Private
Promote and ensure privacy through security and personal data ownership. Provide these tenets in systems and services to the best of our ability and be transparent where we cannot.
Personal privacy
The National Web Privacy Forum released a white paper and action handbook for achieving privacy in the age of analytics. The principles are adapted from these recommendations.
"These indicators can be viewed as a checklist that people can use to asses analytics programs for alignment with our privacy-conscious lens."
- Collect only the data needed for the use case.
- Analytics must allow retention and downloading of the data in open formats.
- Implement data retention strategies with capacity to completely remove data.
- De-identification, pseudonymization, and removal of personally identifiable information (PII).
- Support international privacy standards including the General Data Protection Regulation (GDPR).
Privacy principles for web development
The World Wide Web Consortium (W3C) published privacy principles to aid in the ethical development of the web. Below are a few of those principles.
- Principle 1.5.2: If a service needs to collect extra data from people in order to protect them or other people, it must take extra technical and legal measures to ensure that this data can’t be then used for other purposes, like to grow the service.
- Principle 2.1: A browser should help people present the identity they want in each context they are in, and should prevent or support recognition as appropriate.
- Principle 2.2.1: Sites, browsers, and other actors should restrict the data they transfer to what’s either necessary to achieve the person’s goals or aligns with that person’s wishes and interests.
- Principle 2.4: There is broad consensus that some categories of information such as credit card numbers or precise geolocation are sensitive, but system designers should not assume that other categories of information are therefore not sensitive. Whether information is considered sensitive can vary depending on a person’s circumstances and the context of an interaction, and it can change over time.
- Principle 2.5: People have certain rights over data that is about themselves, and these rights should be facilitated by their browser and the actors that are processing their data.
- Principle 2.6: Whenever possible, processors should work with data that has been de-identified.
- Principle 2.7: Groups and institutions should support autonomy by making decisions collectively to either prevent or enable data sharing, and to set defaults for data processing rules.
- Principle 2.9.1: Systems that allow for communicating on the web must provide an effective capability to report abuse.
- Principle 2.9.2: Browsers and sites must take steps to protect people from abusive behaviour, and abuse mitigation must be considered when designing web platform features.
- Principle 2.10.1: When accessing personal data or requesting permission, sites and other actors should specify the purpose for which the data will be used.
- Principle 2.10.2: Actors should not use personal data for purposes other than those specified. (Other uses are often called secondary uses.)
- Principle 2.11.1: When accessing data or requesting permission, sites (and other actors) should provide people with relevant explanatory information about the use of data, and browsers should help present and consume that information.
- Principle 2.11.2: Information about privacy-relevant practices should be provided in both easily accessible plain language form and in machine-readable form.
- Principle 2.12.1: When any actor obtains consent for processing from a person, the actor should design the consent request so as to learn the person’s intent to consent or not, and not to maximize the processing consented to.
- Principle 2.12.2: An actor should avoid interrupting a person’s use of a site for consent requests when an alternative is available.
- Principle 2.12.3: It should be as easy for a person to check what consent they have given, to withdraw consent, or to opt out or object, as to give consent.
- Principle 2.12.4: Actors should provide functionality to access, correct, and remove data about people to those people when that data has been provided by someone else.
- Principle 2.13.2: Web sites should use notifications only for information that people have specifically requested.
- Principle 2.14: Actors must not retaliate against people who protect their data against non-essential processing or exercise rights over their data.
Data security
People have the right to know and decide what is collected and have the peace of mind that it will be stored safely and only used for its intended purpose detailed through transparent data collection statements.
These are adapted from the Open Web Application Security Project.
- Confidentiality
- Only allow access to data for which the person or system is permitted.
- Integrity
- Ensure data is not tampered or altered by unauthorized persons or systems.
- Availability
- Ensure systems and data are available to authorized persons and systems when it is needed.
Read the complete list of security principles.
Further reading
All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.