1 / 15

Privacy and Libraries

Privacy and Libraries. A changing and challenging landscape. Cindy Gibbon Oregon Library Association Conference April 18, 2013. Ch — Ch — Ch —CH Changes. From Integrated Library System (ILS) to Library Services Platform (LSP) From OPAC to Discovery Layer From local hosting to cloud hosting

titus
Download Presentation

Privacy and Libraries

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy and Libraries A changing and challenging landscape Cindy Gibbon Oregon Library Association Conference April 18, 2013

  2. Ch—Ch—Ch—CHChanges • From Integrated Library System (ILS) to Library Services Platform (LSP) • From OPAC to Discovery Layer • From local hosting to cloud hosting • From physical content we own to virtual content we lease and serve up via multiple web interfaces • From in-person, telephone and snail mail to e-mail, text, chat, and social media

  3. What do patrons want?

  4. The Heartbleed Bug

  5. “On Tuesday, April 8th, we told you about the HeartbleedOpenSSL vulnerability, and the steps we took to protect customer security and privacy. BiblioCommons took immediate action to patch vulnerable systems, rekey and reissue our SSL certificates, and revoke the old ones. Since Tuesday, we’ve also changed certificates on our Partner Portal, our APIs, and our e-commerce site. We’ve also confirmed with our firewall vendor, e-commerce cart vendor and our offsite backup facility that they were not affected. If you’d like more details on the actions BiblioCommons took, we’ve created an article in our Partner Portal Knowledge Base. …”

  6. Library Hosted Services • Bibliocommons • Overdrive • 3M • Hoopla • EBL • Ebrary • Worldcat • GVRL • Content DM • CS Direct • Epass • Paypal • Boopsie • Illiad • Serials Solutions • Shoutbomb • OCLC • Ingram • Baker & Taylor • Midwest Tape • BWI Books • Unique Mgmt • Marchive • KnowledgeTracker

  7. A few words about Contracts • Libraries need to more actively share contracting best practices, including language around: • Adherence to privacy standards: • Cloud hosting server and network management practices • Secure data transmission protocols • Patron data • Access to the library’s server(s) • Internal management practices • Required independent audits and our right to see results of those audits • Privacy policies written for real people • Monetary penalties for non-performance.

  8. Securing the Bibliocommons server • The server will be a standalone system in the DMZ. • The server will use administrative credentials unique to the system. • BiblioCommonswill be given administrative access only to the Tomcat Manager, allowing the following functions: • Deploy/Update/UndeployTomcat web application • Start, Stop, Reload Tomcat web application • Expire Tomcat web application sessions • View Tomcat server status • Both host-based and discrete firewalls will be utilized to limit network access to Tomcat Manager, allowing only BiblioCommons and County administrative network traffic. • All access to Tomcat Manager will be logged by the Tomcat logging facility to provide an audit trail. • Server logs will be sent to an independent logging system in real-time. • Tripwire will be implemented to monitor and alert on filesystem changes in the Tomcat environment.

  9. Cleaning up Data Transmission • Are you still sending patrons’ personally identifiable information over the Internet in plain test format (e.g. via e-mail or regular FTP)? • STOP! • Encrypt this data using a secure protocol: SFTP, FTPS, SCP, HTTPS

  10. Social Media • What have those cute little Facebook and Twitter icons been doing while we weren’t paying attention?

  11. Try to relax… • Figure out what you CAN do. Here are some ideas that can work for even the smallest library: • Use better password protocols • Train your staff • Train your patrons on how to better protect their own privacy on-line • Pick a few privacy audit items that seem doable for your library. You don’t have to do everything at once.

  12. Advice to self on privacy • Promise only what you can deliver • Find out how things really work • Prioritize—Fix the things you can • Give patrons choices • Privacy information, not privacy “warnings”

More Related