Library Technology Guides

Document Repository

Strengthening Patron Engagement While Protecting Privacy

Computers in Libraries [October 2018]

.

Copyright (c) 2018 Information Today

Abstract: Libraries always strive to strengthen their engagement with their communities, taking advantage of a wide variety of technologies, as well as daily person-to-person interactions. It's essential for library users to have a strong awareness of the materials and services available from the library and to have a positive rapport. In addition to providing routine services, it's important for the library to proactively promote itself, especially to those who may not be taking full advantage of its services. Libraries are increasingly interested in products and services that emphasize engagement, personalization, and outreach. These products include marketing services and analytics that integrate with existing library systems and tap into the usage data those systems generate. The assumptions regarding privacy seen in the commercial arena are reversed in the library context. Personal data is collected with full awareness and consent of the patron as he or she makes use of the content and services provided by the library.


Libraries always strive to strengthen their engagement with their communities, taking advantage of a wide variety of technologies, as well as daily person-to-person interactions. It's essential for library users to have a strong awareness of the materials and services available from the library and to have a positive rapport. In addition to providing routine services, it's important for the library to proactively promote itself, especially to those who may not be taking full advantage of its services. Maintaining or strengthening the position of the library often depends on support from the community it serves. That support takes various forms, including voting or lobbying for tax funding (at local, state, and national levels for public libraries) and helping the academic library secure its budget proposals to campus administrators.

Libraries earn community support through building top-notch collections and through services that delight their users. Outreach and marketing efforts can also build awareness and increase interest and use of the library's services. Tools and technologies are abundantly available to support marketing for commercial organizations. Although libraries may want to emulate the marketing strategies and technical platforms successfully used in the commercial sphere, the special stance most libraries take in safeguarding the privacy of their users must be considered. Similar Desires

Libraries are increasingly interested in products and services that emphasize engagement, personalization, and outreach. These products include marketing services and analytics that integrate with existing library systems and tap into the usage data those systems generate. Discovery services and other search products increasingly use patron data to deliver results tailored to the interests of the user. Libraries also have an interest in using data generated through user activity to inform operational decisions, including collection acquisitions and placement and hours of service points.

The growing emphasis on user data to drive library services must reflect the special value that libraries place on privacy, which stands in stark contrast to the broader commercial arena. In the commercial arena, personal data acts as a basic currency that fuels a substantial portion of the internet economy based on advertising. The technologies and tactics of the collection and dissemination of that data continually become more aggressive and invasive as competition increases to gain the attention of consumers.

Different Motives

Advertising revenue drives the economy of the web today. Commercial marketing technologies aggressively collect and exploit personal data to the fullest extent. Big Data warehouses amassed through the gathering of just about every in-person and online transaction, combined with algorithms based on machine learning, fuel the platforms designed to dynamically deliver highly targeted ads and sponsored content. All our interactions on the commercial web are tracked and recorded, channeled into advertising networks. In-person and internet-based interactions equally contribute to the vast universe of user-specific consumer data that is commercially exploited. Much of how we use the internet seems based on an implicit-although not always conscious-trade-off between user privacy and free services.

Throughout a typical day, most people interact with the services of a lot of different organizations, many of which pursue techniques to strengthen and then measure satisfaction and loyalty. It seems as if every business interaction inevitably leads to a follow-up survey invitation or review request. Some businesses turn each point of sale into a marketing opportunity, enticing a return visit through a discount on some item of possible interest. Much of our advertising-based economy is predicated on Big Data and analytics programmed to mine past purchases and online behaviors to find patterns and clues to make recommendations for another item.

The boundaries of user privacy are increasingly difficult to understand and control. Our mobile devices, for example, have become the instrument through which we carry out most of our daily activities. Some people are cautious with their smartphones and carefully select options to guard their privacy. However, a recent news story described how some apps were able to track a person's location even when the location services on the device were disabled. While this issue may have since been addressed, it points to the increasing aggressiveness and complexity of managing privacy in today's environment in which technology continually extends its tentacles to gain any possible insight into consumer activity. Consumer technology probes deeply into personal information. Searching, browsing, and buying, in-person or online-it's all connected.

Given the extensive use of personal data in the commercial realm, it is quite a challenge for libraries, which value the privacy of the individuals who use their services. Libraries do not want to be directly connected into the established ecosystem of commercial advertising, but instead, they should work toward their own processes and technologies that facilitate engagement with their communities in ways that limit collection of personal data and that fully contain its dissemination.

Finding Middle Ground

In contrast to the commercial arena, libraries generally look for technologies and marketing practices that are less dependent on personal user data. The widely accepted practice for lending materials involves retention of the link between the patron record and an item record while the item is checked out. Once the item is returned, most libraries will permanently remove any trace of personalized information, creating an anonymized transaction record with category-level data for statistical reporting. Libraries are reluctant to maintain data that would reveal what patrons may have checked out or downloaded.

This scenario imposes some limitations in personalized services. Without retention of circulation data, systems are not able to provide features patrons might expect and appreciate (such as seeing lists of items they have previously borrowed or having the system make recommendations based on established reading patterns).

A wide variety of enhanced services can be delivered without necessarily moving into the realm of exploiting user data. User profiles can be enriched with data regarding a patron's interests, demographics, neighborhood of residence, and other sources that can be factored in to prioritize the presentation of content to the patron in search results and other aspects of his or her experience of library services.

Opt in or opt out? To support a more complete set of personalized features, many library systems can be configured to retain granular user data, either selectively or systemwide. As library systems evolve to be more driven by personal data and social factors, patrons can opt in to data collection and retention to take advantage of personalized services. Offering an opt-in approach to retaining personal data on a library system seems reasonably consistent with the values of privacy protection. In this scenario, libraries retain data only with the explicit permission of the patron. A default system configuration that retains data but gives the patron a chance to opt out is a bolder approach that some may see as inconsistent with library privacy values. Since I'm not a policy expert, I won't offer a value judgment on this issue, but I observe significant differences between these approaches.

To the extent that libraries collect and retain personalized user data, all possible measures must be taken to secure and contain that data. Unlike the technologies designed for the commercial arena, library systems must ensure that user data is not disseminated or exploited beyond explicit permissions given by the patron.

Retaining personalized data comes with the responsibility for implementing a very high level of security. These measures would go beyond the standard systems administration safeguards to also include encryption of all personally identifiable data as it is stored within the system and when transmitted between systems. As I have often suggested, all library interfaces should be configured to use HTTPS to encrypt all information as it flows from the patron's web browser to the servers supporting the library's services. Library interfaces should avoid leaking personal data into the commercial advertising networks through any tags or code snippets that are often included to enable social features or analytics.

Doing the Right Thing

The assumptions regarding privacy seen in the commercial arena are reversed in the library context. Personal data is collected with full awareness and consent of the patron as he or she makes use of the content and services provided by the library. Libraries should take all possible measures to contain and protect personal data. To the extent that user data feeds into value-added services, it is anonymized and aggregated in ways that cannot be tracked back to individuals.

Given that library systems are increasingly based on technical infrastructure hosted remotely by vendors, these privacy and security measures are a shared responsibility. Libraries need to understand how their vendors and service providers handle personal data and ensure that those practices are consistent with their policies and expectations.

The concern for privacy should not result in libraries being hamstrung to offer personalized services and to pursue carefully crafted marketing campaigns to amplify their impact. Libraries can work toward implementing systems in ways that address the concerns of safeguarding privacy while delivering services that meet or exceed the expectations of its users. Following policies and implementing technologies designed to respect the privacy of library users do not necessarily inhibit creating effective channels of communication with patrons or avoiding tuning search results according to personal interests. But it does mean accomplishing these features in ways that are consistent with values broadly held by the library community and by the policies of any given library organization.

Permalink:
View Citation
Publication Year:2018
Type of Material:Article
Language English
Published in: Computers in Libraries
Publication Info:Volume 38 Number 8
Issue:October 2018
Page(s):18-20
Publisher:Information Today
Series: Systems Librarian
Place of Publication:Medford, NJ
Notes:Systems Librarian Column
ISBN:1041-7915
Record Number:24075
Last Update:2019-03-06 07:48:40
Date Created:2019-03-06 07:47:30