Purpose & Goals

Academic libraries increasingly face challenges by the growing collection of user analytics. Digital technology has proliferated automated data gathering based on user behavior, especially as use of electronic resources dominates the circulation realm. In addition, higher education institutions have increased use of user monitoring and librarians face mounting pressure to demonstrate impact on student success using library transactional data married with student academic metrics. As so much user information is ubiquitously collected and used, in what ways does the role of the library evolve in ensuring historical adherence to user confidentiality when engaging with libraries? To determine how academic libraries use their websites to present information describing users’ personal information collection, use and disposal, we looked at privacy policies posted on the libraries’ specific websites. This poster presentation describes the findings of 2023 research in which 70 statewide academic libraries’ websites were reviewed for the presence and content of user privacy policies. The study team examined web-published privacy policies to determine how and with what content libraries make their users aware of the personal information collected from them as they use library resources and services. Building on work by Valentine and Barron (2022) who reviewed privacy policies of U.S. Association of Research Libraries’ (ARL) member libraries, the study team opted to review a southeastern state’s public and private universities and colleges to explore how the academic libraries present user privacy information.

Design & Methodology

This review was designed to gather information on privacy policies at public and private not-for-profit public two-year and four-year institutions in the state of Florida. The study team employed a content analysis of 70 academic library websites creating an inventory based on the literature review of privacy concerns and focusing on the presence of a library-specific privacy policy. Metrics collected included institutional profile data, presence of a library privacy policy, accessibility of the policy page and the content contained in the policy such as authorizing laws/ethics, user data collected, collection practices, policy limitations among other items. The study team conducted reliability testing (.844) and completed the data collection between November 2022 and February 2023. The analysis was limited to the 15 websites that maintained a dedicated privacy policy page.

Findings

Key findings included that only 15 of the 70 institutions maintain a dedicated privacy policy page as part of the library website. Of the 55 academic libraries without a dedicated library privacy policy page, 36 did not link to an institutional page with student privacy language. Of the 15 institutions with dedicated library privacy policy pages, only six libraries actually named the language as a policy. Other description included statement, principles, patron rights and protocol. Key elements included in the statements were materials, website and computer use policies; however, less than half of the policies described student personal data collected during reference transactions, space use, or space surveillance. None of the policies mentioned data collected during instruction sessions although this is commonly done by libraries for institutional reporting and service improvement. Seven of the policies mentioned third-party vendor activity but only one library provided a direct link to a third-party vendor website. Libraries mentioned collection of personally identifiable information (PII) but most did not describe their data management practices.

Action & Impact

While the actual sample size of separate library policy pages is small, the information gathered was interesting and a good framing for future research. It is concerning that rarely do these policies ever mention learning analytics. It is a subject left largely untouched, which is ironic as learning analytics becomes a more integral practice of institutional assessment. While students may have had learning analytics collected by their K-12 schools, it is important to inform and empower students as they enter adulthood and attain full agency. The results of this study are being used by the statewide library consortia assessment steering committee to further examine the libraries without privacy policies as a means to developing a best practices document to provide to the members of the college and universities governing council.

Practical Implications & Value

This study demonstrates that while libraries reference a variety of associate privacy ethics - American Library Association, International Federation of Library Associations, Digital Library Federation -the low number of libraries that detail PII practices is noteworthy as it serves the need for institutional compliance rather than informs the patron. Additionally, a library is a dynamic ecosystem of third-party vendors of which patrons are rarely aware. This includes library management systems, database and publisher content, archival software, and Google Analytics, among others, all that possess their own privacy policies which are likely overlooked by library patrons. This study shows that academic libraries have room to grow their roles in creating greater awareness and knowledge of user privacy and that their primary portal for student usage, the library website, should robustly describe practices and policies and include opportunities for users to access more information about the “twilight of anonymity” (Ron Steslow, Politicology podcast, 21 Feb, 2024). This presentation is based on results published in Mann, E. Z., Jacobs, S. A., Kinsley, K. M., & Spears, L. I. (2023). Tracking transparency: an exploratory review of Florida academic library privacy policies. Information and Learning Sciences, 124(9/10), 285–305.