Wednesday, June 20, 2007

Privacy Audit

I had the pleasure of working with San Francisco Public Library on an audit of their records relating to patrons and patron activity. This doesn't sound like an exciting activity, but in fact the staff I worked with there really got behind the project. Basically, we (they, really) ferreted out all of those nooks and crannies where patrons sign up for things, or where they leave some footprint in a system or on a sheet of paper. We looked at remote services and ad hoc practices in the branches, including use of things like MySpace and instant messaging to communicate with teen readers. There were some surprises (mainly files in the desks of those folks who feel they have to keep everything, just in case) and a few sticky issues (what to do with held books that are placed on public shelves? Use the patron's name? Use the patron's library card number, which they usually don't know?).

The final report to the Library Commission is online as a PDF. The actual results of the audit ended up being over 80 pages, with copies of all of the forms and all of the printed and emailed outputs from the library. You can see the blank forms that we started with here. And this is the Word template that we used for the final audit results, one page for each document or system. In my copious spare time (which seems non-existent at the moment) I will try to mock up a few filled in forms so people can see what the final data looks like.

In any case, here's a library that can now say "We know where our data is, who has access to it, and how long it is kept." That's pretty good.

No comments: