patron privacy – Meta Interchange

Here is a partial list of various ways I can think of to expose information about library patrons and their search and reading history by use (and misuse) of software used or recommended by libraries.

Send a patron’s ebook reading history to a commercial website…
- … in the clear, for anybody to intercept.
Send patron information to a third party…
- … that does not have an adequate privacy policy.
- … that has an adequate privacy policy but does not implement it well.
- … that is sufficiently remote that libraries lack any leverage to punish it for egregious mishandling of patron data.
Use an unencrypted protocol to enable a third-party service provider to authenticate patrons or look them up…
- … such as SIP2.
- … such as SIP2, with the patron information response message configured to include full contact information for the patron.
- … or many configurations of NCIP.
- … or web services accessible over HTTP (as opposed to HTTPS).
Store patron PINs and passwords without encryption…
- … or using weak hashing.
Store the patron’s Social Security Number in the ILS patron record.
Don’t require HTTPS for a patron to access her account with the library…
- … or if you do, don’t keep up to date with the various SSL and TLS flaws announced over the years.
Make session cookies used by your ILS or discovery layer easy to snoop.
Use HTTP at all in your ILS or discovery layer – as oddly enough, many patrons will borrow the items that they search for.
Send an unencrypted email…
- … containing a patron’s checkouts today (i.e., an email checkout receipt).
- … reminding a patron of his overdue books – and listing them.
- … listing the titles of the patron’s available hold requests.
Don’t encrypt connections between an ILS client program and its application server.
Don’t encrypt connections between an ILS application server and its database server.
Don’t notice that a rootkit has been running on your ILS server for the past six months.
Don’t notice that a keylogger has been running on one of your circulation PCs for the past three months.
Fail to keep up with installing operating system security patches.
Use the same password for the circulator account used by twenty circulation staff (and 50 former circulation staff) – and never change it.
Don’t encrypt your backups.
Don’t use the feature in your ILS to enable severing the link between the record of a past loan and the specific patron who took the item out…
- … sever the links, but retain database backups for months or years.
Don’t give your patrons the ability to opt out of keeping track of their past loans.
Don’t give your patrons the ability to opt in to keeping track of their past loans.
Don’t give the patron any control or ability to completely sever the link between her record and her past circulation history whenever she chooses to.
When a patron calls up asking “what books do I have checked out?” … answer the question without verifying that the patron is actually who she says she is.
When a parent calls up asking “what books does my teenager have checked out?”… answer the question.
Set up your ILS to print out hold slips… that include the full name of the patron. For bonus points, do this while maintaining an open holds shelf.
Don’t shred any circulation receipts that patrons leave behind.
Don’t train your non-MLS staff on the importance of keeping patron information confidential.
Don’t give your MLS staff refreshers on professional ethics.
Don’t shut down library staff gossiping about a patron’s reading preferences.
Don’t immediately sack a library staff member caught misusing confidential patron information.
Have your ILS or discovery interface hosted by a service provider that makes one or more of the mistakes listed above.
Join a committee writing a technical standard for library software… and don’t insist that it take patron privacy into account.

Do you have any additions to the list? Please let me know!

Of course, I am not actually advocating disclosing confidential information. Stay tuned for a follow-up post.

Tag: patron privacy

Tips and tricks for leaking patron information

Share this: