Acceptable Use Policies

Having a good Acceptable Use Policy (AUP) for Internet Use and enforcing it regularly are important for your school. In fact, according to Fitzer and Peterson (2002) http://www.ed.uiuc.edu/wp/crime-2002/aup.htm you can have an AUP, enforce it, and not need a filter if you are using software that activates when violations occur to notify of the offense. (I would like to see this software in action!)

In a previous post, I expresses concern over privacy, authentication and access for library systems. For an AUP to work, the network must be able to identify who has access to the Internet. Should this extend to the library’s OPAC?

Data trails and clickstreams may be captured and saved for violators using the software that activates when the violation occurs. All other data trails and clickstreams would not need to be collected and saved.

What about the “ones that get away and don’t get caught?” That is where responsibility and diligence come in. The school community should not be ignorant of what is going on in their libraries or on their computers. The link provided above to Fitzer and Peterson’s article provides some excellent ideas to help the school community prepare, prevent, and handle violations of the AUP.

School Library Access & Authentication

How do your students access school library materials and databases? Are they using their private information to do so? How far does that information travel beyond the school’s physical walls?

[Note: I do no propose that I am an expert on how data and private information is stored about students. What I want to do is consider how it is collected, stored, and what may happen to it. I believe that if we do not think about this, then we are not doing our jobs as librarians.]

When students desire to access materials, the librarian identifies them in some manner. This is authentication. As school librarians are well aware, there are ethical issues surrounding the private information of students. How students are identified for authentication in a library management system requires careful consideration. If the library’s automation system is contained to that one campus, then the issue of protecting patrons’ information is not as wide and broad as it is for a school library with an integrated online automation system or a virtual library system. The latter systems create user clickstreams, research trails, and possible other stores of data that might be traceable back to an individual student.

What is required of the librarian is an understanding of how information is stored. Decisions should be made to limit the amount of information that is collected to be stored. This would include login information. Records over time should be kept confidential or scrubbed.

The American Library Association (ALA) has a Policy on Confidentiality of Library Records, Code of Ethics, and a model of a privacy policy to help with the privacy and security implications. When working with database vendors (secondary parties) and reading their privacy policies, one will find that their privacy policies may not protect students (patrons) as well as ALA recommends. If you are unsure about this, check out an e-book or audiobook provider’s privacy policy to see if they are tracking and profiling their users.

Overall, the goal should be to protect students’ private information. Consider how students access the OPAC, checkout materials, research, and how their information is stored as they go about accessing what the school library has to offer. Is their private information safe, or is it available to secondary and third parties where it may not be encrypted or traceable back to the individual?