Protecting their personal information and maintaining privacy online is an important concern for many library patrons. In an effort to help you understand and evaluate the resources you make use of, we have prepared this guide to online privacy issues as they relate to library services. Intended for use by both library staff and patrons, it will provide information on the types of services that might require your personal information, the types of information that might be collected, and how this information might potentially be used by those collecting it.
What is an eResource?
An electronic resource (often shortened to ‘eResource’) is any information source that the library provides access to in an electronic format. At Shortgrass, these include our online catalogue (on the Bibliocommons platform), eBook resources like OverDrive, educational resources like Mango Languages and Gale Courses, and information resources like Consumer Reports.
What is considered personally identifiable information?
Canada’s Privacy Act defines “personally identifiable information” as “any recorded information ‘about an identifiable individual’. It can include your race or colour; national or ethnic origin; religion; age; marital status; blood type; fingerprints; medical, criminal or employment history; information on financial transactions; home address; and your Social Insurance Number (SIN), driver’s licence or any other identifying number assigned to you.” (Privacy Commissioner of Canada)
What is considered non-personally identifiable information?
Non-personally identifiable information is any data collected from an individual that, on its own, could not be used to identify that individual. This includes both information that has been collected and anonymized (e.g., an anonymized search history or borrowing history) as well as information that could not reasonably used to identify an individual (e.g. web cookies, IP addresses, information collected from you about how you interact with a website.)
What information does my library collect about me?
Shortgrass member libraries collect and store only information that is required to provide library services to patrons. This includes your name, phone number, and email address. Shortgrass operates a modern, integrated library system employing industry-standard security measures. Information we collect is stored on a secure server in Alberta, Canada.
What information can library vendors collect from me?
When you sign up to use a service like OverDrive, RBDigital, or Pronunciator, you are agreeing to their terms of service and privacy policies. This includes agreeing to the collection of information from and about you -- including both personally identifiable and non-personally identifiable information. Information collected by the vendor might include:
This information may be specifically requested by the vendor during an initial registration process, automatically harvested from the patron’s Shortgrass Library System account, or gathered by the vendor over time as the patron uses the service.
How might this information be used?
We trust our vendors to safeguard your information and to only collect what is necessary and appropriate to provide quality services to our patrons. It is important to understand that just because a vendor is collecting this information, they are not necessarily using it for inappropriate or malicious purposes. Some of the ways that vendors might use the information they collect from you include:
What kind of guidelines and protections exist to ensure that my information is being collected, managed, and stored appropriately?
It is important to realise that companies are subject to the privacy laws not only in the country in which they are based, but also those in which they do business or store information. For Shortgrass library patrons, this means that while you may be a member of a Canadian library, subject to provincial and federal privacy laws and regulations, the company you have provided information to (e.g. OverDrive) is also subject to laws in its country of origin, as well as any country where they might also store your information or make use of it in some way.
Organizations like the Canadian Federation of Library Associations and the American Library Association have established guidelines for vendors wishing to do business with libraries. These documents are not considered legally binding or enforceable and should not be treated as such. Rather, they exist to help libraries and vendors ensure that they are taking appropriate measures to protect patrons’ privacy and right to freedom of inquiry. If you are interested in learning more about these guidelines, please follow the links below.