Adventures in Privacy Literacy — Kate Roberts & Erin Berman, San José Public Library
Big Picture Question: How might we empower people to make informed decisions about online privacy issues? Came out of Knight Foundation challenge
- Lots of online data privacy issues & needs going on
- Need for being privacy literate; patrons asking about this issue
- Shift from Fear-based to fun & education
Received Knight Prototype Fund — rapidly iterate and create prototype (Luma Institute training)
- Their beginning research found that learning about online privacy can be scary, overwhelming (way too many results–where to get started), and boring (droll, dry, no interactivity, no personalization, one-size-fits-all)
- Yet people are thinking about their privacy
- 93% of adults that being in control of who can get info about them is impt
- 69% of adults say they are not confident that records of their activity maintained by online sites..
- Pew reports on online privacy
Design Thinking: Statement Starters, Stakeholder Mapping, Thumbnail Sketches, Community Interviews
Wanted to create something fun & engaging for their community.
Talking with our community, all ages/backgrounds, found
- use the Internet in different ways, day to day, hour to hour, it changed
- unique needs
- multiple identities
- different definitions of privacy
- Hungry to learn
Content mattered much more than platform, whatever was developed.
Partnerships: International Computer Science Institute & San José State University Game Dev Club
Game Development Roles: manager; artist; level creator; coder
Gamification Principles: Why Games Work
- Sequencing
- Appropriate Challenge
- Status
- Achievements
- Feedback Loops
- Curiosity
- Recognition over Recall
Paper Prototyping — 13 users tested; iterated along the way; learning happened; simplification needed; connecting dots to Privacy Path
Digital Prototype Tech: Construct 2 (HTML5 for 2D games) & Javascript (inserting the text & building the logic for the privacy path) — loaded text on the side of the game
User Testing: Broad audience have different needs: teenagers; adults; English as a second language; Diff levels of gaming experience
Follow-up survey: 80% learned something new from their Privacy Path; 33% took action, following links or tips
What came next: How should we make this info available for our customers on all devices? Game was going to be challenging & expensive to continue to design. Instead Developed Privacy area for library website, based on the paths originally developed for the prototyped game
- Used Quiz Module in Drupal to build toolkit & privacy paths
- Getting Started Tools for quick resources
- How the library is protecting patron privacy
- Coming Soon: Spanish & Vietnamese versions of Virtual PrivacyLab
- Game may never be live; definitely playable at the version they created in prototyping level
- Community response: page traffic phenomenal; library community reaction has been positive
NISO’s Initiative on Patron Privacy in Info Systems (#nisoprivacy) — Todd A. Carpenter @TAC_NISO, Executive Director, NISO
- About NISO
- ALA Code of Ethics Clause III – We protect each library user’s right to privacy & confidentiality…
- Publishers, content providers & systems vendors are not libraries, nor are they staffed by librarians; they serve library patrons, but they also serve other communities in other ways
- We often envision libraries as books — but much more often are servers
- Most library/info services take place in the cloud — not directly managed by library
- Outside of the library community, there’s a lot of orgs that have a very diff perspective on privacy: Google, Amazon, Facebook
- Not all privacy issues are hacks; not all breaches are malicious; not all data sharing is inappropriate
- Google Analytics — data goes back to Google
- OverDrive + Amazon
- Adobe Digital Editions — plain text data transfer
- Weigh these risks against the real benefits that can be derived, or service improvements that are possible, thru usage analysis
- Can libraries & services providers develop valuable services that are based on user activity data or improve existing services…
- Can we build a framework to protect patron privacy that is based on consensus that simultaneously recognizes the nuances with the privacy issue?
- NISO Patron Privacy Initiative — Mellon Foundation support
- Goal: Establish a consensus framework of principles that proscribe how info systems should respect the privacy of patron data
- Discussions
- Virtual Discussions: patron privacy in library systems, vendor systems, & publisher systems; AND legal frameworks
- In-person/live-streamed, post-ALA conference
- all meeting recordings available on project website
- Meetings were to develop key elements of privacy, privacy principles, and outline what principles mean
- Preamble: importance of privacy in community + value that can be provided by using patron data, using it in a responsible way, recognizing benefits, how to build privacy into process of using info
- Principle 1: Shared Privacy Responsibilities: Responsibility over everyone serving library patrons to respect privacy
- Principle 2: Transparency & Facilitating Privacy Awareness — not buried, not lengthy & not easy to understand.
- Principle 3: Security — use best possible systems to protect patron identifiable info
- Principle 4: Data Collection & Use — when appropriate to collect data, use, how long to hold/use
- Principle 5:Â Anonymization — if activity data, strip out as much identifiable info as possible, keeping risk of privacy exposure in mind
- Principle 6: Options & Informed Consent — educate patrons; provide Opt-Out; policies shouldn’t be retroactive
- Principle 7: Sharing data with others — it is necessary to pass credentials in a digital environment; passing it onto advertising isn’t appropriate. Reflect on patron privacy expectations, when sharing data with other orgs
- Principle 8: Notification of Privacy Policies & Practices — not making changes retroactive.
- Principle 9: Supporting Anonymous Use — opportunity for patron to use the service anonymously, as much as possible. Showing if an anonymous service is/isn’t available
- Principle 10: Access to One’s Own User Data
- Principle 11: Continuous Improvement — similar to preservation. Continually updating protocols & policies.
- Principle 12: Accountability (bw Library and Vendors) — third party review; vehicle for privacy audit needs to be developed
- Glossary developed for terms used
- What’s next? Draft of final report developed but not quite done. Out for final review.
- Special ISQ Issue & Computers and Libraries article has been written about this process; Trying to be open about the project
- For more info on NISO website
Holding Vendors Accountable question — not there yet for implementation — follow-up work on what implementation/adherence of the above principles would look like and how companies are doing. In vendors’ interest to have better grasp of some of these issues.