privacy and library data: email, IPs and &c.

I’ve been reading with interest the news stories lately about Epsilon. For those of you who don’t know Epsilon is a company that does marketing. Many companies give Epsilon customer lists and Epsilon uses that information to, say, email you about the latest Hilton Honors promotions. Except that there was a data breach and Epsilon lost up to 250 million email addresses along with information such as who those people were customers of. So, for example, they’d have my email address and the knowledge that I was a Hilton Honors member. So, a lot of people got emails in the last mont from companies saying “Um, be especially on the lookout for phishing attacks” and a lot of people were asking “Why did Epsilon have my email address in the first place, didn’t I sign a privacy policy with Company X?” And the answer is complicated. When you let Hilton Honors use your information to send you marketing information you are, in a way, letting them give the email address to marketing companies.

The reason I care about this at all is two reasons. One, there is a useful analog with libraries and how they handle their email lists of patrons. Obviously patron data is private and comes under whatever privacy laws a state has and whatever policies the library has. But is a library allowed to market to patrons? Or give these lists to peopl to market on the library’s behalf? This was the concern when the public library in Dixon California emailed patrons to let them know about ongoing library renovation plans and asked them to consider making donations. People who are not pleased with the library renovations, the Dixon Carnegie Library Preservation Society, is arguing that the librarian acted improperly when they gave patron email addresses to a consulting company without patron consent. Now let me just state I pretty well side with the library on this one, but it’s sure to be an increasingly contentious topic as libraries have more and more diffrent kinds of patron data to keep private.

And the second reson is just a cautionary tale. Many people with iphones are aware by now that the phone tracks where you go. I mean it has to in order to be a phone, but it stores this data in unencrypted form on both the phone and the synced compueter, forever. This means that anyone with access to a simple open source tool such as this one can make lovely maps like the one above. Good to know, and good to understand. As libraries move more towards mobile applications and mobile awareness generally, understanding how this sort of data works will be an important part of making sure we know how, when and why to keep it private.

6 Responses to “privacy and library data: email, IPs and &c.”

  1. GeekChic Says:

    I don’t side with the library in California and would be quite upset with any library that used my email or other contact information to fund-raise or otherwise market to me. One of the member libraries in our Consortium has a fairly large and sophisticated marketing department as well as a fund-raising staff.

    Neither marketing staff nor fund-raising staff ever use contact information from the integrated library system to contact patrons. This information is solely for contacting patrons to let them know about holds or overdue materials. Patrons must agree separately to be contacted about fund-raising or other marketing materials. As it should be, in my opinion.

  2. jessamyn Says:

    Good point — I think that generally it’s important to delineate what email addresses are going to be used for, but it seems like updates on building projects and requests to help are at least somewhat under the heading of library buisiness.

    In my dream world I think I’d be more where you are: that it’s not okay to use email addresses for anything outside of the ILS without express written permission. That said, I’d also rather that libraries were up front about all of this at the point at which they acquired email addresses and for the most part [overgeneralizing but I feel fairly confidently in the ballpark] they’re not, at least in smalltown america. So it seems to me that these are two factions — the preservation people, the library people — who are at odds generally and the email addresses are a bit of a red herring to the larger problem. And, annoyingly for me, I’d rather the old library was saved because I’m traditional like that. This may be a case where I needed to do more background research before I confidently stated which side I was on. Thanks for commenting.

  3. Spencer Smith Says:

    Why not just have an option or check box that asks if it’s ok for hte library to use this information to contact them about library services and programs?

    That seems to work for the entire business world. You could put a note on every record to have them accept or decline communications like this the next time they check out. It’s upfront, honest, and a process they are all used to working with.

  4. Privacy and Marketing Says:

    [...] more here… Share and [...]

  5. Head Tale - Saturday Snap – The World’s Most Boring Privacy Violation Says:

    [...] West wrote about this and linked to a small app you can download which can help you visualize what this secret file reveals about [...]

  6. Dianne Runkle Says:

    I have been working to make cash on-line for quite some time with moderate success, nonetheless it was just recently which i ran to the complete Live dealer roulette Income method which completely modified my entire life for that better. If you need to improve your family’s approach to life, don’t hesitate to find the free .Live dealer roulette Cash robot