Strategic Communications and Marketing News Bureau

Study shows challenges to protecting privacy of library users

CHAMPAIGN, Ill. — Librarians have historically taken a strong stand on protecting the privacy of their patrons. But how well they accomplish this varies widely with the size of a library, and technology has made it more difficult, according to the first study of privacy practices and challenges in public libraries.

University of Illinois Urbana-Champaign information sciences professor and cybersecurity expert Masooda Bashir led the study, publishing the findings in The Library Quarterly.

Because no study on this topic had been done before, Bashir and her research group wanted to find out what the current practices and challenges were for public libraries, she said. The team conducted an online survey of public library employees across the country, asking questions about employee training, whether the library published information relating to privacy protections, the processing of law enforcement requests, the use of secure storage methods and responses to data breaches.

The survey was followed by virtual sessions with library information technology employees.

“Technology has really changed the landscape and libraries are becoming much more digitally focused,” Bashir said.

During the COVID-19 pandemic, libraries added online services and offered additional apps to patrons. But it is hard to know how well the patrons’ privacy is being protected when a library uses digital services offered through a vendor. “Data is shared without our knowledge and processed in ways we can’t comprehend sometimes,” Bashir said.

The library employees who participated in the survey said their biggest challenge in protecting patron privacy was lack of training and technical knowledge to identify privacy vulnerabilities and take steps to minimize them.

“They all valued privacy and they all wanted to protect patrons’ privacy. But sometimes with advances in technology, they’re not able to have that control over the kinds of data collected or shared or what happens when it leaves the library. Once someone leaves a library website and is on a vendor website, the protections might not carry over,” Bashir said.

More than 800 library employees completed the survey, and most of the respondents worked at small libraries. The size of the library, as measured by its number of cardholders, was the main factor in the level of privacy protections it provided. Larger libraries were more likely to have an information technology employee or someone dedicated to privacy protection. Rural libraries lacked those resources and often had to share such services with other small libraries.

Nearly all the libraries offered basic protections such as the secure disposal of sensitive data. While two-thirds of the respondents said their libraries provide privacy training to employees, 21% of those said the training was not mandatory and less than one-third had received training in the past year. Two-thirds of the participating libraries did not publish any information for patrons on how to protect their privacy, and more than two-thirds had no documented plan for handling data breaches.

Even more alarming to Bashir: For some libraries, particularly smaller ones, their only online presence is through social media rather than their own website.

“That is very troubling. Facebook collects a lot of data – everything that someone might be reading and looking at. That is not a good practice for public libraries,” she said.

Additionally, the U.S. doesn’t have a comprehensive law or set of privacy protections such as the European Union has, Bashir said.

Another challenge for libraries is that many patrons using a library computer often need help submitting a form or doing some other work online, so they are freely providing personal information, Bashir said.

“Public libraries are used by a lot of people in lower socio-economic groups. Privacy protections for these groups are even more important because they are vulnerable populations,” she said.

The American Library Association has guidelines available for helping libraries preserve privacy, but many librarians didn’t know about them, she said.

Bashir said a future project for her research group is to develop tools for librarians to be able to detect vulnerabilities in their libraries’ technology and to help develop privacy policies and best practices for libraries that don’t have the resources to do so themselves.

“Technology caused some of these challenges, and we can also use technology to solve some of them,” she said.

Editor’s notes: To contact Masooda Bashir, email mnb@illinois.edu.

The paper “Patron Privacy Protections in Public Libraries” is available online.

DOI: https://doi.org/10.1086/725069.

Read Next

Announcements Marcelo Garcia, professor of civil and environmental engineering at The Grainger College of Engineering.

Illinois faculty member elected to National Academy of Engineering

Champaign, Ill. — Marcelo Garcia, a professor of civil and environmental engineering in The Grainger College of Engineering, has been elected to the National Academy of Engineering.

Social sciences Male and female student embracing on the quad with flowering redbud tree and the ACES library in the background. Photo by Michelle Hassel

Dating is not broken, but the trajectories of relationships have changed

CHAMPAIGN, Ill. — According to some popular culture writers and online posts by discouraged singles lamenting their inability to find romantic partners, dating is “broken,” fractured by the social isolation created by technology, pandemic lockdowns and potential partners’ unrealistic expectations. Yet two studies of college students conducted a decade apart found that their ideas about […]

Engineering Civil and Environmental Engineering Professor Nishant Garg, center, is joined by fellow researchers, from left: Yujia Min, Hossein Kabir, Nishant Garg, center, Chirayu Kothari and M. Farjad Iqbal, front right. In front are examples of clay samples dissolved at different concentrations in a NaOH solution. The team invented a new test that can predict the performance of cementitious materials in mere 5 minutes. This is in contrast to the standard ASTM tests, which take up to 28 days. This new advance enables real-time quality control at production plants of emerging, sustainable materials. Photo taken at the University of Illinois Urbana-Champaign on Monday, Feb. 3, 2025. (Photo by Fred Zwicky / University of Illinois Urbana-Champaign)

Researchers develop a five-minute quality test for sustainable cement industry materials

A new test developed at the University of Illinois Urbana-Champaign can predict the performance of a new type of cementitious construction material in five minutes — a significant improvement over the current industry standard method, which takes seven or more days to complete. This development is poised to advance the use of next-generation resources called supplementary cementitious materials — or SCMs — by speeding up the quality-check process before leaving the production floor.

Strategic Communications and Marketing News Bureau

507 E. Green St
MC-426
Champaign, IL 61820

Email: stratcom@illinois.edu

Phone (217) 333-5010