privacy and library data: email, IPs and &c.

I’ve been reading with interest the news stories lately about Epsilon. For those of you who don’t know Epsilon is a company that does marketing. Many companies give Epsilon customer lists and Epsilon uses that information to, say, email you about the latest Hilton Honors promotions. Except that there was a data breach and Epsilon lost up to 250 million email addresses along with information such as who those people were customers of. So, for example, they’d have my email address and the knowledge that I was a Hilton Honors member. So, a lot of people got emails in the last mont from companies saying “Um, be especially on the lookout for phishing attacks” and a lot of people were asking “Why did Epsilon have my email address in the first place, didn’t I sign a privacy policy with Company X?” And the answer is complicated. When you let Hilton Honors use your information to send you marketing information you are, in a way, letting them give the email address to marketing companies.

The reason I care about this at all is two reasons. One, there is a useful analog with libraries and how they handle their email lists of patrons. Obviously patron data is private and comes under whatever privacy laws a state has and whatever policies the library has. But is a library allowed to market to patrons? Or give these lists to peopl to market on the library’s behalf? This was the concern when the public library in Dixon California emailed patrons to let them know about ongoing library renovation plans and asked them to consider making donations. People who are not pleased with the library renovations, the Dixon Carnegie Library Preservation Society, is arguing that the librarian acted improperly when they gave patron email addresses to a consulting company without patron consent. Now let me just state I pretty well side with the library on this one, but it’s sure to be an increasingly contentious topic as libraries have more and more diffrent kinds of patron data to keep private.

And the second reson is just a cautionary tale. Many people with iphones are aware by now that the phone tracks where you go. I mean it has to in order to be a phone, but it stores this data in unencrypted form on both the phone and the synced compueter, forever. This means that anyone with access to a simple open source tool such as this one can make lovely maps like the one above. Good to know, and good to understand. As libraries move more towards mobile applications and mobile awareness generally, understanding how this sort of data works will be an important part of making sure we know how, when and why to keep it private.