Paul Sturges and Ursula Iliffe
Library record keeping has always produced significant files of personal data, most of which relate to the library’s users. The files have included records of membership and research interests; details of books borrowed and returned have cumulated in some library management systems; records of information requests and their outcomes have also been kept. The professional ethos of librarians, as expressed in codes such as the American Library Association’s Code of Professional Practice has been rooted in a very strong commitment to freedom of access to information. Thus the transactions between librarian and user have usually taken the form of an unquestioning provision of information by the former in response to the requests of the latter. Furthermore, research in more than one country has shown that this has been true regardless of whether the user’s requests have suggested some dangerous or anti-social motivation. It is because this has meant that users could usually consult and borrow whatever they wished, without interference or comment, that the content of reader records could be of genuine potential interest to police or intelligence agencies. For instance, Lenin’s British Museum Library user details were discovered not very long ago. Full documentation of his reading and that of Marx, a user of the Library over a much longer period, might well have been of interest to the agents of countries that saw their activities as threatening. Indeed, in totalitarian regimes there is ample evidence that library records have been used for surveillance of possible dissidents.
In the past this has seldom emerged as a problem in democratic countries for various reasons. The professional ethos of librarians has, like that of many other professions, placed a strong emphasis on respect for the confidentiality of client information. There is also considerable protection offered to the confidentiality of library personal data files by data protection legislation like the UK Data Protection Acts of 1984 and 1998. But perhaps most importantly, whilst user records were in paper files, retrieval of specific details was not always particularly easy. This poor retrieval potential tended to ensure that outside interest in library personal data files was often notional rather than real. However, today such files are increasingly created in digital form and these are so much more comprehensive and easy to access than the old paper records. Archiving of the reading records of library users is now a natural function of the computerized management systems that are in universal use. The ability to monitor email activity and use of the World Wide Web on terminals provided for public use in libraries is also part of system facilities. The same is true of a range of information finding activities by users, and librarians acting on their behalf, that necessarily involves electronic communication and recording of transactions. It is this improved potential access to personal data that makes the issue of possible outside interest in the content of libraries’ personal data files much more real. Additionally, today there is not only a notional official interest in reader records, but also a much more real possibility of commercial interest in the data. Library personal data files could certainly be used to identify possible consumers of particular products and services.
In the light of this radically changed situation, Resource (the UK Council on Museums Libraries and Archives) has provided substantial funding for a study of the issue by the Legal and Policy Research Group at Loughborough University’s Department of Information Science (July 2000 to December 2001). The study is, first of all, exploring librarians’ attitudes to the confidentiality of digital personal data files, and their administration of data protection law. For this purpose a wide-ranging survey has been undertaken in late 2000. Preliminary results from this, which will reveal the extent of libraries awareness of the issue, and preparedness to respond to approaches for access to data, will be reported in this paper. During 2001the project will also include surveys of user opinion and attitudes in software houses selling library management products, case studies of libraries from various different sectors, and exploration of practice in non-library sectors for comparative purposes. Progress on these aspects of the project will also be reported. Together these various elements are intended to build up a full picture of the state of attitudes and practices relating to privacy in the digital library. This will then be used as a basis for drawing up guidelines on appropriate policy development relating to personal data files in libraries.