Library information security and privacy are both fundamental and challenging. Help is coming as Internet leaders push heavier use of encryption, a move that highlights the differences between secure and non-secure online use. How can libraries help prepare and educate users to work within a more difficult Internet environment? How can they inspire more private online behavior in the year ahead? Join the leader of ProQuest’s Information Security Office to discuss emerging issues in cybersecurity and privacy for libraries and information providers. Attendees will get tips for protecting the privacy of your patrons and for educating them on how to use information services securely. This session will also cover the differences between the privacy of consumer services and professional Information services, and best practices for patrons to protect their own personal information as they access public and library resources both in the library and remotely as the footprint of the library expands along with mobile device adoption.
Devise appropriate access to data
Least privilege
Revisit rights frequently
Encrypt it! Both in motion and at rest
Log all the access, and review the logs regularly
Audit your suppliers to your standards
Educate the users that use the data
Trust, but verify
Be ready for a compromise
It’s not IF it’s WHEN
Protect the data as though you guarantee it will be taken
Incident response & communications plan beforehand!
Devise appropriate access to data
Least privilege
Revisit rights frequently
Encrypt it! Both in motion and at rest
Log all the access, and review the logs regularly
Audit your suppliers to your standards
Educate the users that use the data
Trust, but verify
Be ready for a compromise
It’s not IF it’s WHEN
Protect the data as though you guarantee it will be taken
Incident response & communications plan beforehand!
Devise appropriate access to data
Least privilege
Revisit rights frequently
Encrypt it! Both in motion and at rest
Log all the access, and review the logs regularly
Audit your suppliers to your standards
Educate the users that use the data
Trust, but verify
Be ready for a compromise
It’s not IF it’s WHEN
Protect the data as though you guarantee it will be taken
Incident response & communications plan beforehand!
Devise appropriate access to data
Least privilege
Revisit rights frequently
Encrypt it! Both in motion and at rest
Log all the access, and review the logs regularly
Audit your suppliers to your standards
Educate the users that use the data
Trust, but verify
Be ready for a compromise
It’s not IF it’s WHEN
Protect the data as though you guarantee it will be taken
Incident response & communications plan beforehand!
Devise appropriate access to data
Least privilege
Revisit rights frequently
Encrypt it! Both in motion and at rest
Log all the access, and review the logs regularly
Audit your suppliers to your standards
Educate the users that use the data
Trust, but verify
Be ready for a compromise
It’s not IF it’s WHEN
Protect the data as though you guarantee it will be taken
Incident response & communications plan beforehand!
http://www.niso.org/apps/group_public/download.php/16064/NISO%20Privacy%20Principles.pdf
http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
Shared Privacy Responsibilities
Transparency and Facilitating Privacy Awareness
Security
Data Collection and Use
Anonymization
Options and Informed Consent
Sharing Data with Others
Notification of Privacy Policies and Practices
Supporting Anonymous Use
Access to One’s Own User Data
Continuous Improvement
Accountability
http://www.niso.org/apps/group_public/download.php/16064/NISO%20Privacy%20Principles.pdf
http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
Shared Privacy Responsibilities
Transparency and Facilitating Privacy Awareness
Security
Data Collection and Use
Anonymization
Options and Informed Consent
Sharing Data with Others
Notification of Privacy Policies and Practices
Supporting Anonymous Use
Access to One’s Own User Data
Continuous Improvement
Accountability
http://www.niso.org/apps/group_public/download.php/16064/NISO%20Privacy%20Principles.pdf
http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
Shared Privacy Responsibilities
Transparency and Facilitating Privacy Awareness
Security
Data Collection and Use
Anonymization
Options and Informed Consent
Sharing Data with Others
Notification of Privacy Policies and Practices
Supporting Anonymous Use
Access to One’s Own User Data
Continuous Improvement
Accountability
http://www.niso.org/apps/group_public/download.php/16064/NISO%20Privacy%20Principles.pdf
http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
Shared Privacy Responsibilities
Transparency and Facilitating Privacy Awareness
Security
Data Collection and Use
Anonymization
Options and Informed Consent
Sharing Data with Others
Notification of Privacy Policies and Practices
Supporting Anonymous Use
Access to One’s Own User Data
Continuous Improvement
Accountability
http://www.niso.org/apps/group_public/download.php/16064/NISO%20Privacy%20Principles.pdf
http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
Shared Privacy Responsibilities
Transparency and Facilitating Privacy Awareness
Security
Data Collection and Use
Anonymization
Options and Informed Consent
Sharing Data with Others
Notification of Privacy Policies and Practices
Supporting Anonymous Use
Access to One’s Own User Data
Continuous Improvement
Accountability
http://www.niso.org/apps/group_public/download.php/16064/NISO%20Privacy%20Principles.pdf
http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
Shared Privacy Responsibilities
Transparency and Facilitating Privacy Awareness
Security
Data Collection and Use
Anonymization
Options and Informed Consent
Sharing Data with Others
Notification of Privacy Policies and Practices
Supporting Anonymous Use
Access to One’s Own User Data
Continuous Improvement
Accountability
http://www.niso.org/apps/group_public/download.php/16064/NISO%20Privacy%20Principles.pdf
http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
Shared Privacy Responsibilities
Transparency and Facilitating Privacy Awareness
Security
Data Collection and Use
Anonymization
Options and Informed Consent
Sharing Data with Others
Notification of Privacy Policies and Practices
Supporting Anonymous Use
Access to One’s Own User Data
Continuous Improvement
Accountability
http://www.niso.org/apps/group_public/download.php/16064/NISO%20Privacy%20Principles.pdf
http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
Shared Privacy Responsibilities
Transparency and Facilitating Privacy Awareness
Security
Data Collection and Use
Anonymization
Options and Informed Consent
Sharing Data with Others
Notification of Privacy Policies and Practices
Supporting Anonymous Use
Access to One’s Own User Data
Continuous Improvement
Accountability
At the foundation of everything, we have some guiding principles that we worked with as we developed our approach:
Some data will always be collected; it’s the nature of online services.
Collection alone does not equal violation of user privacy, especially if explicit approval to use is given by the user.
The underlying primary goal is to assist the missions of the researcher, library or author in achieving their missions.
Guiding principles will define the rules of data collection, use and sharing.
If you collect it, use it wisely, protect it and get rid of it when you don’t need it any longer.
In March 2016 Apple product keynote, a section was devoted to privacy of data
A Reuters article1 released at the same time chronicled the internal ”privacy czar” review and scrutiny process within Apple
Apple has employed a similar review process prior to data being collected and/or used
Apple has been clear about their commitment to privacy
[1] http://www.reuters.com/article/us-apple-encryption-privacy-insight-idUSKCN0WN0BO