Information privacy fundamentals for librarians and information professionals

As more information is collected, shared, and mined, the need to understand and manage information privacy has become a necessity for information professionals. Governments across the globe have enacted information privacy laws. These laws continue to evolve and the information privacy protections that have been established differ by country. A basic understanding of privacy law, information privacy approaches, and information security controls is essential for information professionals to properly manage private/personally identifiable information (PII) in differing capacities in libraries, academic institutions, corporations, hospitals, and state and federal agencies.



Understanding and knowledge of applicable privacy laws and the ability to write privacy policies and procedures for the proper handling of PII are crucial skills for librarians and other information managers.



Information Privacy Fundamentals for Librarians and Information Professionals is tailored to the needs of librarians and information professionals. It introduces library and information professionals to information privacy, provides an overview of information privacy in the library and information science context, U.S. privacy laws by sector, information privacy policy, and key considerations when planning and creating a privacy program.

• Acknowledgments p. xiii
• Preface p. xv
• 1 Introduction to Information Privacy p. 1
• Origins of Privacy Rights p. 2
• U.S. Privacy Rights p. 2
• Privacy and the U.S. Bill of Rights p. 2
• The "Right to Privacy" Is Recognized p. 3
• State Recognition of Privacy p. 3
• Information Privacy Defined p. 4
• Personal Information p. 4
• Personal Data p. 5
• Data Protection p. 5
• Personally Identifiable Information p. 5
• Sensitive Personal Data p. 5
• Privacy Policy p. 5
• Privacy Notice p. 6
• The Development of Privacy Rights Globally p. 6
• Technology Spurs the Creation of Fair Information Practice Principles p. 7
• Protecting Information Privacy p. 8
• U.S. Federal and State Privacy Laws p. 9
• Federal Privacy Laws p. 9
• State Privacy Laws p. 10
• Privacy Education and Application p. 10
• Privacy Literacy p. 10
• Information Privacy in Libraries p. 10
• Applying Information Privacy Knowledge p. 11
• Notes p. 11
• Bibliography p. 14
• 2 Protecting Information Privacy: A Professional Imperative p. 17
• Protecting Privacy in Information Environments p. 17
• Privacy and the Right to Receive Information p. 18
• The Right to Receive Information in Libraries p. 20
• Intellectual Privacy p. 20
• Reader Privacy p. 22
• Professional Importance of Protecting Information Privacy p. 23
• Library Associations p. 24
• Archivists Associations p. 25
• Medical Informatics and Health Information Management Associations p. 25
• Conclusion p. 26
• Notes p. 27
• Bibliography p. 29
• 3 Major U.S. Privacy Protections: Laws, Regulators, and Approaches to Enforcement p. 31
• Introduction p. 31
• Federal Agency Regulators p. 32
• Trade and Marketing: The Federal Trade Commission p. 33
• Commerce, Trade, and Business Development: The U.S. Department of Commerce p. 34
• Finance: The Consumer Financial Protection Bureau, Federal Reserve Board, and Comptroller of Currency p. 35
• Educational Records: The U.S. Department of Education p. 35
• Privacy in the Workplace: Equal Employment Opportunity Commission p. 36
• Approaches to the Enforcement of Privacy Rights p. 36
• State Attorneys General and State Privacy Laws p. 36
• Self-Regulation p. 37
• Privacy Laws by Sector p. 37
• Marketing and Telecommunications: TCPA, Do Not Call, CAN-SPAM p. 37
• Protecting Children and Teens Online-COPPA p. 39
• Education Records: Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA) p. 40
• Financial Records: Gramm-Leach-Bliley Act, Fair Credit Reporting Act p. 41
• Health Information: HIPAA, HITECH, and GINA p. 42
• Government: FOIA, the Privacy Act, and the PATRIOT Act p. 43
• The Privacy Act of l974 p. 43
• The Freedom of Information Act p. 44
• FISA, the PATRIOT Act, and NSLs: Terrorism Investigations That Impact Privacy and Protections p. 45
• Costs Associated with Information Breach p. 46
• Conclusion p. 46
• Notes p. 47
• Bibliography p. 50
• 4 Privacy Literacy p. 53
• Digital Literacy p. 53
• Information Literacy p. 54
• Privacy Education for Online Users p. 55
• Patrons p. 55
• Youth p. 55
• Employees p. 56
• Information Gathering Online p. 57
• Cookies and Web Beacons p. 57
• Internet Protocol (IP) Addresses p. 58
• Data Mining p. 58
• Search Logs and Email Scanning p. 59
• Social Media Posts p. 59
• Online Gaming p. 60
• Enhancing Privacy Online p. 60
• Phishing and Passwords p. 61
• Public Wi-Fi Hotspots p. 61
• Spying and Webcam Safety p. 62
• Adjusting Browser Privacy and Security Settings p. 63
• Mobile Devices and Information Privacy p. 64
• Keep Abreast of Changes p. 65
• The Promise of Safer Web Surfing p. 65
• Conclusion p. 65
• Notes p. 66
• Bibliography p. 68
• 5 Information Privacy in Libraries p. 71
• Greater Anonymity p. 71
• Protecting Privacy and Confidentiality on the Front Lines p. 72
• Patron Awareness p. 73
• The USA PATRIOT Act p. 74
• Minimizing Data Collection and Retention p. 74
• Data Collection p. 74
• Observability p. 75
• RFID Systems in Libraries p. 75
• Learning from Privacy Practices of Small and Medium-Sized Businesses p. 76
• The Role of Privacy Professionals p. 77
• Locating and Examining Privacy Laws p. 78
• Dedicating Time for Privacy Review and Training p. 78
• Conclusion p. 79
• Notes p. 79
• Bibliography p. 80
• 6 Privacy Policies and Programs p. 81
• Privacy Policies p. 82
• Start with the Law p. 83
• Track and Evaluate Data Collection, Use, and Risk p. 83
• Perform a Privacy Audit or Assessment p. 84
• Explain What You Collect and How You Use Personal Data p. 84
• Collecting and Sharing Information: Cookie Use and Third Parties p. 84
• Contact Information p. 85
• Plain Language p. 85
• Visual Cues p. 85
• Layered Policies (Also Known as Layered Notices) p. 86
• Prominently Display Your Privacy Policy and Opt-Out Choice p. 86
• Contract for the Same Level of Privacy p. 86
• Review Good Examples of Privacy Policies p. 87
• Get Key Employees and Executives Involved p. 87
• Review, Approval, and Implementation p. 88
• Privacy Programs p. 88
• Support and Strategic Planning p. 88
• Training and Awareness p. 89
• Privacy Policies, Procedures, Checklists p. 89
• Creating a Privacy Team p. 90
• Challenges p. 90
• Communication p. 91
• Incident Reporting and Response p. 91
• Data Breach p. 92
• Library Privacy Policies and Programs p. 93
• Language and Presentation Options p. 93
• Considerations before Drafting p. 94
• Data Flows and Retention p. 94
• Data Collection, Use, and Third Parties p. 94
• Awareness and Training p. 95
• Considerations for Special Populations p. 95
• ALA Guidance for Libraries p. 95
• Conclusion p. 95
• Notes p. 96
• Bibliography p. 98
• 7 Global Information Privacy p. 99
• Fair Information Principles p. 99
• The Organization for Economic Co-operation and Development's Guidelines p. 100
• Fair Information Practice Principles (USA) p. 102
• European Privacy Protections and the Data Protection Directive p. 103
• U.S.-EU Safe Harbor Program p. 104
• Binding Corporate Rules and Model Contracts p. 106
• APEC Privacy Framework p. 106
• Canada's More Comprehensive Protections p. 107
• Two Federal Laws p. 107
• PIPEDA Privacy Principles p. 108
• Conclusion p. 110
• Notes p. 110
• Bibliography p. 112
• Glossary p. 113
• Index p. 121
• About the Author p. 129