Friday, 7 January 2022

In the library with the Data Protection Act - event review

Suzie Williams (Secretary of CILIP North East committee) attended this webinar led by Aude Charillon and hosted by CILIP North East. It was part two, following on from a very success webinar Aude lead for us last autumn about online privacy skills. The first webinar focused on skills we have (or don’t have!) as individuals – this second webinar widened this out to data protection within our libraries. Aude’s natural enthusiasm and curiosity for this subject made the session very engaging.

As library and information staff, we make a commitment to “uphold, promote and defend: […] the confidentiality of information provided by clients or users and the right of all individuals to privacy” (from: CILIP Ethics). Protecting users’ right to privacy usually translates into matters of data protection, but not solely. Aude covered the following topics and there were plenty of opportunities for participants to get involved and share their experiences:

  • Requirements of UK GDPR
  • Reviewing your library’s data collection and retention practices
  • Informing citizens about what we do with their data
  • Working with library software and resources suppliers
  • Offering privacy literacy classes and privacy-friendly tools.

One participant commented that it is often a case of personal choice in balancing up creepy (ie how much data an organisation has about you) and convenience (do I just click ‘accept’ when asked if I am happy for data to be harvested as I use this site’). Discussion about what is meant by ‘personal data’ highlighted that it isn’t just things like us sharing our names and email addresses, but it is also data collected in the background eg. the physical location of the pc we are using.


(Source: https://unsplash.com/photos/d9ILr-dbEdg)

Key takeaways from this webinar are:

  • Decide what you are happy about sharing of your personal data.
  • Also think about what you are happy with for data you may be collecting from a wider library perspective.
  • Make sure your have mechanisms in place to ensure the data you collect is up to date.
  • You can’t have implicit consent – you have to specifically ask for an individual’s consent.
  • We can feel awkward or shy, but we can ask why an organisation is asking about our info about – ie for what reason, what legitimate reason, what lawful basis.
  • Collecting for ‘legitimate reasons’ is interpreted differently by companies – many did not change their practice when GDPR came into force in 2018 as they said people aren’t bothered and it’s ok to collect their data. It is 3 years since GDPR became law, so now is a good opportunity to review your library’s practices.
  • Sometimes companies hide the settings for where you can choose what privacy settings you are happy with – you may need to hunt for it!
  • Step into shoes of one of our library users – think about how they might feel being asked about being asked for personal information.
  • Think about privacy issues when at the design stage when you are putting in a new service or piece of software.

A good closing comment from a participant was – start with your own personal practice (i.e. get your own house in order), lead by example, and spread out to your library and organisation.

If you are interested in finding out more about this here are some useful resources:

No comments:

Post a Comment