CC.1: Week 5, communicating about privacy

Edit: now that we’ve met, let’s continue this conversation by talking about how we respond in each of these situations.

What anti-privacy arguments have you encountered? When have these arguments come from admin, IT, or other colleagues? How can challenge these ideas using what we discussed in our conversation what motivates different stakeholders? What motivates the stakeholders at your library? How can you use threat modeling to support your arguments?

  • wanting information for statistics (management)
  • “helping” patrons by connecting them to social services (colleagues)
  • convenience of specific subscription resources (public/colleagues)
  • convenience of staff not having to remember passwords (colleagues)
  • not wanting to deter people from posting about conferences on social media (re: policies for not sharing Zoom screenshots or requiring permission, etc) – colleagues

  • people advocating for a “real name” policy for an online platform because they think it will help deter harassment – colleagues

I don’t have a great single example of this general idea (one where I think I’m mostly thinking of students but also other colleagues) but I think a lot of issues also boil down to a potent combination of:

  • mild apathy/convenience
  • being required to use something for classes, school, to get paid makes it feel like doing your due diligence is pointless because you’d have to push back pretty hard if it’s required by people with more power than you
  • nihilism: it can’t be worse than other $terrible_service I signed up for so whatever
  • not believing that anything truly bad could happen as a result of privacy violations (a close cousin of “I have nothing to hide so I have nothing to worry about” and “if google was going to do something bad with that data it would have happened already”)
1 Like

the most i’ve got is when i was giving my portfolio presentation (about mass online surveillance and how marginalized BIPOC communities are particularly vulnerable to its consequences), one of the faculty members on the panel asked, “…but what are the positive benefits of this data collection?”

and i was all:


(dm me and i’ll definitely name names)


If any librarian in district wants something ordered more than one year (or more than the trial period) there has to be ample graphs and charts to show usage so it can be passed up through the bureaucracy.

So any time it comes up where we realize that so much data gets collected, the supervisor in charge of submitting these PO’s replies, “Well yeah, that’s good, now we have proof the students are using it and we can order it again.” Shouldn’t proof of EBSCO/GALE usage be that students are submitting papers/inquiry projects?

I also don’t know if anybody here has problems with cameras during meetings but it pops up every so often here in my district. Teachers levy unnecessary consequences on students for not turning on cameras during class. Lots of students do not have ideal learning circumstances and many have to listen to class while working. In addition, teachers were at one point in the pandemic penalized for not turning on cameras during meetings. If I had a nickel for all the scolding I received, I wouldn’t have to work there anymore. Any time I bring up the privacy argument admins make the same two statements:

For teachers: It’s not collegial and it’s impersonal to have your camera not activated.
For students: What if they’re cheating/doing something else.

I understand I could be in the wrong and the more I talk to colleagues about this, I realize there is an age divide.


Yes, the camera thing is tricky! I remember someone saying they felt like it was really inappropriate that they had to effectively meet with a student in their bedroom but it’s not like the student necessarily had much choice! …so many of these rules seem to expect everyone to have had a fully equipped private home office just-in-case of a pandemic :roll_eyes:

I’ve seen some statements along the lines of “it’s easier for me to present/gauge feedback if at least some of you have your cameras on, so if you are able please do, but it’s not a requirement” etc. which I think is reasonable. I think making it a hard requirement or punishing people is unreasonable though!


I have heard that sentiment too from some colleagues and like I mentioned before, it is mostly from folks who are not in the fresh teacher bracket (22-30.) I am guilty myself of zoning out during a meeting but I’ve zoned out in person as well so I can’t help feeling like shrug. If you’re an extrovert/good meeting person, you might not consider the privacy issue or you might be really into the blurred/picture backgrounds. You’re right it’s tricky. The more and more I talk about it with folks, the less clear the answer becomes.

1 Like

Basically echoing a lot of what everyone else has already said, I think!

  • we need to track info for stats, and we need the most detailed stats possible to support requests for funding
  • with security footage policies - not creating strong boundaries around what we will and won’t share without a warrant because we want to maintain a good relationship with law enforcement (which is prioritized over our relationship with patrons even though law enforcement isn’t our user base? why??!)
  • I guess a variation on the convenience argument: it’s just “not that big of a deal” so we shouldn’t waste valuable time talking about such a “minor” issue (got this recently when I was asking how we intend to redact personal info on reference by mail letters before they get uploaded onto our Ask A Librarian platform)
  • so much personal info is publicly accessible now anyway, so the attitude was that if it’s info that could be found with a cursory Google search then it’s not a violation of privacy bc it’s “public record”

great examples folks! keep them coming! we will address most or all of these together in class, and will collectively figure out the best counter-responses!

definitely hear some of these same statements! stats, usage, funding - but how can we measure success without tracking our users? a handful of the most recent ones:

  • okay, okay - but what if we reverse engineer who goes through ezproxy, so we can identify users who are NOT using the library resources? and then we contact the non-users and ask why they don’t use the library? (colleagues and admin)
  • if students send us an email with an issue or a complaint, then they’ve automatically given us their consent to store their info and issues on a shared spreadsheet. (admin)
  • if it’s already anonymized in google analytics, how is that going to hurt anyone? (colleagues and admin)

it’s a wonky mix of apathy and power, all in the name of student success. :nauseated_face:


Unfortunately I think convenience is the biggest factor for customers and library workers. When I asked how library staff planned to keep patron data safe if we switched over to Google, a couple of people said they would never strong text put patron data in the cloud. There were also many silent participants which made me question if those are the librarians who are already using Google for work related purposes.

I once had staff who specifically helped patrons with job searching and found out they were saving customer resumes on a flash drive. The reason provided was the customers were too technologically illiterate to know how to get back into their email to retrieve the document later. I was horrified. Apparently they thought this was better than helping customers reset the password to the email account they set up so they could access the resume they created on their last visit to the library.


this cracked me up

1 Like

Analytics are trendy. As a government agency we’re constantly being asked for stats: about programs, about newsletter distribution, page views, etc. I know that an argument for increased privacy will always get pushback because of the obsession with data.

My department (including me) has in the past used website analytics to argue against (actually unreasonable) staff demands, but I am starting to question whether that’s really worth it. At the very least we’ve let the data focus be the default for too long.


Yes! Not from anyone from my workplace, but I’ve heard the public record argument so many times


I work in a big endowed research university. One of the main arguments that I have heard is that collecting data and analytics about students (what resources they’ve used, webpages they’ve visiting, LMS analytics, etc.) can help ensure student success as we can see what resources or practices successful students used.

The institution that I work at can be overly rigorous, academically demanding, and competitive. There has recently been a rise in student suicide, which is terrible. Despite student surveys and testimonies all showing that increased mental health services and more healthy work-life expectations (including wellness days, grad student benefits and labor protections, working with overly competitive or demanding programs/departments/instructors to help address these issues) would be beneficial, instead there has been a several arguments coming from administration and central IT that data analytics could help us see a student in crises and therefore intervene ahead of time. It’s depressing, and absolutely trying to capitalize off the tragedies on campus in order to increase data collection. I also should mention that the crises invention protocol is to call the police, so the whole thing is terrible.


I agree with a lot of what others have mentioned here. specifically using apathy or convenience as an argument. Also, what I have run into more recently is silence or people trying to avoid the topic. Being part of a larger system with so many different departments and buildings, I often feel like I’m getting the run around when I ask questions - like it is not that person’s responsibility or that it falls under facilities/security/the county (someone besides the library).

1 Like

Other than setting up events for Choose Privacy Week, for which I got a lot of support, I haven’t yet brought up many privacy issues for which the library is responsible. One thing I have brought up and received pushback for, though, was suggesting that we could participate in the libraryvpn project. I told an IT person about it, and he at first didn’t see the point, saying basically that most patrons wouldn’t be savvy enough to use it and that we should focus on stuff like secure passwords and not falling for phishing scams and stuff.

Based on this course, I want to work on creating a library privacy policy, but I am not sure how that will be received.


I’ve been thinking of this in the context of the pandemic and the difficulties (read: mess) our campus and others experienced/experience in trying to think about privacy during crisis – what do you include in your “dashboard” data or other places concerning case counts, how is contact tracing information gathered, transmitted, retained, and by whom (the absolute safest apps!). Others have already noted the data focus in many of our workplaces. What happens with all of the data amassed under Covid?


A lot of the anti privacy arguments at the library stem from the idea of convenience. There are some practices that I am very against but am struggling to find the right angle to approach the conversation. There are a lot of silly practices we could get rid of to secure our patrons privacy but since people (staff and patrons) are so used to doing things one way, I don’t see it going over well and it all comes from the idea that we are doing it to make the patrons’ library experience easier. For example, we still have holds with slips that include pii out on the floor. Lots of people love that we do this, including staff.