Public Libraries Leading the Way: On Educating Patrons on Privacy and Maximizing Library Resources


Public Libraries Leading the Way 

On Educating Patrons on Privacy and 
Maximizing Library Resources T.J. Lamanna 

 

INFORMATION TECHNOLOGY AND LIBRARIES | SEPTEMBER 2019 4 

 

 

T.J. Lamanna (professionalirritant@riseup.net) is an Adult Services Librarian, Cherry Hill Public 
Library.  

ABSTRACT 

Libraries are one of our most valuable institutions. They cater to people of all demographics and 
provide services to patrons they wouldn’t be able to get anywhere else. The list of services libraries 
provide is extensive and comprehensive, although unfortunately, there are significant gaps in what 
our services can offer, particularly those regarding technology advancement and patron privacy. 
Though library classes on educating patrons’ privacy protection are a valiant effort, we can do so 
much more and lead the way, maybe not for the privacy industry but for our communities and 
patrons. Creating a strong foundational knowledge will help patrons leverage these new skills in 
their day to day lives as well as help them educate their families about common privacy issues. In this 
column, we’ll explore some of the ways libraries can utilize their current resources as well as provide 
ideas on how we can maximize their effectiveness and roll new technologies into their operations.  

Though many libraries have policies on how they deal with patron privacy, unfortunately some 
policies aren’t very strong and oftentimes staff isn’t trained in the details of these policies. 
Fortunately, for libraries who don’t have these necessary policies, there are some, such as the San 
Jose Public Library, that offer their own as a framework.1 Those that do have a strong 
comprehensive policy must make sure they are enforcing and regularly updating it to comply with 
new technologies being released. It’s a daunting task, but as Article VII of the Library Bill of Rights 
says, “All people, regardless of origin, age, background, or views, possess a right to privacy and 
confidentiality in their library use. Libraries should advocate for, educate about, and protect 
people’s privacy, safeguarding all library use data, including personally identifiable information.”2 
This means we have a responsibility to our patrons to do everything in our power to protect them 
and teach them to protect themselves. 

This requires a concerted effort not just for technology and IT librarians, but for all library 
workers. A privacy policy means little if those on the front lines are either unaware of the policy or 
unsure how it is to be implemented. Therefore, all library staff should both understand the 
fundamental reasons behind library privacy policies and be trained in maintaining them. Libraries 
may consider implementing this training during staff development days or offer independent 
training sessions as needed.  

Since the introduction of the Patriot Act, libraries stopped collecting patrons’ reading habits, but 
so many library integrated library systems (ILS) snag massive amounts of patron information we 
are unaware of. I’ve been administering our ILS for over two years and I just found another space 
where items are being unnecessarily retained that I didn’t notice before. An instance such as this 
calls for limiting personally identifiable information (PII) to what is strictly necessary.  

mailto:professionalirritant@riseup.net


 

ON EDUCATING PATRONS ON PRIVACY AND MAXIMIZING LIBRARY RESOURCES | LAMANNA 5 
https://doi.org/10.6017/ital.v38i3.11571 

In limiting the PII gathered in the first place, library staff should consider the following questions: 
What information do libraries really need to collect to offer library cards or programming? Does 
your library really need patrons’ date of birth or gender? Probably not. If so, you shouldn’t be 
collecting it, and if you do, make sure you anonymize the data. Using metrics is vital to how 
libraries function, receive funding, and schedule programming. You can still use the information, 
but it should not be connected to a patron in any way. 

After educating staff, we can educate patrons on developing better and safer practices regarding 
personal privacy and security in their daily lives. Practical examples range from teaching patrons 
how to create strong passwords and backup sensitive files to explaining how malware works and 
what the “cloud” actually is. This is a start, but it goes far beyond that. I’ve served many patrons 
who, even after taking courses on the subject, are overwhelmed by the security measures needed 
to protect themselves. This isn’t necessarily a sign that our classes are ineffective, but it does imply 
that new tactics are needed. Let’s look at a few examples. 

Another version of PII that we often overlook are security measures such as closed-circuit 
television (CCTV) or security/police officers in our buildings.3 They often are either forgotten or 
outside the purview of the library itself. As the College of Policing states, “CCTV is more effective 
when directed at reducing theft of and from vehicles, while it has no impact on levels of violent 
crime.”4 While there are justifications for bringing this technology into the library, they should 
only be set up where needed, taking great care not to point them at patron or staff computers. If 
CCTV is needed, make sure to follow local retention laws and remove the footage as soon as its 
time has expired. This idea applies to all collected information. There is no reason to archive data 
beyond the date they can be destroyed as it puts the library and its patrons in a compromised 
position.  

Law enforcement in the library is a tough thing to argue against in our current political climate. 
But studies have shown that police presence does little to deter crime and may actually 
disproportionately impact marginalized communities.5 Consider the purpose of law enforcement 
personnel and if their presence is actually necessary to the proper functioning of your library. In 
the event that you should have law enforcement come in with a subpoena that requires you to 
turn over your patron data, it’s important to have a canary warning that can be removed so your 
patrons understand what has happened.6  

Another way libraries can lead the way in protecting patron privacy both inside and outside the 
library is by supporting legislation that bans facial recognition software. This type of technology is 
becoming ubiquitous, but places have already started pushing back and libraries can be the 
epicenter of this movement. It’s already been banned in Oakland,7 San Francisco8 (one of the 
homes of this technology), as well as Somerville, Massachusetts, with groups like the 
Massachusetts Library Association unanimously putting out a moratorium on facial surveillance, 
which is the practice of recording ones face to create user profiles.9 There are other states that are 
working down this path and it’s overwhelmingly heartening to see libraries step up and in front of 
something they know would damage our communities. We ought to be activists, standing on the 
front lines and showing our patrons our deepest commitment to them.  

Surely there are greater strides we can make, such as revising WiFi policies. WiFi is one of the 
most used services libraries offer and many libraries don’t use it to their full potential. For 
instance, some libraries turn off their WiFi when the building is closed, severely limiting patrons’ 



 

INFORMATION TECHNOLOGY AND LIBRARIES | SEPTEMBER 2019 6 

 

usage. It’s a service we pay for and there is no reason it shouldn’t be available at all times. Your IT 
service should make sure the WiFi is secure (it should be where it’s available at all hours or not). 
Unlimited access to WiFi becomes invaluable to users who need it for emergencies including 
completing work or accessing important online services when the library is closed. While we do 
have limited bandwidth and IT services must actively maintain WiFi security, libraries should 
make sure it’s available to the public as often as possible. 

Now that we’ve covered using bandwidth when we aren’t open, let’s talk about libraries with 
excess bandwidth. No resource should go unused in the library. We have a limited budget and we 
should make sure every penny is used to serve our communities. One fantastic use of excess 
bandwidth — especially during closed hours — would be to set up a Tor relay in your library, an 
anonymity network that allows people to surf the internet with extra security and privacy in mind. 
It’s quite easy to set up and you can limit how much bandwidth it uses so you aren’t shorting 
anyone in your library. It’s a service used by groups such as journalists or activists who want to 
make positive change in the world and need a safe place to do so. Some are concerned that the Tor 
network is used for malicious intent but the Tor Project, the organization that runs the network, 
constantly works to ensure nothing like that is taking place. Also, anything solicitous you can find 
on the Tor network is available on the regular internet including places like Facebook or Craigslist, 
so the stigma of the network should be taken in context. The Tor Project routinely monitors the 
network and searches out illegal material (there are no hired killers on the Tor network). Given all 
this, you could help the network greatly by just partitioning a small amount of your bandwidth. 

Libraries have the unique ability to be transformative. Unlike other non-profits or organizations, 
we have the ability to pivot. We can both change directions as needed and pave the way for our 
communities as leaders in the movement toward patron privacy. I leave you with a quote from 
Hardt and Negri: “…we share common dreams of a better future.”10 That should be our motto. 

ENDNOTES 

1 “Our Privacy Policy, San Jose Public Library, accessed August 15, 2019, 
https://www.sjpl.org/privacy/our-privacy-policy. 

2 “Library Bill of Rights,” American Library Association, last modified January 19, 2019, 
http://www.ala.org/advocacy/intfreedom/librarybill. 

3 “Importance of CCTV in Libraries for Better Security,” accessed August 14, 2019, 
https://www.researchgate.net/publication/315098570_Importance_of_CCTV_in_Libraries_for
_better_security. 

4 “Effects of CCTV on Crime,” College of Policing, accessed August 14, 2019, 
http://library.college.police.uk/docs/what-works/What-works-briefing-effects-of-CCTV-
2013.pdf. 

5 “Do Police Officers in School Really Make Them Safer?” accessed August 14, 2019, 
https://www.npr.org/2018/03/08/591753884/do-police-officers-in-schools-really-make-them-
safer.  

6 “Canary Warning,” Wikipedia https://en.wikipedia.org/wiki/Warrant_canary. 
 

 

https://www.sjpl.org/privacy/our-privacy-policy
http://www.ala.org/advocacy/intfreedom/librarybill
https://www.researchgate.net/publication/315098570_Importance_of_CCTV_in_Libraries_for_better_security
https://www.researchgate.net/publication/315098570_Importance_of_CCTV_in_Libraries_for_better_security
http://library.college.police.uk/docs/what-works/What-works-briefing-effects-of-CCTV-2013.pdf
http://library.college.police.uk/docs/what-works/What-works-briefing-effects-of-CCTV-2013.pdf
https://www.npr.org/2018/03/08/591753884/do-police-officers-in-schools-really-make-them-safer
https://www.npr.org/2018/03/08/591753884/do-police-officers-in-schools-really-make-them-safer
https://en.wikipedia.org/wiki/Warrant_canary


 

ON EDUCATING PATRONS ON PRIVACY AND MAXIMIZING LIBRARY RESOURCES | LAMANNA 7 
https://doi.org/10.6017/ital.v38i3.11571 

 

7 Sarah Ravani, “Oakland Bans Use of Facial Recognition Technology, Citing Bias Concerns,” San 
Francisco Chronicle, July 17, 2019, https://www.sfchronicle.com/bayarea/article/Oakland-bans-
use-of-facial-recognition-14101253.php. 

8 Kate Conger, Richard Fausset, and Serge F. Kovaleski, “San Francisco Bans Facial Recognition 
Technology,” New York Times, May 14, 2019, https://www.nytimes.com/2019/05/14/us/facial-
recognition-ban-san-francisco.html. 

9 Sarah Wu, “Somerville City Council Passes Facial Recognition Ban,” Boston Globe, June 27, 2019, 
https://www.bostonglobe.com/metro/2019/06/27/somerville-city-council-passes-facial-
recognition-ban/SfaqQ7mG3DGulXonBHSCYK/story.html. 

10 Michael Hart and Antonio Negri, Multitude: War and Democracy in the Age of Empire, (New York: 
The Penguin Press, 2009), p. 128. 

https://www.sfchronicle.com/bayarea/article/Oakland-bans-use-of-facial-recognition-14101253.php
https://www.sfchronicle.com/bayarea/article/Oakland-bans-use-of-facial-recognition-14101253.php
https://www.nytimes.com/2019/05/14/us/facial-recognition-ban-san-francisco.html
https://www.nytimes.com/2019/05/14/us/facial-recognition-ban-san-francisco.html
https://www.bostonglobe.com/metro/2019/06/27/somerville-city-council-passes-facial-recognition-ban/SfaqQ7mG3DGulXonBHSCYK/story.html
https://www.bostonglobe.com/metro/2019/06/27/somerville-city-council-passes-facial-recognition-ban/SfaqQ7mG3DGulXonBHSCYK/story.html

	ABSTRACT
	Endnotes