Library Web Design - Keeping Information Private

Results from a 2000 Gallup Poll showed that 60% of Americans are particularly concerned about their personal information being included in electronic databases. Each year, legislation is created and introduced to Congress to protect a citizen's personal information from being stored or used electronically. To effectively promote trust and confidence in your library and staff, certain privacy measures need to be taken with regards to a library's website.

As part of good customer relations, posting a privacy notice is an important first step in answering one of the major concerns voiced by your patrons when dealing with your online services. A good privacy notice provides your patrons an opportunity to make informed decisions about the collection and use of their personal information before they use a service. Careful consideration should be taken during the creation of a privacy policy: there is no generic privacy policy that can be applied to every library. Rather, your privacy policy should accurately reflect your library's unique services and address any possible concerns that are specific to your community.

Also, when creating your library's privacy policy, you should keep in mind that it is not a privacy policy that ensures security. It is the understanding by you and your staff that it is something that will require commitment and the affirmation that everyone, internally and externally, will adhere to it. An act based on "an exception to the rule" will travel fast among your community, breaking the trust of your patrons and possibly crippling the integrity of your library.

According to the Better Business Bureau (http://bbbonline.org/privacy/sample_privacy.asp), a privacy notice should include the following:

• date the policy becomes effective
• the type of information you collect (name, address, phone number, email, etc.)
• the way you use the information (do you use it for processing the single research request then destroy it, or do you log it into a database to refer to later?)
• how the information is managed (do you have a schedule for deleting the information? is it stored on a secure PC?)
• how a patron can access or correct any stored information
• how the patron can contact you

Children's Privacy Policies

Another consideration in creating an online privacy policy is how the information of children participating in your programs is obtained and managed.

The 2000 Children's Online Privacy Protection Act states that any online service directed to children under 13 may not collect any identifiable information about a child. This would entail information such as full name, home address, email address, telephone number or any other data that would allow someone to identify or contact the child.Your library is also held accountable to this requirement if you operate a website directed at a general audience and have actual knowledge that you are collecting personal information from children.

To comply with the act, a website must have posted a link to a notice of its information practices on its homepage and at each area where it collects personal information from children. The link to the privacy notice must be clear and prominent. The actual notice must be clearly written, understandable and contain the following:

• the name and contact information of your library's staff who will be managing any child's personal information that is collected online
• the kinds of personal information that will be collected and how the information will be collected (directly through the child or through technological means, such as web tracking cookies
• how your library will use the information, such as using email addresses for mailings of future newsletters or notification of overdue items
• whether the collected information will be shared to third parties, such as your library's Friends or Trustees group, or the local school
• that the parent has the option to agree to the collection and use of the child's information without consenting to the disclosure of the information to third parties
• that the online service may not require that a child disclose more information than needed in order to use the service, or participate in any other library program
• that the parent can review the child's personal information, ask to have it deleted and refuse to allow any further collection or use of the child's information. The notice must also state the procedures for the parent to follow in order to view or delete the information.

For more information about the collecting of children's information, visit the Federal Trade Commission's publication, "How to Comply With The Children's Online Privacy Protection Rule" http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm.
This is a guide to help you comply with the government's requirements for protecting children's privacy online.