« Do Michiganders have a state constitutional right to get library cards outside their jurisdiction? | Main | More papers on virtual reference »


From my point of view, if something is going to possibly contain PII, it should be treated as PII.

Libraries - and virtual reference service and software providers - shouldn't assume that patrons are going to know about and opt to use anonymous e-mail to protect their identities. It's our duty to keep patron e-mail addresses confidential along with everything else (subject to local and national laws, etc.).

Thanks again - you've given me a lot of things to take action on, and adding a link to anonymity resources from our privacy policy is right up there.

Caleb - I forgot to comment on email. I meant to say that email addresses can be identifiers, but aren't necessarily so. Epic.org has a great list of ways to get anonymous emails...at http://www.epic.org/privacy/tools.html

If we do revise, I'll look at that section to make clarifications. Thx.

Thanks Caleb for these comments. I hadn't seen that HIPAA-based article -thanks!

I confess that when the AOL data was spilled onto the internet, I spent at least an hour rummaging through, sort of like watching the aftermath of an awful car accident. I have little doubt that many of these folks are identifiable, and once their identity is ascertained, all kinds of their interests from shopping to sordid are strung along with them.

Perhaps a good term would be identification full content .. or partial content ...or such. I wouldn't use "transactional" since that term is used in pen trap laws to refer to mere phone numbers, email addresses etc - requiring the lowly legal threshhold that many refer to as a rubber stamp by a court. This differs from content data which requires TItle III wiretap orders, significantly more difficult to get from the courts.

There are no concrete plans to move further on these papers (I'm putting a link to two others in my next blog post)...so I don't really know.

Mary this is excellent. I'm sorry to have missed this pre-conference back-when.

I find it hard to get people excited about privacy in virtual reference.

A few things I've noticed and/or wonder about:

- Who is defining Personally Identifiable Information and how?

I like that you acknowledge that PII can show up in transcripts (section III-8). In fact, I think it almost always does. I don't know what to call it - transactional PII, maybe - but I think it deserves recognition as a whole category of PII (as in section III-1).

It may vary from service to service and from media to media, but it is there often enough that I would love to see it acknowledged more broadly.

The AOL search data debacle proved at least that non-PII plus search terms can sometimes identify an individual.


At the same time, you say in III-2 that e-mail addresses are not PII. How so? They don't have to be, but when does my personal e-mail address not identify me?

I think also that geographic and temporal information can be combined with other "non"-PII to identify an individual. "Using Lessons from Health Care to Protect the Privacy of Library Users: Guidelines for the De-Identification of Library Data based on HIPAA" by Scott Nicholson and Catherine Arnott Smith was particularly helpful in our plan to eventually ambiguate places and times in the data we have collected.


- Second, I wonder about the legal status virtual reference records that are stored in the same place as other public records - for example, on an employee hard drive or in an e-mail account (and server). Even in states where VR transactions are exempt from public records disclosure, it has to be nearly impossible to separate them out in the event of a request.

Finally, where is this going now? Further publication?

The comments to this entry are closed.