Libraries and privacy

These are my notes for my own part of a panel discussion held at the British Columbia Libraries Conference on May 6 2021, called “Who’s Driving This Thing? Data-Driven Companies, Public Spaces, and the Issue of Privacy,” with responses to the questions answered by my colleagues, two archivists and privacy experts, Alexandra Wieland and Robert McLelland, and me. The session was wrangled, envisioned, and moderated by another librarian colleague, Samantha Mills.

A core concept each presenter feels is key to an understanding of privacy, surveillance capitalism, and information organisations 

Put simply, privacy is one of the core values of librarianship.

I’m going to start by going back to my own experience in ancient times in public libraries — the 1980s and 1990s, when I was a library assistant and then a new librarian.

In those days, we were pretty strict about privacy — and it was a lot simpler. If you borrowed a book, all records of that got wiped out after it came back safely. If someone wanted to read a reference book or an article, for the most part no one ever asked for their name — they just did it. (We used to take ID for some materials, but as I recall we gave it back when you returned the item, and we didn’t write your information down anywhere.) We kept patron’s holds behind the front counter where no one else could see them. And I remember being told, as both a library assistant and a librarian, that we were supposed to keep the identities of our patrons confidential. If someone asked, “Does so and so come here?” we were not allowed to tell them. And if we required people to register for a library program or workshop, that registration information was probably kept on a piece of paper, or a computer that wasn’t connected to the internet.

Things are a lot different now. And there are good reasons. Not very many people would stand at the coin-operated photocopier in a library and duplicate entire books or runs of journals — but the equivalent is a lot easier to do with electronic resources, unless vendors have some protection from this happening.

And a lot of our patrons want us to keep records of what they’ve read. And they like the convenience of ebook platforms that have nice interfaces and let them download books to their own devices, and customized features, and the ability to automatically add events to the calendars on their phones when they register for an event.

But as Dorothea Salo points out in her article, Physical-equivalent privacy [selectively quoting here]:

[T]he library patron using library-provided electronic information should enjoy privacy protection equal to that of the same patron using the same information via a library-provided physical information carrier.” This is not a perfect analogy… but it productively tickles most folks’ sense of what’s creepy….

Let’s walk through an example: usage counting for spaces.

Physical first. Gate counts, or a count clicker? Not terribly creepy.

…Counts by a person who asks each patron about their demographic information? Highly, highly creepy—we’ve definitely arrived at “scary” now, if we hadn’t already.

Counts by a person who asks each person their name or library-card barcode number? So scary that the library would likely empty out.

Combining either of the last two with recording the library material that the patron is reading, watching, or listening to? Absolutely beyond the pale; I would expect huge protests from patrons, working professionals, and professional orgs.

Combining demographic information, name or other identifier, and materials choice? Ugh, just forget it—that’s utterly beyond scary into full Orwell.

So many of us are probably agreeing now — it’s unquestionably creepy to think that someone is gathering this information about patrons online.

But what about giving patrons a choice?

Many people say yes to those vendor terms and conditions because they’re not worried or bothered about someone knowing what they read or what events they attend. And others say yes either because they don’t read or think about those terms and conditions (most of us say yes to these all the time), or because they don’t have a choice — that’s the only way to get access to that information, or training, or ebook, or library event.

And there are a few other people — I’m sure a much smaller number — who say no. They don’t use those resources because they don’t want to share their data. So there’s a spectrum of responses.

I think it’s fair to go a step further and say some people are being denied services because they say no. And some people aren’t making informed choices. Those are problems.

Here’s a tougher question. Should we even be giving patrons this choice?

“…The Canadian Federation of Library Associations affirms … that libraries have a core responsibility to support, defend and promote the universal principles of intellectual freedom and privacy…Libraries have a core responsibility to safeguard and defend privacy in the individual’s pursuit of expressive content. To this end, libraries protect the identities and activities of library users except when required by the courts to cede them….”

Canadian Federation of Library Associations 

Just looking at the privacy statements from our professional organisations, we should all be feeling a bit uneasy (if we weren’t already).

Are we really doing what we say we do? Are we protecting the identities and activities of library users, when we use these convenient online tools for Library collections and services?

“The American Library Association affirms that rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship.”

American Library Association, Core Values of Librarianship 

Frankly, my main goal today is to get us all feeling uncomfortable enough that we feel like we have to take some responsibility — as individuals and organisations — for doing more to protect patron privacy.

What is your biggest concern about libraries/information institutions/public services and privacy?

I’m treating this as the section where we talk about what we’re up against in libraries, especially library culture.

First of all, privacy is one of our core values, and people know this. It’s one of the reasons our communities trust us.

Not protecting privacy can lead to real harm to our communities — especially to more vulnerable people, and we are at risk of losing that trust we have built up over many decades.

How did we get into this situation, where we aren’t protecting privacy the way we used to? And why is it so hard to get out?

Part of it is us, and it’s entirely well-meaning. We are saying yes to services that people are asking for, and that are really very useful and exciting. We are saying yes to convenience. We are providing services that people really need and appreciate.

And part of it feels like it’s out of our control. Usually we buy or lease ebooks or ebook platforms, or research databases, etc. etc. — we very rarely build them ourselves. And we can only choose between products that are actually available.

And I think another part of it is the predominant library culture.

We are very good at many things, including providing essential services and being really responsive to our communities. We are good at telling our stories. We are great at collaborating. We’re also really thrifty and efficient.

On the other hand, many of us working in libraries are not so good at conflict. We are naturally oriented towards working together, not adversarially. If patrons ask us for a particular product or service, how comfortable are we saying we are seriously concerned about the privacy implications — and what if those patrons tell us they don’t care about that? If vendors tell us that our patron data is safe with them, how do we respond? (And what about if we don’t feel like “experts” on privacy in the first place?)

And as individuals in library culture most of us are also very respectful towards the people we work with. We also hesitate to speak up unless we have all the facts.

We think to ourselves, “Who am I to say anything when this isn’t my area? I’ll sound like I don’t know what I’m talking about. Besides, I’m sure Person X in charge of Z knows so much more about this than I do — and I don’t want to step on their toes.”

These are some of the problems. But I will have some suggestions at the end.

What are some actions we can take as people in libraries (including examples of resistance or friction we can practice as individual information workers) — or community members? 

I’m assuming here that none of us (library workers, libraries, even library associations) has the power to solve our privacy problem on our own. But I think that as individuals and as individual libraries we can take some steps, and we can shift the conversations where we already are.

What can I do (as an employee, manager, even a community member)? Here are some of the things I’ve done, tried, or have been reminding myself to do:

Ask! At every stage, starting early on:
– “What about patron privacy?”
– “How will my privacy (or other people’s privacy) be protected?”
(And remember that this applies to physical services as well as online.)

Advocate! And speak up!
– If I can’t say no, can I say “Yes, but only if we can do that while protecting our community members’ privacy”?
– Share examples of privacy statements, positions, and bold privacy-protecting moves from other libraries.
– Ask if my library can develop a public-facing privacy statement to guide staff, and inform my community (and vendors). (And offer to help write it.)
-Remember the impacts of our decisions on less privileged people — especially people different from ourselves. (Here’s where listening to our communities is important, and UX practices can be helpful. We might need to shift our thinking to wanting to hear where the barriers and risks are to different people. And we can also consider the UX practice of developing personas as a way of changing our perspectives and thinking through different impacts on people who are in different situations.)

And things I try not to do:
– Think I need to know everything before asking questions or starting to advocate for privacy. We can legitimately care about something without being experts.
– Censor myself because I worry about someone being Mr Gotcha (e.g. people claiming privacy is all or nothing, or who will criticise me for being on social media, or having a phone, and also caring about privacy ). We all live in the world.
– Gather personal information just in case, or just because I can. (The safest data is the data we don’t collect.)
– Be afraid to be “that person” who always asks about privacy. (I’m starting to feel proud of being that person.)


“Librarians and other information workers respect personal privacy, and the protection of personal data, necessarily shared between individuals and institutions…. The relationship between the library and the user is one of confidentiality and librarians and other information workers will take appropriate measures to ensure that user data is not shared beyond the original transaction.”

The International Federation of Library Associations and Institutions (IFLA) Code of Ethics for Librarians and other Information Workers

Some recommended reading and further resources

For inspiration:
– Stanford Libraries’ “Statement on patron privacy and database access,” co-signed by many heavy hitters, including Harvard, Johns Hopkins, Princeton, and MIT, and which begins: “Many leading providers of digital content to libraries in North America are changing the way they provide access to library patrons. Instead of allowing anonymous access via well-established channels, these providers are increasingly seeking personally identifiable, individual patron data. Often these efforts to gather more patron data are bundled into efforts to “enhance” or modernize platforms as the sector moves towards single sign on, and away from traditional, IP-based access. The providers have many possible drivers to gather this data: personalization, analytics, marketing, et al. This approach is unacceptable.” [emphasis mine]
– Cornell University’s Privacy Services page, including a powerful statement about licenced resources, which includes: “The Library fights against these privacy degradations in solidarity with our peer institutions. Whenever possible, we negotiate with vendors on licensing agreements for online resources in order to secure strong privacy protections for our patrons on and off campus. When we are unable to negotiate changes to invasive policies, we weigh alternatives and proper actions, including canceling subscriptions, if necessary.” [emphasis mine]

Selected background reading:
– From 2016, but still very relevant and helpful for thinking about the real risks of sharing patron data, “Patron data and the fear of surveillance: some thoughts,” by Martin Patrick.
– “Librarianship at the Crossroads of ICE Surveillance” (In the Library with a Lead Pipe, 2019) by law professor and librarian Sarah Lamdan, which begins, “As a fellow librarian, I’m here to warn you: ICE is in your library stacks. Whether directly or indirectly, some of the companies that sell your library research services also sell surveillance data to law enforcement, including ICE (U.S. Immigration and Customs Enforcement).”
– “Addressing the Alarming Systems of Surveillance Built By Library Vendors,” SPARC, April 2021, explains why “The transition to online platforms for education and research—even open ones—has created new, complex, and unprecedented threats to libraries’ commitment to protecting user privacy.”
– “Ethics in Research Use of Library Patron Data Glossary and Explainer,” from The Digital Library Federation Technologies of Surveillance Group, is about the risks of gathering data on students.

Just two of the people worth reading regularly (if you don’t already):
– Cory Doctorow (@doctorow on Twitter): outspoken and plain-language takes on privacy, surveillance capitalism, and technology. E.g. “LinkedIn to Libraries: Drop Dead.”
– Dorothea Salo (@LibSkrat on Twitter): an academic librarian and library-school instructor who writes about security and privacy. E.g. “Physical-equivalent privacy.”

About the author

Janis McKenzie is a user experience librarian, writer, occasional singer, and former campus radio person.

These opinions are solely her own.

An underappreciated librarian superpower?


I was at a writing meeting the other night, feeling very stuck with the progress of the novel I’ve been working on. So I tried a little exercise to try to unstick myself: writing book jacket blurbs from the perspective of different characters. My thinking (backwards as this may sound) was that a reader should have a reason to pick up the book — as a writer, shouldn’t I have access to at least the same motivation? Maybe boiling down my concepts would help me to refocus and redirect my story. Worth a try, anyhow.

The organizer, across the table (and — full disclosure — across a couple of glasses of beer) from me, mentioned that some writers she knows have friendly competitions to do this kind of thing, challenging each other to write blurbs with ridiculously low word counts, say 27. A few of us laughed. How was that even possible?

But then I counted the ones I’d already written. 32 words. 29 words.

No, I’m not a novel-writing genius with a special talent for boiling my own stories down to blurb length. But I’m a librarian, and we are trained experts at recognising the “aboutness” of publications. And at least back when I was in library school (and at least in a couple of the courses I took — other librarians’ mileage may vary), we learned a thing called writing annotations.

Librarians summarize things all the time.

So it turns out that there are a couple of obvious places where these librarian and writing skills overlap:

Screen Shot 2016-03-10 at 4.19.23 PM

Venn diagram creator courtesy of (which apparently doesn’t approve of the word “aboutness”)

Maybe this diagram doesn’t exactly capture the cool possibilities. But hang on. This can lead to exciting things!

Let’s start with academic libraries.

Every so often I read an article about how little most of us know about important research being done in universities. (Here’s an example I saw today: Academics can change the world – if they stop talking only to their peers.) Scholars are mostly talking to each other about their discoveries, in a language that’s mostly inaccessible to the rest of us. And media don’t cover it because they don’t know about it, and — not surprisingly — they aren’t usually scouring academic journals for possibly interesting stories that they can translate into approachable language for non-experts.

Where can librarians come into the story? At universities, librarians are encouraged to be aware of faculty members’ research areas — which is essential if we are going to make sure we have collections to support them, and if we are going to have well-informed conversations about topics like scholarly publishing, copyright, open access, and so on.

So once we have all this valuable knowledge, maybe we can do more by applying these annotating and summarizing superpowers — and particularly for “discovery” and curation, connecting researchers with our communities. One somewhat writerly idea:

  • Write regular features (published on our library webpages or blogs, or in newsletters if we have them) highlighting some of the work of researchers at our institutions, and link to the publications. (And post to social media.) Note: This one, in addition to being more writerly, requires more investment, and may overlap with other groups on campus (Communications offices and so on).

These three are all well within “usual” library and librarian spheres:

  • Annotate, highlight, and feature publications by local researchers in our library’s search results.
  • Edit and add Wikipedia entries with information about research done by scholars at our institutions (and add references).
  • Provide space and support for faculty and student activities that may arise out of the heightened awareness (Panel discussions? Workshops? Wikipedia editathons? Journal clubs?)

Do you already do any of these at your library? Do you have other ideas? Let me know!

And last of all, a Kate Beaton cartoon. Because I’d love to take a history or literature class from her.


The beauty of quick and dirty — loving garage rock and being a librarian, too

It’s funny how easily I forget that I’m crazy about old ‘60s garage rock. Months can go by without me thinking about it, until it’s almost possible to believe I’m a person of sophisticated tastes (after all, I read “serious” books and I’m picky about what TV shows I watch), but then I’ll hear an old, noisy, primitively-recorded 4-chord song (maybe The Troggs or the Count Five or ? and The Mysterions), and it all comes back to me. It’s not a poetic or romantic kind of love, it’s the sheer physical kind, the type that is electrifying and unbalancing, that hits you hard and makes you forget common sense and shame. If they were teenaged boys and I was a teenaged girl I’d text these guys in the middle of the night, I’d skip out of my afternoon classes so I could hang out in front of their school in hopes of seeing them come outside when the bell rang.

But never mind the not-quite-right metaphors, I’ll admit what actually happens when I hear them: I am compelled to jump up and dance and shake my hair around, totally forgetting that I’m too old, too uncoordinated, too graceless,  too much of a librarian to be able to pull this off.

If I had to choose just one first-generation favourite garage-rock band, it would be The Sonics, from Tacoma, Washington. Growing up in Vancouver and doing campus radio and going out to see bands in the ‘80s, I was introduced to them through The Pointed Sticks (who covered The Witch), almost certainly The Enigmas, my favourite local live band at the time, who did lots of garage covers, and ultimately the Sonics Full Force LP that came out sometime midway through that decade. (I bought mine from Zulu Records; you can still see the plastic wrap.)

sonics back sonics front

Like the whole punk scene (which was also already over by the time I was old enough to go see live bands), the garage guys* were proof that being loud and audacious and having just a few basic skills on an instrument was enough to make life-altering music. A boyfriend with serious music cred (and no formal music training) showed me how to play “Strychnine” — my introduction to barre chords, and not the sort of thing they taught us on our nylon-strung acoustics in the guitar class I took as an elective in high school. After that it was just a matter of months before I was in my own band, writing songs and singing and playing guitar — essentially because I was too naive to realise I wasn’t good enough.

But that’s another story.

The Sonics came to Vancouver in September — their first time playing here since their original 1960s incarnation. It could have been awful, and maybe it should have been awful, some guys in their 70s (!) who were never particularly huge, playing fifty-year-old songs. But the venue was packed — sold out or close to it — and with a mix of people who could have seen them in the old days, people my age, and people who weren’t even born when I discovered the Sonics in the ’80s. Somehow we all knew this was going to be special, and it was: Gerry Roslie’s voice was inexplicably even better than on the old records, there was a huge happy mosh pit, and everyone was blissfully soaked in sweat, including me. Yes, I danced and sang along at the top of my lungs, probably to the great amusement and pity of everyone around me. But I didn’t care. I was absolutely high from the whole thing.

This stuff makes me happy, and more than that, it reminds me of the beauty of quick & dirty and DIY, approaches that I have mostly unlearned through years of education and experience.

Librarians are notoriously obsessed with accuracy and even perfection — something that’s essential when we’re cataloguing items or answering reference questions. But there’s a place for quick & dirty in my work too, and I need to remember that possibility. How often do I find myself at work staring at a problem that feels like having to write, arrange, and conduct a symphony, complete with hiring a room full of musicians, when all that’s needed is a three-chord song that I can whip off in an afternoon?

I don’t have the answers, but thank you to The Sonics for reminding me to ask the question.


* There were women who did great garage rock too — see the Girls in the Garage series, for instance (unfortunately there isn’t a Wikipedia entry for those records yet — and I don’t know enough to be the one to create one Someday I would love to do more exploration of these old girl groups (and why and how they are mostly forgotten; certainly it wasn’t for lack of talent and visual appeal). For the moment, you can get tiny and delicious tastes on the web, including here: