CC.3: Privacy audits

What are your thoughts on conducting a privacy audit at your library?
Do you think you’d have institutional support?
Who would work on it with you?
Are there any areas that you think would be an obvious first step?
What would need to happen before you could conduct a privacy audit?

What organizations/people/conferences etc were you already familiar with in the “privacy world”?
Which are compelling to you?

I really want to do this. I don’t know how much support I will get from the Parish government (what other states call counties), but they also don’t need to know so much about it until I’ve started. I could work with our small IT group… I think first, I would start with our policies (and making sure our records retention schedule is accurate and precise–that checkout records are purged upon return, etc.). Then I would look at our technology. We don’t screen our hotspots… all we can see is how much data (which is great for knowing if we need more or not)… but I’d like to assess our other tech and make sure we have no hidden pockets that break privacy. Then I’d start looking at our vendor contracts.

I was primarily familiar with the FTC PrivacyCon because they had some sessions on fake news and disinformation. I knew about some tech conferences, but I wasn’t terribly familiar with everything out there. I admit I like free… free is about what my library can afford right now, so LFP has been great for getting me informed on such an important topic without me having to sacrifice a lot of money from my personal account (or me trying to justify the need for it to the Parish in order to get money for it).