Privacy in the 21st Century: Issues for Public, School and Academic Libraries

Privacy has come to the top of the agenda around the world. This has given new importance to privacy as an issue for library and information professionals. It has taken several forms, from general concerns about intellectual freedom and the right to read to specific procedures about confidentiality, data protection and professional ethics. This timely work reflects current interest in the USA, where it is based, examining the privacy challenges for public, school and academic libraries.

These are arguably caught in the cross‐fire from those who believe that the right to privacy, constitutionally as well as under tort law (which deals with alleged harms caused by abuses of privacy), is sacrosanct, and those who argue that, under modern conditions of state security and terrorism, stronger monitoring and surveillance are justified. Other issues, above all those associated with children and young people, are involved, and bodies like the American Library Association, the American Civil Liberties Union, the Electronic Frontier Foundation, and the Electronic Privacy Information Center have been articulate advocates in the debate.

Privacy law in the USA is embodied not only in several Amendments (like the Fourth which protects people's property against unreasonable searches) and federal law like the Privacy Act 1974 (which includes provisions similar to data protection laws in other jurisdictions), but also the work of the Federal Trade Commission, which deals with consumer privacy issues like spam and identity theft and credit data. There is also law seeking to protect children, like the Children's Online Privacy Protection Act 1998 (COPPA), and, more recently and controversially, law arising out of fears of terrorism like the USA Patriot Act 2001. Under civil law, tort law applies where, for example, X alleges that Y invaded the privacy of Y, or where such an invasion allegedly places someone in an offensively false light. On top of all this, technology, and above all the internet, drives things on, raising issues of government monitoring, cookies and data mining and consumer privacy, radio‐frequency identification (RFID, not just in supermarkets but as an advance of barcodes in libraries), spyware and biometrics, filters and walled gardens.

Information professionals familiar with these issues, in a US context, will recognize all of them. The point, then, is to examine how they impact upon library and information work, above all in public, school and academic libraries. The three authors of this book are school, public library, and academic library practitioners, and the fourth is a lawyer specializing in First Amendment law. The book is one of several from Libraries Unlimited on library law (further details from the website at http://www.lu.com/). They define the right to privacy in a library as “the right to open inquiry without having the subject of one's interest examined or scrutinized by others”. After two introductory chapters on relevant law and technology, they move on to public libraries, where their communitarian role needs to be balanced by the need to respect privacy and take appropriate steps with confidential data (called here personally identifiable information or PII). We are speaking typically of records of use and the retention and disclosure of such data, above all to third parties; of the need to have such data in order to manage and plan, examine trends and plan expenditure' and of the challenge of managing internet access where regulation and privacy issues seem much harder.

Characteristic of professional bodies, the ALA provides plenty of advice and is a major player in the current debate in America. Its policy on the confidentiality of library records (1986) states that records should be confidential and that disclosure to law enforcement should take place only with good reason. The 2004 update on the confidentiality of PII discusses identifying library users and materials they use, including inter‐library loan records and internet logs. Challenges lie in areas like filtering, disclosing information to government, and what liabilities (under contract or not) apply where, as is usually the case, libraries deal with third‐party online providers (database publishers, internet service providers, and so forth) whose assumptions and practices may be different from those of the library (for example, they might customarily use cookies). This sharpens up when they move to school libraries, where the confidentiality of records, walled gardens and filtering, parental permissions, and acceptable use policies are matters of universal interest. Such issues are, in fact, part of the wider challenge of managing educational records themselves. Then, finally, to academic libraries, where again acceptable use policies (AUPs) and monitoring use, primary and secondary liability, contractual arrangements with content providers, and privacy audit are equally important.

This is a sensible addition to its field, reflecting US experience but raising issues which information and library professionals around the world will easily recognize. Chapters include well‐researched lists of references which can be followed up. Other discussions worth checking include the UK debate about data protection (such as that in Chris Armstrong and Laurence Bebbington's Staying Legal : a Guide to Issues and Practice Affecting the Library, Information and Publishing Sectors, 2nd ed., Facet Publishing, 2004), the records management angle on confidentiality reflected in works like Elizabeth Shepherd and Geoffrey Yeo's Managing Records (Facet Publishing, 2003), and more popular and wide‐ranging discussions of freedom of information such as Heather Brooke's Your Right to Know (Pluto Press, 2005). Ethical issues come out well in Library Trends, Vol. 19 No. 3, Winter 2001. Privacy as an issue, for society and information work, will run and run, and Privacy in the 21st Century is a useful snapshot of what is going through the minds of people running certain types of libraries in America, or what should be.