- Where do you see opportunities for resisting or challenging the awful vendor practices we discussed today?
- What are small, harm reduction steps? What are starting points for bigger action?
- Where do you have power? Where could you build power?
- What are the challenges to standing up to these vendor practices?
the sloppy notes for our group can be found here: CryptPad
Here are the notes for our group (thanks to Jen for being our note-taker!): LFP week 4 breakout notes - Google Docs
Here are some URLs that came up that might be handy for future reference as well:
Twitter thread about Thompson Reuters records request access:
“Walking away from the American Chemical Society”
Santa Cruz Grand Jury case, SCPL director response:
Also a few thoughts on some smaller related type things that have come up in my job; not vendors per se but some things with admin and paperwork and sponsorship:
We used to have paper time sheets. The form from the university has a field requesting your SIN (Social Insurance Number, like American SSN). This is NOT something your employer needs you to write every week you work on a piece of paper that sits around on lots of people’s desks before getting filed. I crossed it off on a hard copy and made copies for the lab that included the redacted field, and made a point of reinforcing the message during trainings for new staff
We hosted a giant conference back in October. Several months after the fact, a big sponsor requested an attendance list for their event. We were fortunately able to decline the request for two reasons (1) we had adequate policy to suggest that this was not appropriate and (2) we didn’t take attendance in the first place!
generally pushing back on the impulse to record absolutely everything (esp in the context of Zoom) and e.g. setting things up to be available for only a limited time, taking minutes instead, keeping transcripts instead of full recordings, etc.
Making the case as often as possible for collecting and keeping less data is one useful area in which I’ve been able to have a little bit of influence even in a more admin-oriented role; often there are logistical or financial reasons not to keep everything as well which doesn’t hurt.
Does anybody here deal with Follett? For myself and other school library media specialists, Follett is the primary management system for the most part. It “communicates” well with many SMS services and admins like all of the additional “content” that ties with curriculum. Admins love anything that connects to state and national learning standards.
However, their privacy statement is hot garbage and funny enough; does not feature the word “student” anywhere. A company that provides so called services to students does not feature students as part of their privacy statement. On top of that…they have a privacy statement for higher ed, k-12, EU but they are all the same, verbatim.
Granted, the use of the Follett system to look for books is minimal (students prefer the word of their peers or myself) but I am concerned about what Follett can gain from communicating with the databases that are used to populate records. How can I determine what information they collect? I can tell easily what is collected on the website, you just have to use Firefox and you can see that the website gets tripped up when the website tries to connect to adwords and such.
Anybody have any info?
Jumbled notes are:
Points we have power
New branch of the library system, what kinds of technology and software get used?
“Newness” having capital.
How to present privacy issues in a way that empowers people?
Existing policies for editing, writing new ones.
Identifying who has responsibility for what
State level, consortium level advocacy.
Being fluent enough in the tech side of it to know when something is a problem
How to minimize harm
How long to keep data? Maybe don’t
How does privacy as a value play out in licensing?
Pointing out egregious things to IRB
Where don’t we have power
Who is allowed to have expertise, IT can help/hurt depending on how they’re involved