Private
Promote and ensure privacy through security and personal data ownership. Provide these tenets in systems and services to the best of our ability and be transparent where we cannot.
Personal privacy
The National Web Privacy Forum released a white paper and action handbook for achieving privacy in the age of analytics. The principles are adapted from these recommendations.
"These indicators can be viewed as a checklist that people can use to asses analytics programs for alignment with our privacy-conscious lens."
- Collect only the data needed for the use case.
- Analytics must allow retention and downloading of the data in open formats.
- Implement data retention strategies with capacity to completely remove data.
- De-identification, pseudonymization, and removal of personally identifiable information (PII).
- Support international privacy standards including the General Data Protection Regulation (GDPR).
Data security
People have the right to know and decide what is collected and have the peace of mind that it will be stored safely and only used for its intended purpose detailed through transparent data collection statements.
These are adapted from the Open Web Application Security Project.
- Confidentiality
- Only allow access to data for which the person or system is permitted.
- Integrity
- Ensure data is not tampered or altered by unauthorized persons or systems.
- Availability
- Ensure systems and data are available to authorized persons and systems when it is needed.
Read the complete list of security principles.
Further reading
All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.