Privacy Guidelines for Library Usage in Digital Network Environment

Japan Library Association
May 24, 2019

1.In the beginning

  These guidelines show the specific content that the library should address to protect library use privacy in a digital network environment. 
  In 1979, the Japan Library Association ;revised ;the third statement of the "Declaration on the freedom of libraries" (hereinafter "library declaration of freedom") ;by adding ;"library protects the secrets of users¹ ". When the computer starts to be introduced to the library in the 1980s, "Standard for the protection of personal information associated with the computer introduction to the lending business as a guide for privacy protection in 1984²  defines a" (hereinafter, "reference"), this published a committee opinion about the "reference" ³  was⁴ .
  After that, in the 1990s, the Internet also spread in Japan and the ICT⁵  progressed remarkably, and the library also started to use the computer to lend in that environment. Even in the current library information system, networking using the Internet is indispensable, and externalization of servers for managing data has progressed because of efficiency and economy. In order to carry out library services in such an environment, the aspects that can not be met by the 1984 "standard" have become apparent. For example, there has been a movement to actively utilize for the service the usage history that has conventionally been deleted if the material is returned, and it is urgently required to cope with the user's privacy. The revised guidelines in this guideline are presented for the parts that can not be dealt with in the "criteria" mentioned above.
  The rapid improvement of computer performance and the network environment by the Internet has made it possible to process a large amount of data quickly, but once it leaks information, it will cause great damage. There is also a request international trade , and personal information has become strictly protected by laws and ordinances (so-called personal information protection legislation) in all organizations. Nevertheless, careless or intentional information leaks never stop. In order to respond to these, it is necessary for each staff member to raise awareness of privacy protection and for the library to clarify the privacy policy and to seek the understanding of users along with the routine inspection in the library business. Under all circumstances, the library must be responsible for the privacy protection of the library use. In addition, these guidelines should be applied regardless of the type  of the building type.

2.Importance of privacy protection

  The library has free access to information and reading to ensure that everyone has the freedom to know as defined by Article 21 of the Constitution of Japan or Article 19 of the International Covenant on Human Rights B (International Covenant on Civil and Political Rights) It is an organization that provides a capable environment. It is an essential duty for the library to protect the privacy of the library user to guarantee the freedom of knowledge as one of the basic human rights, in order to carry out the service.
  In the "Liberal Declaration of the Library", the main sentence No. 3 declares that "the library keeps the secret of the user". Libraries have been protecting privacy, such as the intimacy and sensitive information of users, long before the laws and regulations on personal information protection stipulate. This is guaranteed as the right to be respected as an individual under Article 13 of the Constitution, the right to the thought of Article 19 and the right of conscience.
  Even in the Code of Ethics for Librarians established by the librarian as a profession as a code to be established, the third sentence states that “librarians do not leak the secrets of users”. In providing services to library users, it is the responsibility of all those who work in the library to protect the user's right to privacy.

3.At what occasions "personal information" and "use information" are collected

  The library collects information such as names and addresses as information for identifying individuals (hereinafter, personal information) necessary for the service to be provided. Collection of personal information and usage information is aimed at material management. About what kind of information is collected and used for what purpose, it is necessary to show to the user in advance and to obtain the user's consent. When collecting personal information, this is the minimum required item to provide library services.
  Personal information and usage information are collected in the following situations, and logs ⁸  are also recorded and accumulated.

(1) Library system

A Registration of personal information for library use
      User ID, name, address, phone number, date of birth, e-mail address, information on attendance and attendance

Use of information linked to personal information
      loan, return, overdue, reminder, reservation, request, reference record

Access to the records of visit information
      information in and out
      information to use facilities during stay , use of reading seats etc.

(2) OPAC (user search machine) in the library

A record during login using information including user ID that can be linked to individual user

(3) View PCs (hereinafter referred to as in-house PC)

A.Use record and browsing history

B.Accumulation of logs to access filtering software for web site
    Accumulation of logs to link destinations
    Accumulation of communication logs to each communication device

(4) Use of library website

Record while logging in with a user ID

(5) Use of Internet connection provided by the library

4.Management of collected information

  Personal information and usage information managed by the library will be collected for services provided by the library. Libraries should understand what personal information and usage information will be collected, and in principle should keep the minimum information required for the minimum required period.
  The library shall establish and release collection methods, management methods and deletion timing based on the principle.

(1) Management of personal information and usage information (hereinafter, user information¹¹ )

A.User information should not be stored permanently.
B.Define storage methods for storage media and documents that contain user information, and immediately delete the data for which the storage period has ended.
C.User information will not be taken out of the library¹² .
D.Associating personal information with usage information, after the end of use such as lending and reservation, set the storage period securely and release it.
E.When we leave necessary information in o statistics, we anonymize personal information and cut off connection with use information.
F.For services involving collection and management of information beyond the scope of document management (usage history utilization service, My Page, Reading passbook, etc.), the highest priority is given to user privacy protection, and in the case of introduction within the library. You need to consider carefully and take adequate safety measures.
G.Services that involve collection and management of information beyond the scope of document management are provided to users who wish to provide services after fully explaining and understanding the merits and demerits to users.
H.Requests for discontinuing service should be fulfilled promptly and the usage records that have been stored must be completely erased.

(2) Management of password and personal information

A.Passwords should not be stored in plaintext¹³ , but must be protected by encryption¹⁴ .
B.Personal information must be managed so that it does not leak outside using the latest and most appropriate system.
C.User information stored on Cloud¹⁵  basis must also take adequate safety measures.

(3) Log management

A.The logs that remain in the system include application logs used for statistics etc., system logs that record the operation of the system, and backup logs for the purpose of recovering data in the event of a system failure.
B.Each library shall determine the management and operation of logs. It is necessary to erase and discard the recording medium in accordance with the storage rules.

(4) Sharing with third parties, monitoring by third parties

A.The library recognizes that user information is collected through links to external programs such as websites, OPACs, discovery services¹⁶ , and search services by external companies for library users I have to explain that to the user.
B.Do not provide data on library user information to third parties without the consent of the user or the court order.

(5) Usage history that remains on the user's Internet terminal in the library, correspondence to tracking of the Web site

A.We must set so that all data such as history, cookie¹⁷ , password are erased at the end of each person's use.

(6) Limitation of management authority

A.Access to user information, processing of statistical information and web analysis should be limited to specific authorized librarians.
B.When publicizing statistical information or conducting web analysis, it is necessary to anonymize personally identifiable information.

5.User access and control of self information

  Users have the right to access and control their personal information. This is necessary for the user to confirm that their personal information is correctly managed and to receive appropriate library service.

(1) The library needs to make it easy for the user to know what information to collect about, use for what purpose, and for how long.

(2) It is necessary for users to be able to access their own personal information and to provide an easy-to-understand guide on the method.

(3) If the user indicates that personal information is incorrect, correct it to the correct information. 

(4) When introducing a service that utilizes loan history, search history, etc., it is necessary to use a method (opt-in¹⁸ ) that allows the user to select only those who wish to use the service . When making a selection, fully explain to the user how much information will be used and how dangerous it is, and allow the user to always see the explanation. In addition, it will be possible to stop anytime at the user's request, and then discard the information collected during the service period.

6.Network with the outside

  The in-house PC and library server systems are constantly exposed to external threats under the Internet environment, and online security measures are essential¹⁹ .
  Log acquisition and management are essential for stable operation of the system, and it is almost impossible to leave no trace after releasing the linkage, as in the brown-loan lending period.
  From a crisis management point of view, the risk of information leaks will not be zero, no matter how advanced measures are taken. In order to secure the relationship of trust with library users, it is necessary to constantly consider and implement necessary and appropriate measures.

(1) Externalization by cloud system

A.Due to the advancement of systems, externalization through the introduction of cloud systems may be superior in terms of security measures as compared to operating systems in halls. In selecting operators, it is necessary for the library to proactively examine and decide their respective superiority and issues from the viewpoint of privacy protection, security measures, and understanding of library operations.

B.The following perspectives are important in introducing a cloud system.
  (A)impose on the system operator the same strict confidentiality obligation as a public employee.
  (B)The owner of all data is the library.
  (C)Secure appropriate encryption of communication.
  (D)Provision of personal information and usage information to third parties is not permitted even after anonymizing processing.
  (E)Be aware that Japanese law will be the governing law and courts in Japan will be the competent court.

C.When the system operator has requested the provision of investigation information, promptly request a report to the library. If there is no presentation of a search and push permit, the provision of information is not permitted.

(2) Use of external network

A.When providing a link to an external site on the OPAC or library homepage, check the privacy policy etc. of that site and recognize the handling of user information. It is important to present the contents to the user as needed.

B.User information covers all traces of the user's use of external sites, such as browsing history, cookies, IDs and passwords.

(3) Information transmission via the Internet

A.When information is providing services using the A Internet, applications and scripts of internal library system²⁰  or the like, there is a need for sufficient confirmation that you do not collect the unintended user information of the library.

B.When providing services that require login, it is necessary to publish the privacy policy and to pay close attention to the management of user information.

(4) Information sharing by shared card

A.Card countries and local governments to issue²¹ , private point card, if you also use your student ID card or the like as a library card, certain of the user information is shared²²  it must be recognized as a prerequisite.

B.When using a common card as a library card, the consent of the user is a premise.

C.Prepare users who do not want shared cards to be able to select a dedicated library card.

D.If you have to share student identification cards and staff identification cards as library cards at schools, university libraries, and in-house libraries, etc., take adequate measures for privacy protection and make the danger known.

7.Privacy Awareness of Librarians and System of Libraries

  In order to carry out these guidelines, it is important for the library to be responsible for the privacy protection of library use as well as for raising awareness about the privacy protection of librarians. The same applies to the case where the library is outsourced (designated manager etc.).

  It is desirable that the librarian, who is responsible for the privacy protection and personal information disclosure of library use, be a qualified librarian with expert knowledge of the library.

(1) The library must develop its own privacy policy for all operations and services. When formulating, keep in mind the JIS, ISO Standard²³  and the privacy policy of the local government.

(2) Libraries must develop and maintain effective methods for enforcing their own privacy policies. Receive regular privacy audits to ensure that each operation and service meets the library's privacy policy.

(3) All people who work in the library receive planned and continuous training on privacy and information security according to the content of their duties.

(4) In the event of an emergency such as personal information or information leakage, the fact will be disclosed and promptly dealt with.

Prepared by the Japan Library Association Comittee on Intellectual Freedom

---

notes

1 It is synonymous with privacy protection, and today also means protection of positive privacy rights.
2 May 1984 General Assembly Resolution
3 October 1984
4 Listed on the “Committee on Intellectual Freedom” page of the Japan Library Association website
5 Abbreviation of Information and Communication Technology
6 OECD principle 8 Operated by the OECD Council Recommendation) and the EU Data Protection Directive (1995), and currently under the EU General Data Protection Regulations (2016)
7 Not only public libraries but also all libraries such as school libraries, university libraries and specialized libraries Applied to the species
8 A record of update processing for OS, software, and database. Access log, error log, etc.
9 Use of services provided by the library such as the Internet database
10 Providing a wireless LAN connection environment represented by Wi-Fi TM etc.
11 The liberation declaration of the library uses reading facts It is divided into facts.
12 For user information stored on a cloud basis, see “6. Network with the Outside” later in this document.
13 Data as it is, with no processing for concealment and concealment.
14 common antonyms of plaintext. Hashing technology is usually used because recovery is not essential in ID authentication.
15 Cloud storage (put files on an external server) service. It has the advantage of being resistant to disasters.
16 OPAC is a service that can search electronic journals, databases, etc. with the same interface.
17 Information stored in a Web browser by communication with a Web server. Used for user identification and session management.
18 To obtain the user's consent in advance. The antonym is opt-out to indicate exclusion by post refusal.
19 Under such circumstances, it is not realistic to separate from the network for privacy protection and security measures.
20 simple subprograms to describe specific functions
21 My Number card, Basic Resident Register card, etc.
22 Whatever the service, improving convenience increases the risk of information security.
23 JIS Q 15001 (Personal Information Protection Management System-Requirements), ISO / IEC 27001 (Information Security Management System), etc.