University of Toronto Press
  • Personal Information and the Public Library: Compliance with Fair Information Practice Principles / Les renseignements personnels dans les bibliothèques publiques : le respect des principes d'équité dans les pratiques de collecte de renseignements
  • Jacquelyn Burkell and Robert Carey
Abstract

Libraries collect personal information from users and link that information to internal library records. Although they fiercely protect the privacy of their patrons, libraries cannot ensure that personal information will remain confidential. Patrons must therefore have sufficient information to make informed decisions about release of personal data. Privacy notices are the accepted mechanism for providing this information. Our study demonstrates, however, that Ontario public libraries rarely provide notice to patrons regarding information collection and use. Smaller libraries and those without MLS-trained staff are less likely to provide notice, suggesting that resources and/or staff training may contribute to this lack. We suggest that national or provincial organizations may want to support libraries in the development of privacy policies.

Résumé

Les bibliothèques recueillent des renseignements personnels sur leurs usagers et relient ces renseignements à leur fiche client. Bien qu'elles protègent rigoureusement la vie privée de leurs usagers, les bibliothèques ne sont pas nécessairement en mesure d'assurer la confidentialité des renseignements personnels qui leur sont fournis. Les usagers doivent donc être en possession de suffisamment d'information pour prendre des décisions éclairées concernant les renseignements qu'ils fournissent. La distribution d'avis concernant la confidentialité est la façon acceptée de fournir cette information. Notre étude démontre cependant que les bibliothèques publiques ontariennes fournissent rarement à leur clientèle des avis concernant la collecte et l'utilisation des renseignements [End Page 1] personnels. Dans les bibliothèques de taille modeste et celles ne disposant pas de personnel titulaire d'une formation (maîtrise) en sciences de l'information, il est encore moins probable que cet avis soit donné, cette lacune étant probablement liée aux ressources dont elles disposent et à la formation de leur personnel. Nous suggérons que les organisations nationales ou provinciales étudient la possibilité de soutenir les bibliothèques dans le développement de politiques concernant la vie privée.

Keywords

public libraries, privacy policies, staff development

Keywords

bibliothèques publiques, politiques de confidentialité, développement du personnel

Introduction

Public libraries today collect and hold many types of personal data, including membership files, records of resources used (loans or electronic publications consulted), interlibrary loan requests, lists of requests for information, reading histories, records of online searches, email and Internet searches, web pages visited, and other digital activities (Fifarek 2002; Sturges et al. 2003). Even a librarian acting on a user's behalf may create a data trail that could potentially identify the patron, particularly in the case of activities involving electronic resources or services such as virtual reference (Fifarek 2002; Neuhaus, Van Fleet, and Wallace 2003). Some of these data, most notably circulation records, are necessary for the business of the library, and libraries also use personal data for other administrative purposes, including fundraising and program planning (Estabrook 1996; Nicholson 2003). Although the utility and even necessity of these data is obvious, the collection and storage of personal information raises privacy risks for patrons, since records of users' activities and reading histories hold clear interest for law enforcement agencies and other groups, including journalists, students, parents, fundraisers, marketing professionals, civil litigants, and politicians (Krug 2006).

These risks are of concern to libraries and librarians, who have long been advocates for the confidentiality of patron information (American Library Association 2004). Indeed, a recent international study of library association codes of ethics indicates that the protection of patron privacy and confidentiality was among the principles most commonly identified (in more than 70% of the codes of ethics studied; Shachaf 2005), and librarians have mounted challenges (some successful) to law enforcement access to library records (Airoldi 2006). Despite this strong commitment [End Page 2] to patron confidentiality, there are some circumstances under which libraries share the patron information they collect. Personal information is shared among library personnel and between libraries for a variety of administrative purposes, and it could be inadvertently released, such as when a computer screen is legible by other patrons, telephone messages are left for patrons that others can access, or information about overdue books is sent on unsealed postcards (Magi 2007). Patron information may also be shared in response to information requests from family, friends, and co-workers (Magi 2007).

Of greatest concern, however, is access by law enforcement officials. Libraries in both Canada and the United States are subject to regulations that require compliance with valid subpoenas or other legal documents requesting personal information regarding library patrons (Bowers 2006), and this mechanism has been used on at least some occasions to access patron records (American Library Association 2005; Magi 2007). These concerns have become especially prominent in the years since 9/11, since Section 215 of the US Patriot act (passed in 2001) allows the government to obtain access to the library records of patrons without their consent or knowledge (Ramasastry, 2006).

Other US federal data mining programs such as the Terrorism Information Awareness Program, the Computer-Assisted Passenger Prescreening System II no-fly-list database, and the proposed Terrorism Information and Prevention System may lead to the covert use of library records for surveillance. Although these legal regimes are focused in the United States, library patrons in Canada are not immune to privacy concerns, including those engendered by a vulnerability to the reach of US policies. Legal scholars in Canada, for example, believe that agencies such as the FBI could gain access to Canadian library records held on US servers by third-party vendors through application of the Patriot Act (Geist and Homsi 2004). In addition, Canada has itself considered weakening privacy protection for library records. For example, the Federal Justice Department has contemplated requiring all Internet service providers—including libraries—to keep records of people's Web activities and emails so law enforcement agencies could use that information when investigating crimes (Gillespie 2003; Ross and Caidi 2005).

Since libraries cannot guarantee confidentiality of personal information, what other measures should they take to protect patron privacy? Fair Information Practice principles (FIPs), first articulated in a 1973 report [End Page 3] issued by the US Department of Health, Education and Welfare entitled Records, Computers and the Rights of Citizens (1973), offer guidelines in this respect. FIPs identify five core principles of privacy protection:

  1. 1. Notice/awareness: consumers should be given notice of information practices before any personal information is collected.

  2. 2. Choice/consent: individuals should have the ability to allow or restrict the use of personal information.

  3. 3. Awareness/participation: individuals must be able to access, correct, or verify their personal information on record.

  4. 4. Integrity/security: the entity collecting the personal information must ensure that records are secure and accurate.

  5. 5. Enforcement/redress: principles must be enforceable by self-regulation or legislation.

Primary among these principles is the requirement for notice/awareness. According to FIPs, individuals have a right to know if their personal information is being collected, how it will be used, and with whom it will be shared. Only with this knowledge are patrons able to make informed decisions about the release of their personal information.

Although they do not enforce compliance with FIPs, professional library associations in the United States and Canada have recommended that these practices be implemented in library privacy policies. In particular, FIPs are central to the American Library Association's "Privacy Toolkit," a compendium of policy statements, best practices, and practical advice for libraries wishing to improve their privacy practices. Part of the Toolkit includes a checklist of basic questions about privacy that librarians may consider when they are creating or reviewing their policies: most of these questions reflect one or more of the basic principles underlying FIPs. The ALA also includes in the Privacy Toolkit a model privacy policy, which addresses the core aspects of notice as identified in FIPs. According to the ALA, libraries should inform patrons of the information practices of the library, including the following:

  • • What information is collected by the library and protected by the privacy policy (e.g., reference requests, information services, circulation and registration records, server and client computer logs). [End Page 4]

  • • How this information is used by the library.

  • • How long the information is retained.

  • • Who has access to patron information.

  • • How the library responds to court orders requesting access to patron information.

Thus, the ALA suggests that libraries should incorporate this information into privacy policies made available to patrons, thereby providing full notice to patrons regarding their information practices prior to collecting personal information.

Although the Canadian Library Association (CLA) does not require compliance with FIPs, libraries in Canada are typically required to conform to provincial or territorial legislation that governs practices regarding personal information. Generally, these provincial laws require municipal institutions, including public libraries, to protect the privacy of an individual's personal information that exists in institutional records. The practice in Ontario is typical of that in all Canadian provinces. In Ontario, the Municipal Freedom of Information and Privacy Protection Act (MFIPPA) governs records held by public bodies, including the province's public libraries. The MFIPPA stipulates a privacy protection scheme that the government must follow to protect an individual's right to privacy. The scheme includes rules regarding the collection, use, disclosure, and disposal of personal information in the institution's custody and control. In the context of public libraries, personal information includes "information on a patron's borrowing habits, as well as information related to one's computer use, including sign-up sheets and information on any Internet use" (Information and Privacy Commissioner of Ontario 2002). Under MFIPPA, public libraries must provide individuals with the following information regarding the collection and use of personal information:

  • • The legal authority for the collection (in Ontario, libraries may gather personal information for administrative purposes under the authority of the Public Libraries Act).

  • • The principal purpose or purposes for which the personal information is intended to be used. [End Page 5]

  • • The title, business address, and business telephone number of an officer or employee of the institution who can answer the individual's questions about the collection.

The legislation requires that these details be disclosed prior to the collection of any personal information.

The notice required under MFIPPA includes some of the information identified in FIPs and specifically details regarding information use. There is no requirement, however, to provide details regarding other information practices, including what information is collected, how long it is retained, who has access to the information, or how the library responds to subpoenas. Thus, like many privacy laws that incorporate elements of FIPs, MFIPPA's requirements regarding notice/awareness fall short of the ideal recommended by many privacy advocates (Chander, Gelman, and Radinn 2008). Of particular relevance in the context of public libraries, this notice does not reach the standard of the more comprehensive disclosure suggested by the ALA and endorsed by the CLA. At the same time, it includes some elements not required under the ALA guidelines, including identification of the legal authority for collection and identification of a contact person for further information.

Despite the acknowledged importance and value of patron notice, many libraries lack this most basic of privacy protection mechanisms. Studies indicate that fewer than half of libraries have privacy policies in place (Murray 2003; Sturges et al, 2003; Magi, 2007); thus, it appears that the majority of libraries do not provide patrons with details regarding their information practices. This lack cannot be defended on the basis that patrons already understand the information practices of libraries, since research demonstrates that patrons hold demonstrably inaccurate assumptions regarding the privacy protection offered by public libraries (Sturges et al. 2003).

This leads to an important question: why would libraries not use these most basic of privacy mechanisms? There has been no direct research on this question, but some preliminary hypotheses can be advanced. Perhaps the lack of policies is a result of a lack of enforcement—that is, libraries may not have privacy policies because, in the jurisdictions that have been studied and—unlike commercial entities that collect personal information—they are not required to have these policies. Alternatively, [End Page 6] limited resources may contribute to the lack of policies. Although there has been no direct research on this issue with respect to public libraries, there are some suggestions in the literature that the development of privacy policies may indeed be linked to institutional resources. Among Vermont public libraries, those with larger numbers of personnel (presumably larger libraries) are more likely to have privacy policies (Magi 2007). Even among large and well-funded organizations such as Fortune 500 companies in the United States, larger organizations (the Fortune 100) are more likely than their smaller counterparts to have privacy policies (Schwaig, Kane, and Storey 2006). One study of privacy policies among municipal websites selected the largest municipalities on the assumption that they would be most likely to have developed privacy policies (Beldad, De Jong, and Steehouder 2009). Finally, the development of privacy policies may be linked to professional training in that staff who hold a Master's of Library and Information Science (MLS) may be more aware of privacy issues and/or professional ethics and thus be more likely to support the development of privacy policies. Magi (2007) demonstrated that among Vermont libraries those with directors holding a master's degree in library science are more likely to have privacy policies.

The studies to date paint a consistent picture: public libraries, perhaps especially those that are smaller and without MLS-trained staff, are typically remiss in providing notice to patrons regarding information practices. None of the previous research, however, has examined the practices of Canadian libraries with respect to patron notice. Furthermore, none of the research has taken place in a jurisdiction where a regulatory mechanism requires libraries to provide such notice, and there has been little exploration, in these studies, of the factors related to the presence (or absence) of privacy policies or notice.

Our study had three objectives. First, we assessed how well Ontario public libraries comply with relevant government legislation regulating the acquisition of this information. Second, we investigated whether Ontario public libraries comply with the more comprehensive requirements for notice recommended by the ALA. Finally, we investigated several factors that might influence whether Ontario public libraries comply with notice, have privacy policies, or both. First, we compared compliance with MFIPPA requirements to compliance with ALA recommendations and examined the relationship between providing these two [End Page 7] types of notice. We predicted that libraries would be more likely to provide notice as per MFIPPA, since this is a legal requirement, and we also predicted that libraries complying with MFIPPA would be more likely to also have a more comprehensive privacy policy as per the ALA recommendations, on the assumption that compliance with MFIPPA demonstrates an awareness of privacy issues. Second, we examined whether the size of the organization influenced whether libraries complied with regulations regarding notice and/or had privacy policies, on the assumption that larger libraries would have more resources to devote to the development of privacy notices. Finally, we explored whether the presence of MLS-trained staff increased the likelihood that a library would have a privacy policy or notice as per MFIPPA, on the assumption that this professional training might lead to a greater awareness of privacy issues.

Research questions

The research reported in this paper focuses on the question of whether Ontario public libraries provide notice to their patrons about the collection and use of personal information.

RQ1: Do public libraries in Ontario conform to their legal obligations under MFIPPA regarding notice/awareness by providing (1) the legal authority that entitles them to collect personal information, (2) the purpose of the data collection, and (3) a contact person?

RQ2: Do public libraries in Ontario provide the public with privacy policies or other documents explaining their information practices, as suggested by the ALA guidelines, including:

RQ3: What factors are correlated with the provision of notice as per MFIPPA and/or privacy policies? [End Page 8]

Method

The data were collected from a sample of Ontario public libraries selected from the Ontario Public Library Directory maintained by Ontario Library Services North and the Southern Ontario Library Services. The sample consists of 77 libraries selected at random from the directory, representing 22% of the 312 libraries included in the directory as it existed in January 2008.

Our goal was to assemble from these libraries the information that would, with reasonable effort, be available to a patron regarding the collection and use of their personal information. In particular, we were seeking the following:

  1. 1. Any membership application form.

  2. 2. Any privacy or confidentiality notice intended for patrons.

  3. 3. Any board policies (available to patrons) pertaining to patron privacy or confidentiality.

Data collection proceeded on two fronts. First, library websites (if present) were examined to identify any membership application forms, patron privacy notices, and/or board policies regarding patron privacy. Relevant documents available on the website were added to the data set for that library. The second aspect of data collection involved telephone calls to each library to request the relevant documents. One investigator and/or the research assistant attempted a minimum of four times to contact each library. Upon learning the nature of the requested information, we were typically directed to the chief executive officer of the library, although in a very small number of cases another individual within the organization was identified as having specific responsibility for privacy issues, and in those cases we were directed to this individual. Those libraries with one or more of the relevant forms were asked to send them by mail, email, or fax. Reminder contacts by phone or email were sent to libraries to encourage submission of relevant documents. Up to three such reminder contacts were made to encourage submission.

A total of 76 libraries were reached in this manner. Only one library could not be contacted. Of those libraries that were contacted, two indicated that they had documents but did not send them. Thus, 74 libraries contributed to the final data set, representing a response rate of 96%. [End Page 9]

Data from the Ontario Library Survey (2007) were used to divide libraries into groups according to size and whether they had MLS-trained staff. Operating budget was used as a proxy for library size, and responding libraries were divided into small (25 libraries, budgets up to $64,200), medium (24 libraries, budgets between $64,201 and $400,000), and large (25 libraries, budgets over $400,000) according to their 2006 operating budget. Libraries were also divided into two groups according to whether, in 2006, they had professional librarians on staff: 39 libraries (52.7%) had at least one staff person with MLS training, while 35 libraries (47.3%) did not.

Results

RQ1:

Do public libraries in Ontario conform to their legal obligations under MFIPPA regarding notice/awareness by providing (1) the legal authority that entitles them to collect personal information (2) the purpose of the data collection, and (3) a contact person?

One of our primary questions was whether public libraries in Ontario conform to the requirements of MFIPPA with respect to notice to patrons regarding the collection and use of patron information.

Fourteen of the libraries in the sample (18.9%; 95% confidence interval ±8.92%, 10% to 27.8%) provide notice in that they offer patrons at least some of the information identified above at the time of registration. In the majority of cases (12 of the 14) this notice is written on the membership form. One library has a patron privacy policy that is posted in a prominent location and patrons are directed to this notice at the time of enrolment, and one library has both written notice on the application form and a patron privacy policy to which prospective members are directed at the time of enrolment.

Of the three requirements laid out in MFIPPA, notices are mostly likely to meet the second: among the 14 instances of notice, 13 (93% of those providing notice) indicate the legal authority for collection in the notice they provide to patrons. Ten of the notices (71.4%) indicate how the personal information will be used, and still fewer provide the name of a contact person for privacy-related inquiries or concerns (4 notices, or 28.6%). Only three libraries (21.4% of those providing notice) meet all three MFIPPA requirements. Thus, of the 74 libraries included in the [End Page 10] sample, only 4% (95% confidence interval e4.49%, 0% to 8.5%) meet the applicable regulatory requirement for patron notice.

RQ2:

Do public libraries in Ontario provide the public with privacy policies or other documents explaining their information practices, as suggested by the ALA guidelines, including:

  • • Identification of personal information collected /protected

  • • Disclosure of use

  • • Retention

  • • Access

  • • Response to subpoenas?

The data presented to this point indicate that the vast majority of Ontario public libraries fail to meet regulatory requirements for notice regarding the collection and use of that personal information. A number of libraries, however, have policies or notices available to patrons that address privacy and confidentiality. These documents do not meet the requirements for notice as per MFIPPA, but they do provide patrons with some information regarding the collection and use of their personal information. Among the sample, 26 libraries (35.1%) provided a board policy available to patrons, 10 libraries (13.5%) provided a policy intended for patrons, and 32 libraries (43.2%; 95% confidence interval ±11.3%, 32% to 54.5%) provided one or both of these documents. Apparently libraries are less likely to attend to regulatory requirements than to general principles (endorsed by professional library associations) for the provision of notice to patrons.

The remaining analyses address the content of these documents. The ALA recommends that privacy policies address five specific issues as outlined above: what information is collected, how it is used, how long it is retained, who has access to the information, and how the organization responds to subpoenas requesting access to personal information. Of the 32 libraries providing a patron or board privacy policy, 28 (87.5% of those with policies) address the question of what personal information is collected and what that information is linked to (since the information linked to becomes, by association, personal information). A total of 15 libraries in the subsample with documents (46.9%) provide some information to patrons about the use of their personal information. Slightly [End Page 11] over one third of the libraries with policies (13, or 40.1%) address the issue of data retention, providing patrons with some details about how long their identifying information remains linked to internal library records, and the same proportion provide details regarding who has access to personal information (13, or 40.1%). Finally, three quarters of the policies (25, or 78.1%) address the issue of information release, of which 21 (65.6%) specifically mention the organizational response to subpoenas (others state only general procedures in response to information requests). Among the 32 policies, only 3 (9.4%) address all five issues. The vast majority of the policies address more than one of the issues (only 1 policy, 3.1%, addresses only 1 issue), with 6 (18.8%) policies addressing four of the issues, 12 (37.5%) addressing three of the issues, and 11 (34.4%) addressing two of the issues.

RQ3:

What factors are correlated with the provision of notice as per MFIPPA and/or privacy policies?

We hypothesized that public libraries in Ontario will be more likely to comply with MFIPPA regulations than to provide notice as per the ALA recommendations. Contrary to our predictions, Ontario public libraries are in fact less likely to meet the MFIPPA requirements for notice than they are to have a board or patron privacy policy that is not designed to meet these specific requirements. The results indicate that 14 of the libraries in the sample (18.2%; 95% confidence interval 10% to 27.8%) provide notice that is designed to address (if in most cases ineffectively) the MFIPPA requirements. In contrast, 32 libraries (43.2%; 95% confidence interval 32% to 54.5%) have a privacy policy (a patron policy or a board policy available to patrons) in place.

We also expected that those public libraries that comply with MFIPPA regulations will be more likely also to have a privacy notice as per the ALA recommendations. There is in fact a significant relationship between these two forms of notice (χ2 = 5.62, p < .05). Libraries with one form of notice are more likely to have the second form: among libraries without MFIPPA notice, only 36.7% have a patron or board policy, whereas among those libraries with MFIPPA notice, 71.4% have a patron or board policy.

We expected that larger public libraries will be more likely to have notice as per MFIPPA and/or a privacy notice as per the ALA recommendations. As predicted, larger libraries (based on operating budget) are more likely to [End Page 12] provide notice as per MFIPPA requirements (χ2 = 15.2, p < .01): 3.8% of the smallest third of libraries provide notice, compared to 8.0% of the middle third, and 42.3% of the largest third. Larger libraries are also more likely to provide a patron privacy policy or a board policy that is available to patrons (χ2 = 28.9, p < .001), with 4% of the smallest libraries providing either or both of these policies, compared to 58.3% of mid-sized libraries and 68% of the largest libraries.

Finally, we predicted that public libraries with MLS-trained staff will be more likely to have notice as per MFIPPA and/or a privacy notice as per the ALA recommendations. The effect of library size is stronger than the impact of having someone with MLS training on staff, although the latter is also related to the presence of notice and/or policies. Among libraries with at least one MLS-trained staff person, 29.3% provide notice as per MFIPPA, compared to 5.6% of libraries without an MLS-trained staff person (χ2 = 8.0, p < .01), and libraries with MLS-trained staff are marginally more likely to have a patron or board privacy policy (χ2, p = .51: 52.8% of libraries with MLS-trained staff, compared to 31.4% of libraries without MLS-trained staff).

Conclusion

Libraries have real issues regarding the privacy and confidentiality of the personal information of their patrons, and these issues will only grow as digitization of library services increases. Despite an admirable and longstanding commitment to patron privacy and confidentiality, libraries cannot protect their patrons from all possible authorized and unauthorized access to their personal information. Given this situation, it is incumbent upon libraries to provide their patrons with notice regarding the collection and use of their personal information, thereby complying with regulatory frameworks (e.g., MFIPPA in Ontario) and Fair Information Practice principles.

Our data show that the majority of public libraries in Ontario fail to provide notice as required by the relevant regulatory framework; moreover, most libraries that attempt to provide notice do so ineffectively. Ontario public libraries are somewhat more likely to have privacy policies available to patrons that provide at least some of the information suggested under Fair Information Practice principles as crucial aspects of notice. Overall, fewer than half of the libraries studied offer any form of notice [End Page 13] to their patrons regarding the collection and use of personal information. In this respect, practice among Ontario libraries is entirely consistent with that observed in other jurisdictions, despite a commitment among libraries to the protection of patron confidentiality (Magi 2008). In an era in which the confidentiality of patron records cannot be assured, libraries are not typically enacting this most basic of mechanisms that would allow patrons to make informed decisions about the release of their personal information (Johnson 2000).

Our data provide some insight into why this might be the case. It appears that when privacy policies come into organizational awareness, libraries are likely to provide both notice that addresses the minimal regulatory requirements and a more comprehensive policy that would conform to FIP principles. Thus, it does not appear that there is a simple motive to meet regulatory requirements, which would be reflected both in a higher proportion of libraries meeting MFIPPA requirements and (most likely) in independence of the provision of these two forms of notice. Instead, libraries are more likely to provide a privacy policy that offers relatively detailed information regarding organizational practices, and those libraries that have such a policy are more likely than those without to also meet regulatory requirements. What leads to such a privacy orientation? Both library size (as reflected in operating budget) and the presence of MLS-trained staff are positively related to the provision of MFIPPA notice and patron or board privacy policies. Although these data are correlational, we suggest that this is a resource issue: libraries with greater organizational resources appear more likely to devote some of those resources to the development of notice and privacy policies for patrons.

Patron notice in the form of a privacy policy or notice required by regulation is not a panacea for privacy concerns. It is, however, a step in the right direction. By providing comprehensive notice regarding the collection and use of personal information, libraries allow their patrons to make informed decisions on the release of their personal information. We suggest that libraries should be supported in the development of privacy policies and notice as required by regulatory frameworks. In particular, national and provincial library organizations could provide model policies and guidelines for policy development much as the American Library Association has done in their "Privacy Toolkit" (2004). With these supports there is little doubt that libraries, long champions [End Page 14] of patron confidentiality, will be more likely to provide these most basic of privacy protection measures to their patrons.

Jacquelyn Burkell and Robert Carey
Faculty of Information and Media Studies
Room 240, North Campus Building
University of Western Ontario
London, ON N6C 5B7
jburkell@uwo.ca

References

Airoldi, J. 2006. "Case Study: A Grand Jury Subpoena in the PATRIOT Act Era." Library Administration and Management 20 (1): 26-9.

Google Scholar

American Library Association. 2004. "Privacy Tool Kit: Introduction." http://www.ala.org/ala/aboutala/offices/oif/iftoolkits/toolkitsprivacy/introduction/introduction.cfm.
———. 2005. "FBI Used PATRIOT Act's Administrative Subpoena to Get Library Records in Connecticut." http://www.ala.org/ala/newspresscenter/news/pressreleases2005/august2005/fbiaclu.cfm.
Beldad, Ardion D., Menno De Jong, and Michael F. Steehouder. 2009. "When the Bureaucrat Promises to Safeguard Your Online Privacy: Dissecting the Contents of Privacy Statements on Dutch Municipal Websites." Government Information Quarterly 26: 559-66.

Google Scholar

Bowers, Stacey L. 2006. "Privacy and Library Records." Journal of Academic Librarianship 32 (4): 377-83.

Google Scholar

Chander, A., L. Gelman and M.J. Radinn. 2008. Securing Privacy in the Internet Age. Stanford, CA: Stanford University Press.

Google Scholar

Estabrook. L. 1996. "Sacred Trust or Competitive Opportunity: Using Patron Records." Library Journal (February 1, 1996): 48-9.

Google Scholar

Fifarek, Aimee. 2002. "Technology and Privacy in the Academic Library." Online Information Review 26 (6): 366-74.

Google Scholar

Geist, Michael, and Milana Homsi. 2004. "The Long Arm of the U.S. Patriot Act: A Threat to Canadian Privacy?" July 2004. Michael Geist. http://www.michaelgeist.ca/content/view/88/163/.
Gillespie, Kerry. 2003. "Librarians Fear for Privacy: Laws May Chill Access to Web, Books, They Say Internet Use in U.S. Libraries Can Be Tracked." Toronto Star, June 22, 2003.
Information and Privacy Commissioner of Ontario. 2002. "What Are the Privacy Responsibilities of Public Libraries?" http://www.ipc.on.ca/images/Resources/library-e.pdf.
Johnson, Scott D. 2000. "Rethinking Privacy in the Public Library." International Information & Library Review 32: 509-17.

Google Scholar

Krug, Judith F. 2006. "ALA and Intellectual Freedom: A Historical Overview." In Intellectual Freedom Manual, 7th ed., edited by American Library Association, Office for Intellectual Freedom, 14-44. Chicago: American Library Association.

Google Scholar

Magi, Trini. 2007. "The Gap between Theory and Practice: A Study of the Prevalence and Strength of Patron Confidentiality Policies in Public and Academic Libraries." Library and Information Science Research 29: 455-70.

Google Scholar

———. 2008. "A Study of U.S. Library Directors' Confidence and Practice regarding Patron Confidentiality." Library Management 29 (8/9): 746-56. [End Page 15]

Google Scholar

Murray, P.E. 2003. Library Patron Privacy (SPEC Kit No. 278). Washington DC: Association of Research Libraries.

Google Scholar

Neuhaus, Paul, Connie Van Fleet, and Danny P. Wallace. 2003. "Privacy and Confidentiality in Digital Reference." Reference & User Services Quarterly 43 (1): 26-36.

Google Scholar

Nicholson, Scott. 2003. "The Basis for Bibliomining: Frameworks for Bringing Together Usage-Based Data Mining and Bibliometrics through Data Warehousing in Digital Library Services." Information Processing and Management 42 (3): 785-804.

Google Scholar

Ramasastry, A. 2006. "Why Are Librarians Mad about the USA Patriot Act?" Insights on Law and Society 6 (2): 1-4.

Google Scholar

Ross, Anthony, and Nadia Caidi. 2005. "Action and Reaction: Libraries in the post 9/11 Environment." Library and Information Science Research 27 (1): 97-114.

Google Scholar

Schwaig, K.S., G.C. Kane, and V.C. Storey. 2006. "Compliance to the Fair Information Practices: How Are the Fortune 500 Handling Online Privacy Disclosures?" Information and Management 43 (7): 805-20.

Google Scholar

Shachaf, Pnini. 2005. "A Global Perspective on Library Association Codes of Ethics." Library & Information Science Research 27: 513-33.

Google Scholar

Sturges, Paul, Eric Davies, James Dearnley, Ursual Iliffe, Charles Oppenheim, and Rachel Hardy. 2003. "User Privacy in the Digital Library Environment: An Investigation of Policies and Preparedness." Library Management 24 (1/2): 44-50.

Google Scholar

US Department of Health, Education and Welfare. 1973. Records, Computers, and the Rights of Citizens: Report of the Secretary's Advisory Committee on Automated Personal Data Systems. Cambridge, MA: MIT Press. [End Page 16]

Google Scholar

Copyright © 2011 The Canadian Journal of Information and Library Science / La Revue canadienne des sciences de l'information et de bibliothéconomie

Share