom of informmation laws with MySpace, SlideShare.net, Flickr, Vimeo.com, AddThis.com, Blip.tv, and BLIST.

The contracts with Facebook, Slideshare.net, Vimeo.com, and AddThis.com do not address the privacy obligations of social media companies.

EPIC notes that the GSA Agreement with Google actually states that, “to the extent any rules or guidelines exist prohibiting the use of persistent cookies in connection with Provider Content applies to Google, Provider expressly waives those rules or guidelines as they may apply to Google.” Some of the agreements also permit companies to track users of government web sites for advertising purposes.

Posted by Mary on August 28, 2009 in Privacy | | Comments (0)

Technorati Tags: , , , , , , ,

| | | |

July 23, 2009

Libraries and reader privacy - critical juncture / take action

Libraries have always respected reader privacy as essential to one's freedom to read. If someone is looking over your shoulder, you might not pick up that book on gay stories, witchcraft, communism or whatever the taboo topic du jour happens to be.  Libraries require either patron consent or actual legal process before disclosing patron records.

Fast forward to reading books online via Google Book Search. Fabulous new life for old books, but where in the complex proposed settlement agreement between Google and the publishers are reader privacy guarantees? I'll save you the pain of looking. Nowhere.

Every time you go online, you leave digital tracks, and with the settlement, you will generally need to authenticate yourself before viewing the out-of-print but in-copyright books at issue.

The final contours are not yet set.  The settlement is not yet in effect. It's time now to take action to make sure we build some privacy safeguards in. The ACLU of Northern California, the Electronic Frontier Foundation and Berkeley's Samuelson Clinic have joined in a letter to Google, requesting:

1- Protection against disclosure
2- Limited tracking
3- User control
4- User transparency

Our library users will be reading google books inside the library as well as at home/work.  If a reader borrows a book from the library, we protect her privacy. If she reads the same book on our computer terminals, she needs the same protection. 

Posted by Mary on July 23, 2009 in Patron Records, Privacy | | Comments (4)

Technorati Tags: , , , ,

| | | |

Next »