CC.4: Communicating about privacy

  • Which stakeholders do you need the most help influencing? What do they value? What has happened in conversations before?
  • Which anti-privacy arguments have you dealt with before?
  • What pro-privacy arguments have helped you in the past/would help you in the future?

I am fortunate enough to work with colleagues who agree that data privacy is important. However, it easier to know something is important than it is to thoroughly implement the proper protocols and processes. The organization where I work helps implement good data practices in various government agencies, however, we do not have any proper data privacy and retention processes for our own work. The main issue I would probably have is the follow through after proposing any type of policy new data management process. Luckily, my supervisor is very supportive and willing to back me up when I propose new ideas.

1 Like
  • Which stakeholders do you need the most help influencing? What do they value? What has happened in conversations before?
  • Which anti-privacy arguments have you dealt with before?
  • What pro-privacy arguments have helped you in the past/would help you in the future?

In the small group I was a part of, we discussed that coworkers in the public library setting needed the most influencing. Many of our coworkers who are frontline with us and engage directly with patrons every day value order and control of the space over people’s intellectual freedom and privacy. This is especially apparent to us with young patrons- ages 10-18. Monitoring their use of the space and making them submit to our rules that are often arbitrary and not actually present in any policy. These conversations can sometimes be dead end. I appreciate that in libraries we have to “find our people” as Alison said.

For me the common anti privacy argument is “Only people up to no good have anything to hide.”

The pro privacy arguments that would help me in the future are expanding the net of who is impacted by privacy (and trust) breaches. For example, my library has a robust ELL program. We work with 500+ students each year. I’ve found that explaining how public libraries in the US are distinct in being “free” and asking colleagues to consider our proximity and relationship to the municipal government we’re a part of to understand why people may be hesitant to get a card and hand over their info to us.

1 Like

I feel like the most common anti-privacy arguments I encounter prioritize (theoretical) building security and information gathering over patron privacy. For example, we had a few folks here who thought everybody should be able to access incident reports system wide as a safety measure, arguing that patrons involved in these reports had ceded any rights to privacy and sharing this information would lead to greater efficiency in identifying trespassed patrons.

What I often do is start by focusing on cases in which I know folks are more likely to agree with me. For the incident reports, I remind folks that victim information is also often in incident reports, that some incident reports involve medical emergencies, and that even the folks who are causing harm could be experiencing some sort of mental health crisis. This often primes the conversation in a way that makes it easier to pivot to less invasive solutions. I’ve taken a similar approach with folks who say only criminals should be worried about privacy. Often then I focus on highlighting crimes that I know folks will be more sympathetic to (like abortion or drug use or even jaywalking), and pointing out the same mechanism used to capture “worse” criminal behavior will be weaponized against these populations. As Alison said, the more you can make it about personal risk for the person you’re speaking with, the more impactful your argument can be.

In my old library it was difficult to discuss this with almost everyone. Privacy in the name of adhering to law was the main concern of management, but in our interactions with patrons and other behaviors, it was viewed as cumbersome to library service. Training new staff who were assisting in tech one-on-ones and how to be privacy minded when interacting with patrons was almost always ignored.

I have not had a chance to discuss privacy with my new colleagues, but I know that there is an existing value here, for instance we do not keep any circ records once items returned. I just finished up a course on Learning Analytics and Privacy which let me do a bit of a survey to see how we are doing and the people in charge of the student course management software and lms are privacy minded which is great to see, but it took a lot of digging to find out that information.

Anti-privacy arguments are probably what we have all heard, that its too difficult or doesn’t really matter. A good deal of nihilism involved and understandably feeling powerless so why make life more difficult. Or that they have nothing to steal (for individuals) and for organizations that we are already doing enough. One person was interested in discussing vendor privacy concerns with me, but the task of looking into those agreements and making the language more understandable for patrons was outside of my role and I was not given time to do that.

The world has changed a bit and I think awareness around data privacy is growing as the concepts become easier to understand through mainstream reporting and interpretation. I work with people who are more invested in Intellectual Freedom and Privacy, so organizing my arguments in ways that show how we can implement policies and procedures that align with our values and offer accolades are tools I think I’ll utilize going forward.

1 Like

“Many of our coworkers who are frontline with us and engage directly with patrons every day value order and control of the space over people’s intellectual freedom and privacy.” Yes to this! I saw it so often with seniors and people with low digital skills too. In those cases it was less about control and more that advising them on privacy was cumbersome to the end goal.

We have two primary groups of stakeholders we work with: our members (comprised of academic, public, school, and special libraries in the region) and our local/state legislators. We advocate to legislators about increasing state funds to libraries, which benefits us and our members, but we have to consider their interests which vary politically. And we’re a membership driven organization, so we need to provide resources and services that fit our members’ interests… which vary widely depending on what type of library they are. It is a challenge feeling like we are acting relevant to their interests and not being “out of touch,” which I have heard before. I would say our members do value privacy and it has come up in conversations when we promote new services - it is usually one of the first questions asked.

I don’t tend to hear anti-privacy arguments from our members, but generally it tends to be “everyone’s data is out there already” or “I have nothing to hide.”

I think the best instance of a pro-privacy argument was when our virtual reference service got bought by Springshare, and one of the things they tried to promote to our group was the ability to see past chats with library patrons in the system. One of our institutions protested this, and decided to drop out as a result of this change because of the lack of privacy it afforded patrons. Springshare kept the feature, but ended up making it optional so libraries could choose whether they wanted to be able to access this feature. It was not the most ideal solution, but at least it wasn’t required from that point on.

1 Like

I think for the most part the biggest barrier to convincing people here about the importance of privacy is 1. that I am a library baby and 2. people are very resistant to changes they perceive will make their job harder. The pushback I have gotten about computers is that wiping them is a manual process that would have to be done nightly. For security cameras, it’s that we want to know who is messing with xyz so we can ban them (we never call the police unless absolutely necessary, which is something, I guess.). For the data records, it would involve reconfiguring our system and is therefore more work. There’s just a general air of apathy towards the importance of privacy, and a feeling that the payoff won’t be worth the effort.

Wow…the part about them “ceding any rights to privacy” is chilling.

This is a smart tactic.

Ughhhhh this is such an annoying thing to hear because it’s NOT TRUE! There are multiple programs out there that can do this automatically.