Compiled and annotated by Peter Brunette and Theresa Mastrodonato, members of the ACRL DOLS Research and Publications Committee, March 2022.
Students, faculty, and staff of all types of institutions and libraries create a considerable amount of data as they use the library catalog, databases, computers, learning management systems, and many other systems. Understanding how this data is collected, handled, stored, used, or accessed by third parties is an important aspect of data privacy. The following articles introduce the topic of data privacy in an educational setting to get you thinking about how we, as librarians, can support data privacy.
Amirault, R. J. (2019). The next great educational technology debate: Personal data, its ownership, and privacy. Quarterly Review of Distance Education, 20(2), 55–70.
In this article, Amirault, as a way of framing the main focus of the article, introduces the readers to some educational debates that have taken place throughout history. Amirault sets the beginnings of data privacy with the introduction of the credit card, which allowed people to purchase items without cash, but also allowed companies to track the types of purchases people made, when they purchased items, and how they paid off those purchases. This leads into the main focus of the article: personal data and how it is collected, stored, and used within an educational setting. The author frames the argument as just as important as understanding software and hardware; it is equally important to understand the privacy implications of data collected by/for educational institutions.
Takeaways:
- Thorough overview of privacy issues in an educational setting.
- When reviewing new technology, do not just look at the features/capabilities, but look at how data is collected, stored, and accessed for individuals.
- Understand who owns the information that is gathered and stored in the learning management system that you are using.
- Talk to students about data privacy, especially where it concerns identifiable data stored for educational purposes.
- Educators have to be proactive in understanding how data their students create can be used, stored, and accessed.
Gariepy, L. W. (2021). Acceptable and unacceptable uses of academic library search data: An interpretive description of undergraduate student perspectives. Evidence Based Library and Information Practice, 16(2), 22–44. https://doi.org/10.18438/eblip29923
Gariepy details a study on undergraduate students’ attitudes and understanding of search data privacy in academic libraries. While the literature provides librarians’ changing perspectives on data privacy, the author highlights a lack of user perspectives on the topic. Using the qualitative approach of interpretive description, Gariepy interviewed a diverse group of undergraduate students, using a mix of questions and vignettes to gather responses. Interview and vignette topics included library practices, students’ use of academic libraries, and using search data to improve services and collections, individually tailored search results, learning analytics, and preventing criminal behavior. The results suggest a need for further discussion on students’ perspectives of data privacy and the adjustment of data collection practices.
Takeaways:
- Most students viewed library search data as impersonal and expressed trust in libraries collecting data if it was used for their benefit, such as improving library collections and services.
- Students expressed varying attitudes towards using library search data for individually tailored results, criminal investigations, and national security.
- Students were generally negative about using library search data for learning analytics.
- Students mentioned their own experiences related to bias, oppression, and stereotyping, and recognized the importance of data privacy for vulnerable populations who research controversial or sensitive topics.
- Most students desired transparency on data collection and use and supported de-identification and anonymity of user data.
Prindle, S., & Loos, A. (2017). Information ethics and academic libraries: Data privacy in the era of big data. Journal of Information Ethics, 26(2), 22-33.
In this article, Prindle and Loos discuss how Big Data has affected educational assessment practices and its ethical implications for libraries, particularly in the collection and storage of personally identifiable information (PII). The authors provide overviews of Big Data in K-12 and higher education, highlighting a lack of national data privacy standards, demands for performance-based funding, statewide PII repositories, and data breaches. This leads to a discussion of academic libraries’ collection of student data, whether through reliance on third party vendor resource access or student ID card-swipe data for assessment. The authors focus on the conflict of libraries’ data collection with the American Library Association’s professional Code of Ethics, particularly Article III, entitled Privacy: An Interpretation of the Library Bill of Rights. They call for greater discussion of the risks of Big Data, the importance of PII, data privacy, and their ethical implications in library literature and in the profession.
Takeaways:
- There needs to be a set of national data privacy standards as well as professional guidelines for informed consent, use, and storage of PII.
- Libraries need to find a balance between collecting PII for institutional assessment or access and protecting their users’ privacy.
- Libraries should assume that any collection of PII can leave that data vulnerable to identity theft, data mining, or being compromised.
- Libraries’ focus on Big Data-driven assessment to address student outcomes but need to consider what Big Data means for users’ data privacy.
Ray, E., & Feinberg, D. E. (2022). Deepening understanding: Adding privacy into a library and information studies course. Serials Librarian, 81(1), 59–68. https://doi.org/10.1080/0361526X.2021.1900022
Ray and Feinberg discuss their collaboration of introducing a data privacy module into the library’s one-credit information literacy course. The authors provide a brief discussion of the information literacy course and the work they completed to integrate the module into the course. Included in this process was creating content and providing readings that were geared towards students. For the first iteration of the module, the students completed a discussion which focused on the question of the availability of information (knowing that they might be tracked) versus their privacy. The authors are reviewing the module to determine any changes that might need to be made.
Takeaways:
- Teaching students about data privacy can be integrated into library instruction.
- Working across departments within libraries can bring collaborations you might not have thought of, such as introducing data privacy into an information literacy course.
- Students benefit from learning about data privacy.
Singley, E. (2020). A holistic approach to user privacy in academic libraries. Journal of Academic Librarianship, 46(3). https://doi.org/10.1016/j.acalib.2020.102151
Singley advocates for taking a holistic approach to data privacy by embedding it into everything that libraries do—collection development, user access, library instruction, and how libraries advocate for privacy across the institution in areas where data is collected. The author describes how their library has created a group that reviews how new electronic resources maintain data privacy of users. Singley recommends teaching students about how their data is collected, stored, and used during library instruction. As librarians, we too need to learn about and understand how data is being collected, stored, and used.
Takeaways:
- Data privacy in the library should not be the domain of just one person, it needs to be a holistic approach across many functional areas.
- Librarians should work with campus IT, so that library users are authenticating through the university’s system.
- Data privacy needs to be embedded in all aspects of the library.
- Librarians should take a role for promoting data privacy across campus.