A Study of Public Library Patrons’ Understanding of Library Records and Data Privacy
- Author: Kim Dong-Seok, Noh Younghee
- Organization: Kim Dong-Seok; Noh Younghee
- Publish: INTERNATIONAL JOURNAL OF KNOWLEDGE CONTENT DEVELOPMENT and TECHNOLOGY Volume 4, Issue1, p53~78, 30 June 2014
As instances of private information leak increase, taking steps to protect such information becomes a necessity. In this study of public library patrons, we strove for a comprehensive understanding of library usage records to suggest viable solutions for private information safety in public libraries. To this end, we investigated the patrons’ understanding of library usage records and determined the relationship between different user characteristics and privacy knowledge or leaks. The results show that a high number of patrons perceived these records as their own private information, but that there was no necessity for legal procedures or consent for the use of these records. Also, even though the understanding of these usage records showed that there was a relationship between the frequency of library visits and leaks of personal information, the correlation was not particularly strong.
Public Library , User Privacy , Personal Information , Library Record , Library Patron
Personal information, which became simple to collect and build due to the development of information technology, is being used to raise administration efficiency and as an important resource to create added value in public and private services. However, due to the rise in private information use and developments in technology, cases of illegal access and large-scale leaks are frequent.
In 2003, there were 17,777 cases of infringement of personal data, which rose to 35,167cases in 2009, 54,832 in 2010, 122,215 in 2011, and 166,801 in 2012, marking violation of private information as a serious and growing problem (Korea Internet and Security Agency, 2012).
Libraries are also using IT equipment to provide convenient services to patrons. However, with this convenience come problems, such as the exposure of patron private information and library usage records.
Here in Korea, the protection of private information of library patrons is also a priority, as shown in the Declaration of Library Ethics in 1997. As such, the Korean National Library tried to introduce a policy to guide libraries through processing private information in 2005, although this policy suggestion did not have a large effect.
However, the Privacy Protection Act of 2011 provides a step-by-step protection standard for using, providing, and destroying private information. The act limits handling of personal information such as home address and other distinct identification information and also addresses the process for claims and requests to suspend the process of reading, changing, and deleting private information. These steps guarantee a better, stronger right for patrons that is guaranteed by the government (Son, 2012).
With this Act as a guide, the Ministry Of Culture established protection guidelines for private information and prescribed specific policies regarding different types of data, preventing violation of private information, and standards for those handling such information (Ministry of Culture, Sports and Tourism, 2012).
As evidenced by this attention, the protection of private information has become vital in all aspects of society. Therefore, libraries need to think carefully about how they are collecting, using, and storing patrons’ private information and usage records.
In this study, we want to research the library patrons’ private information and gain a comprehensive understanding of library usage records to suggest a management plan for the private information used in public libraries.
Kim (1994) suggested that privacy invasion prevention should involve privacy protection, user education, and statutory regulation and processes. Although most librarians agree that patrons’ privacy must be protected, they are not fully aware of the different forms privacy violations might take.
Kang (2003) argued that even though most librarians understand that the patron’s private data and loan records are information that should be protected, most institutes that have specific regulations or policies about this issue find that the same policies effect the rate of library use.
Kim and Nam (2004) argued that the library must guarantee that its patrons can easily access and use information. Specifically, in the study of the code of ethics for librarians, protection of one’s private life is defined as keeping library usage records a secret and protecting the privacy of patrons, which is a point that needs a specific provision.
Noh (2012a) analyzed the possible privacy violations that could arise in libraries through the interference of other institutions (such as police or federal investigations), the process of providing library service, and the outsourcing of library tasks. In another study, Noh (2012b) argued that the accumulation of information for service personalization can also lead to privacy violations as well as other problems like filter bubbles. She clarified that a library is an institution that offers customized services tailored to its patrons, and, as such, there is the possibility of violating privacy and private information during library service. She suggested that further discussion on the protection of patron privacy is needed.
Enright (2001) argued that the laws, regulations, and guidelines regarding library private information policy must be clarified and revised, and suggested a clear checklist regarding this. Caldwell-Stone (2008) argued that protecting the patron's demand for information in a society where information is power is essential, and that it is the responsibility of the librarian to protect the privacy of library patrons.
In a study that suggested the library privacy protection policy, Lee (2005) examined the current state of information security in the network used in public libraries. With this data, he suggested maintenance supervision of Regional Central Library networks, forming public library privacy information protection guidelines and limited access, and further education on privacy protection for librarians, especially those in charge of data processing.
Kim (2006) studied the factors of the private information protection policy that are needed in college libraries and determined changes that college libraries needed, through analyzing domestic and foreign library private information protection policies and cases of violation.
Park (2010), in his study of patrons’ guaranteed rights and invasion of private information, fully described the real condition of public institutes and libraries. He suggested private information protection guidelines for the private information protection in the library.
Noh (2012c), through the study of library private information protection policy, research on privacy violation cases, and analysis of laws and guidelines relating to domestic private information, suggested a suitable private information policy for the library as well as presented a case for the importance of establishing a policy for such protection.
Falk (2004) revealed that many libraries have a codified privacy protection policy and that there are not enough regulations to protect patrons from the violations of private information in regard to the electronic technology used to provide services to the patrons. Falk argued that in this privacy problem, describing the policy that protects the patrons influences the actions of the librarian.
In a study examining a library system where the patrons’ information was protected by giving them the ability to opt-out, Chung (2000) was able to see that the public library usage records which were able to be opened and seen after proper jurisdiction requirements, were not being handled through the proper proceedings. He suggested the establishment of an institutional cooperation system of other libraries for the education and insurance of public library user privacy.
Lee (2004), in a study of library intellectual freedom, researched the declaration of intellectual freedom in advanced countries, the freedom of collection records, and the policies towards passwords of patrons. With this information, Lee argued that privacy rights are included inherently within the concept of the right to know, and through the guarantee of privacy and the right to know, the intellectual freedom of library patrons can be fully realized.
Kim (2012) said the record of borrowed books is information that can reveal the ideals and conscience of patrons, making it sensitive private information that is related to the patrons’ privacy. Kim concluded that the establishment of different policies and revisions of library law are necessary to protect patrons’ privacy.
From an information technology aspect, Balas (2001) argued that due to the advancement in technology, the privacy issues have become more complicated. Even though problems caused by the Internet and copyright issues have an influence on the librarian, privacy problems in the digital generation present greater challenges.
Fifarek (2002) argued that greater privacy problems were due to the introduction of new technology. Fifarek proposed to discuss a case of privacy failure and related laws and a checklist for the privacy protection of patrons.
Shuler (2004) argued that before the electronic era, privacy was not a serious problem. However, in the digital knowledge information era, it is impossible to preserve it fully in a library due to the demand for a specific electronic identification, regulation, and statistics
Butters (2007) mentioned the danger of using RFID in libraries. Butters pointed out that the RFID standard now has a weak point where it allows the act of invading privacy and digital compromise and reviewed a way to lessen the danger from the standard RFID.
Klinefelter (2007) said that customizable user service was possible due to the development of technology. Klinefelter handled the possible privacy invasion cases that could arrive in a library and argued that even though they provided information materials related to the interest of each patron (information on new journals, mail and email informing of newly-arrived books and ones that need returning), anonymity and control over their information was sacrificed to provide these services.
Zimerman (2009) argued that the development of information technology had lowered the level of privacy in society. Zimerman pointed out a specific case of a privacy problem and criticized problems with hackers seeking to collecte private information.
Through this previous research, it is obvious that protecting a patron’s private information is an active concern both domestically and abroad. Most researchers and librarians are aware of the necessity of protecting the private information of library patrons.
While insisting on the importance of protecting this private information, researchers have proposed developments for policy, revisions of the enactment article, and checklists. However, few studies have concentrated on how the patron views library usage records. Even though the patron allowed the collection and use of part of their private information, the study was done with college library patrons, which represents a different audience and is inappropriate for application to the public library.
Using the private information that is collected, preserved, and used in public libraries and the patron understanding of library usage records. we are attempting to determine a path for development of a management plan for library private information.
As privacy leaks and, therefore, the demand for privacy protection increase, it is important to investigate how library patrons think about the collection and preservation of their private information to devise a solution for protect their privacy. Specifically, research needs to focus on library usage records, since this personal data, unlike personal identification information, is unique to libraries.
In this study, the following research questions were set to determine what kind of relationship exists between personal characteristics and awareness of library usage records after measuring what patrons thought about the collection and preservation of private information.
Research question 1: Is there a meaningful relationship between frequent visits to libraries and a greater awareness of library usage records?Research question 2: Is there a meaningful relationship between a patron’s interest in privacy and greater understanding of library usage records?Research question 3: Is there a meaningful relationship between a patron’s experience with damage caused by private information leaks and understanding of library usage record?
In order to complete the study in accordance with the research question above, we developed a survey to analyze the patron understanding of library usage records.
In this survey, the target population was Eunpyeong-gu public library patrons. The Eunpyeong-gu public library, which is registered in the National Library Statistics System, has three separate branches: Eunpyeong Public Library, JeungSan Public Digital Library, and Eum Am Public Digital Library.
The survey was distributed to about 0.1% of Eunpyeong-gu Public Library users, or 196 patrons. It was conducted for a total of 27 days, from October 3 through October 29, 2013. All the surveys were collected and a total of 188 were analyzed excluding those that were left incomplete.
The survey questions used in this study included 6 items regarding personal information and 11 items delving into patron understanding of library data usage. The survey questions regarding library usage records were taken from previous research, specifically Noh (2012c, 2013), and then modified and supplemented by the researcher for the purposes of this study.
Ultimately, the survey was developed with 4 survey areas and 17 survey entries. The questions were developed to gather a picture of the patron's understanding of the collection of library records, use of library record, and library record leaks. The contents of the survey and composition of the questions are shown in Table 1.
Among the Eunpyeong-gu public library patrons who participated in the survey, 36.2% visited less than once a week, while 29.3% visited twice a week, 18.6% visited three times a week, 7.4% visited four times a week, and 8.5% of patrons visited more than 5 times a week (see Table 2). When asked whether they were interested in privacy issues, the majority of patrons (80.9%) were interested, 14.9% chose neutral, and 4.2% were not interested (see Table 3).
When asked if they had ever been the victim of a private information leak, 85.1% had no such experience while 14.9% did have experience (See Table 4).
5.2.1. Awareness of the collection of library usage records
To determine the patrons’ level of awareness in regards to library usage records, survey participants were asked if they considered library use records to be their own private information. They were also asked the importance of each different type of usage record.
While 50.6% did not know that the library usage record was collected, a total of 27.6% of patrons knew that it was collected (See Table 5). Despite a majority of patrons being unaware of the records before this survey, 67.5% considered such records their own private information whereas 12.8% did not (see Table 6).
Patrons were asked to rate the importance of various types of collected library data on a 5-point Likert scale. The results show that the material borrowing records were rated highest at 3.78, followed by Internet usage data (3.46), CCTV footage (3.36), reference services and civil complaint records (3.33), inter-library loan record (3.27), records of pictures and footage of events (3.10), accessing library community records (3.06), and desired materials selection records (3.02) (see Table 7).
5.2.2. Patron understanding of library usage records
To determine how well patrons understand library usage records, the survey asked for their thoughts on the necessity of such records, user consent, and legal procedures in place for when records may be demanded by an outside party, such as the police.
When asked about the necessity of such records for effective library management, 70.2% of patrons said that keeping the records was needed while 2.1% disagreed (see Table 8). In regards to user consent, 79.8% of patrons said that it was needed before keeping records while 10.1% of patrons said that it was not (see Table 9).
In the case of library usage records being demanded by an outside party, 85.7% of patrons said that legal procedures would be necessary while 2.6% did not (see Table 10).
5.2.3. Patron understanding of library usage record leaks
In order to study the patrons’ understanding of library usage record leaks, patrons were asked to rate how serious they felt such a leak would be and what they thought might be a possible cause of such leaks. Among the patrons who completed the survey, 53.2% thought that a leak was ‘serious’ while 23.4% did not (see Table 11). When ranking possible causes of library usage record leaks, patrons considered a problem caused by the computer system to be the most likely cause (35.1%), followed by collection of unnecessary information (33.5%), information provided to third parties (27.1%), librarian carelessness (3.2%), and patron carelessness (1.1%) (see Table 12).
5.3.1. Understanding of library usage records based on frequency of library use 1) Patron understanding of collection of library usage records
We hypothesized that the frequency with which patrons used the library might have some effect on patrons’ level of understanding of library records, given more frequent exposure to the topic. After gathering data, we determined that there was a meaningful relationship between these two aspects, as well as another between library use frequency and the belief that library usage records represent private information (See Table 13).
2) Patron understanding of the usage of library usage record
We also determined if the frequency of library visits had a meaningful relationship with understanding the use of library records. The data (as shown in Table 14) shows that frequency of library visits is tied with views such as the necessity of legal procedures for when records are demanded by third parties, the necessity of patron consent in keeping and using records, and the necessity of keeping library use records in general.
3) Patron understanding of library usage record leaks
A meaningful relationship also seems to exist between frequency of library usage and a greater understanding of the seriousness and causes of library record leaks, as shown in Table 15.
5.3.2. Understanding of library usage records and level of interest in privacy issues 1) Understanding of the collection of library usage records
Patron level of interest in privacy issues seemed to be positively correlated with awareness of library record collection and whether or not patrons considered library records to be private information (see Table 16).
2) Understanding of the use of library usage record
Patron level of interest in privacy issues was also correlated with viewing library usage records as necessary for the library’s operation and the necessity of legal procedures should these records be requested by a third party (see Table 17).
3) Patron understanding of library usage record leaks
Patron views on the seriousness of library usage record leaks and probable causes of such leaks were also correlated with interest in privacy issues (see Table 18).
5.3.3. Correlation between damage caused to patrons by private information leak and library usage record understanding 1) Understanding of the collection of library usage record
No meaningful relationship existed in this survey between patrons’ past experience with damage from a record leak and their understanding of the collection of usage records by libraries (see Table 19).
2) Understanding of the use of library usage record
Patrons’ past experience with leaked information did have a meaningful relationship with their views of the necessity of usage records for library operation. However, past experience did not correlate with patron demands for consent before using library records or the necessity of legal procedures for when records are requested by a third party.
3) Understanding leaks of library usage records
No correlation existed between patrons’ past experience with record leaks and their views on the seriousness of record leaks. However, a meaningful relationship did exist between past experience and patron-selected probable causes of records leaks.
The importance of protecting private information is becoming ever more important in all aspects of society, and therefore should be of great interest to libraries as well. After the privacy protection act was established, many studies focused on the collection and preservation of data that the library gathers about its patrons. However, However, no research exists from the users’ perspective, even though their views are perhaps the most important to consider, since they are most affected by policies created to address these issues. The purpose of researching the comprehensive understanding of library patrons about these issues is not because current personal information management policies do not meet the requirements set forth in law, but rather to offer a policy that satisfies the protection of the patron’s idea of intellectual freedom and privacy. Because the library needs patrons to fulfill its purpose, it must ensure them these two rights. This study researched the library patrons’ understanding of private information in order to form an effective personal information management policy.
1) Comprehensive understanding of library usage records
First, 50.6% of library patrons were unaware that their library was collecting this data about them, and 64.4% perceived library usage records to be private information. Among the records, the material borrowing records were considered the most important, before even Internet usage history and CCTV footage.
Second, results showed that in the use of library records, 70.2% of respondents understood the necessity of the records for the library’s effective operation. It can be assumed from this evidence that patrons could easily make the connection between the kinds of records kept and the services offered to them by their libraries. A majority of respondents (79.8%) thought patron approval was necessary for the use of library records and 85.7% responded that legal procedures were necessary for outsiders or third parties such as police or other government officials to view their records.
Third, 53.2% of patrons thought library usage record leaks were serious, with 35.1% choosing the computer system as the most likely source for such leaks. However, other possibilities of leak sources also had similar rates of response, such as the collection of unnecessary information (33.5%) and information provided to third parties (27.1%).
2) Relationship between personal characteristics of patrons and understanding of library usage records
We examined possible correlations between different patron characteristics that were posited to be relevant to this discussion (frequency of library use, interest in privacy issues, and past experience as the victim of an information leak) and the results of the survey questions about library records.
As a result, frequent visits to the library and patron interest in privacy issue both had meaningful correlations in relation to patron understanding of the collection, use, and possible leaks of library usage records.
Past experience with being the victim of a privacy violation or information leak was found to have no meaningful correlation with the understanding of the collection, use, and possible leaks of library records. While meaningful relationships did exist between this background characteristic and some aspects of the three surveyed categories, there was no measurable overall effect on any of the three main aspects.
With these results, the private information management plan that this study suggests in as follows. First, patrons should be more clearly informed about the information that is collected and used at the library when they first sign-up for a library card. In this study, the patrons surveyed replied that they were not aware that the library collected and preserved their usage records. Even though many libraries specify that they collect, preserve, and use the patron's library usage data in the sign-up terms of service consent form, both online and office, this finding means that most patrons do not carefully read the terms. Also, these results show that, though patrons think that the collection, preservation, and use of their library records are necessary for library operations, they still should be asked for consent before these activities commence.
After the enactment of the privacy protection act, as a strategy to decrease the amount of documents containing private information, many libraries changed their sign-up process so that it could only be accomplished online. However, libraries did not provide an easily understandable online terms and conditions notice to users signing up in this manner. Considering the characteristics of a public library, where various age and socio-economic groups are all served, it is important to provide a terms of service notice during the initial sign-up that all users can easily understand. This wider knowledge would ensure that all user rights are protected when using the library.
Second, library networks should be monitored for possible leaks, and when one occurs, its source should be determined immediately. This study shows that patrons think there are a few possible causes for such leaks, especially, computer system problems and private information provided to third parties, which hint that leaks of library information can come from both inside and outside of the institution.
Therefore, continuous education regarding privacy issues must be given to librarians in order for library staff to prevent but also be ready in case of a privacy leak. The importance of protecting private information should also be stressed to staff. Also, considering that most of the library’s private information is preserved in a digital format, a systematic maintenance manual for computer systems must be developed.
Through this study, one can see that a meaningful relationship exists between the frequency of library use, interest in privacy issues, and the comprehensive understanding of library usage records. However, a follow-up study is necessary because this preliminary research was only purposed to determine if the relationship was true or not.
First, the patrons’ comprehensive understanding of library records was studied, with the target group not having any previous education on the importance of private information. In future studies, a comparison of the comprehensive understanding of privacy information study from many different angles is necessary. Second, the gap in comprehensive understanding between the librarian managing the library and its patrons must be evaluated as well as research to see how much the comprehensive understanding of the librarian and patrons affect the private information management policies in each existing library. Third, along with determining if there is an information protection policy in each library regarding the library usage record, a study regarding the protection of library usage records must be made.
[Table 1.] Survey Contents
[Table 2.] Frequency of Library Use
[Table 3.] Interest in privacy Issues
[Table 4.] Experience as the Victim of a Privacy Leak
[Table 5.] Previous Knowledge of Patron Library Records
[Table 6.] Degree to which Patrons Consider Library Records Private
[Table 7.] Importance of Library Record Types
[Table 8.] Necessity of Patron Records for Library Operation
[Table 9.] Necessity of Patron Consent for Personal Record Use
[Table 10.] Necessity of Legal Procedures for Library Records Requested by a Third Party
[Table 11.] Seriousness of Library Record Information Leak
[Table 12.] Likely Causes of Library Record Information Leak
[Table 13.] Frequency of Library Visits and Record Collection Understanding
[Table 14.] Frequency of Library Visit and Record Usage Understanding
[Table 15.] Frequency of Library Use and Records Leak Understanding
[Table 16.] Interest in Privacy Issues and Library Records Collection
[Table 17.] Interest in privacy issues and Use of Library Records
[Table 18.] Interest in Privacy Issues and Library Record Leaks
[Table 19.] Past Leak Experience and Library Records Collection
[Table 20.] Past Record Leak Experience and Library Record Use
[Table 21.] Past Records Leak Experience and Library Records Leak Understanding