CILIP held a Privacy Briefing on 28th November focusing on issues relating to Privacy, particularly in the light of changing data regulation including the General Data Protection Regulations due to come into force in UK law in 2018.
The sessions highlighted the professional obligations of Library and Information professionals in relation to privacy as well as exploring some ways in which libraries, archives, and other bodies where tackling privacy and data protection issues.
My more extensive notes on the day are on the Yorkshire and Humber LKS Wiki but a summary of actions is below:
Five things LKS professionals should know:
- The position of the European Convention on Human Rights, and CILIP in relation to privacy rights.
- How your service handles its customer’s personal data
- How any third parties (eg: LMS suppliers) handle your customer’s personal data
- How to balance the customer’s right to privacy with the practical need to deliver the service in the customer’s interest (have you explored the tension, and can you justify the decisions and resulting practices?)
- Who you can turn to within your organisation for advice in this area.
Five things LKS professionals should do:
- Review your service’s practice in relation to customer’s personal data and document processes and procedures
- Undertake a Privacy Impact Assessment using the above data to identify what changes you need to make to ensure your processes are the best they can be
- Challenge your practice as an information professional with privacy in mind
- Consider how you can educate your users in relation to privacy (eg: online)
- Advocate for privacy and contribute to CILIP’s Ethics Review
NHS LKS Development Manager (Yorkshire and Humber)