It almost doesn’t need to be said that old-fashioned library checkout cards were terrible for patron privacy. Want to know who had checked out a book? Just take the card out of its pocket and read.
It’s also a trivial observation that there’s a mini-genre of news articles and social media posts telling the tales of prodigal books, returning to their library after years or decades away, usually having gathered nothing but dust.
Put these two together on a slow news day? Without care, you can end up not protecting a library user’s right to privacy and confidentially with respect to resources borrowed, to borrow some words from the ALA Code of Ethics.
Faced with this, one’s sense of proportion may ask, “so what?” The borrower of a book returned sixty years late is quite likely dead, and if alive, not likely to suffer any social opprobrium or even sixty years of accumulated overdue fines. Even if the book in question was a copy of The Anarchist Cookbook, due back on Tuesday, 11 May 1976, the FBI no doubt has lost interest in the matter.
Of course, an immediate objection to that attitude is that personal harm to the patron remains possible, even if not probable. Sometimes the borrower wants to keep a secret to the grave. They may simply not care to be the subject of a local news story.
The potential for personal harm to the borrower is of course clearer if we consider more recent loans. It’s not the job of a librarian to out somebody who wishes to remain in the closet; it remains the case that somebody who does not care to have another snoop on their reading should be entitled to read, and think, in peace.
At this point, the sense of proportion that has somehow embodied itself in this post may rejoin, “you’re catastrophizing here, Charlton,” and not be entirely wrong. Inadvertent disclosure of patron information at the “retail” level does risk causing harm, but is not guaranteed to. After all, lots of people have no problem sharing (some) of their reading history. Otherwise, LibraryThing and Goodreads would just sit there gathering tumbleweeds.
I’d still bid that sense of proportion to shuffle off with this: it’s mostly not the librarians bearing the risk of harm.
However, there’s a larger point: libraries nowadays run much higher risks of violating patron privacy at the “wholesale” level than they used to.
Remember those old checkout cards? Back in the day, an outsider trying to get a borrower’s complete reading history might have to turn out every book in the library to do so. Today, it can be much easier: find a way in, and you can have everything (including driver’s license numbers, addressees, and, if the patrons are really ill-served by their library, SSNs).
That brings me to my point: we should care about nondisclosure (and better yet, non-collection of data we don’t need) at the retail level to help bolster a habit of caring about it at the wholesale level.
Imagine a library where people at every level can feel free to point out and correct patron privacy violations — and know that they should. Where the social media manager — whose degree may not be an MLS — redacts patron names and/or asks for permission every time. Where, and more to my point, the director and the head of IT make technology choices that protect patron privacy — because they are in the habit of thinking about patron privacy in the first place.
This is why it’s worth it to sweat the small disclosures, to be better prepared against large ones.