Patron Privacy in a Digital World

December 19, 2012

As content and patron interactions go online, there are a whole slew of new regulations to consider. There are the usual Section 508 compliance requirements to make resources accessible to people with disabilities, but other privacy requirements have been cropping up around the country. As of now, libraries are mostly exempt from these laws, but it may not hurt to be in compliance anyway.

Earlier this month, Delta airlines was sued by the state of California for failure to comply with the California Online Privacy Protection Act, which requires a conspicuous posting of a privacy policy. The California law goes beyond just requiring a privacy policy for a website; publishers of mobile apps also have to include distinct privacy policies for their apps. ReadWrite.com offers four steps you can take to make sure that your site is in compliance if you want to go the extra step even though you aren’t a for-profit site.

At the national level, commercial sites that collect information on children younger than 13 or that market to them must comply with the Children’s Online Privacy Protection Act (COPPA). Most libraries will not be impacted by this directly, but they still need to ensure that any services being purchased and provided through their websites are in compliance. This is clarified in an update to COPPA released December 19. The definition of an operator was expanded to include outside plug-ins such as advertising networks. Personal information rules were also updated to cover geolocation data, media like photos or video, and persistent identifiers that can track users between sessions or across websites.

For now, COPPA only addresses websites and online services, but a Federal Trade Commission report released December 10, Mobile Apps for Kids: Disclosures Still Not Making the Grade (PDF file), raised additional concerns about child-focused apps. Furthermore, if a mobile app connects to an online server at any point, the app could possibly fall within the requirements of COPPA.

Digital privacy is a complex and dynamic issue. It has also been receiving a great deal of attention from both media and regulators. Libraries should be aware of the requirements for both their own services and services purchased online through them online to ensure compliance with any applicable laws.