School Library Access & Authentication

How do your students access school library materials and databases? Are they using their private information to do so? How far does that information travel beyond the school’s physical walls?

[Note: I do no propose that I am an expert on how data and private information is stored about students. What I want to do is consider how it is collected, stored, and what may happen to it. I believe that if we do not think about this, then we are not doing our jobs as librarians.]

When students desire to access materials, the librarian identifies them in some manner. This is authentication. As school librarians are well aware, there are ethical issues surrounding the private information of students. How students are identified for authentication in a library management system requires careful consideration. If the library’s automation system is contained to that one campus, then the issue of protecting patrons’ information is not as wide and broad as it is for a school library with an integrated online automation system or a virtual library system. The latter systems create user clickstreams, research trails, and possible other stores of data that might be traceable back to an individual student.

What is required of the librarian is an understanding of how information is stored. Decisions should be made to limit the amount of information that is collected to be stored. This would include login information. Records over time should be kept confidential or scrubbed.

The American Library Association (ALA) has a Policy on Confidentiality of Library Records, Code of Ethics, and a model of a privacy policy to help with the privacy and security implications. When working with database vendors (secondary parties) and reading their privacy policies, one will find that their privacy policies may not protect students (patrons) as well as ALA recommends. If you are unsure about this, check out an e-book or audiobook provider’s privacy policy to see if they are tracking and profiling their users.

Overall, the goal should be to protect students’ private information. Consider how students access the OPAC, checkout materials, research, and how their information is stored as they go about accessing what the school library has to offer. Is their private information safe, or is it available to secondary and third parties where it may not be encrypted or traceable back to the individual?