 Good evening, everyone. Thank you. If I could ask you to take your seats, please. Welcome, everyone. My name is Sita Penya Gangadharan. I'm an assistant professor based at the London School of Economics, a program fellow at New America's Open Technology Institute, and on the leadership team of a project called the Digital Privacy and Data Literacy Project here in the Metro New York area. I'm really pleased to welcome you to tonight's event. The future of digital rights is a library card. It couldn't be a more timely conversation. Increasingly, public libraries are rethinking the ways in which they help their patrons confront the challenges of being digitally included. Always on, fully networked, and easily trackable. And they're doing it in the context of significant institutional and technological change. Public libraries are, on the one hand, very avid digital consumers of data-rich software tools and services that form part of their everyday operations. And they're also digital providers giving access to the internet, to the public internet, and to public computers, especially for members of historically marginalized communities. So, patron data are flowing to and through the information infrastructure of libraries. And that's posing challenges. Of course, I'd be remiss if I didn't mention the library's historic commitment to protecting patron privacy, which is, I think, very instructive for other civic institutions throughout the country. And there are also laws that protect patron privacy as well, although I think we'll get into some conversation about some of the political context and the challenges of dealing with that policy environment. Needless to say, between the institutional, the technological, the professional, and the political, there's a lot to talk about and there's a lot to learn. To help us set this stage, I'd like to welcome Josh Breitbart, Senior Advisor in the Office of the Mayors here in New York City. And after Josh, I'll welcome our panelists, Bill Marden, who's Director of Data Privacy and Compliance at New York Public Library. Jamie Anno, who is the Manager of Organizational Assessment at Queen's Library and Story Bellows, who's the Chief Innovation and Performance Officer at Brooklyn Public Library. But first, Josh. Thank you, C. Dunn. It's really a privilege and a joy to be here with you all and hosted by New America and with our three library systems. I grew up going to the Brooklyn Library and I was a very fortunate kid, not just because I grew up in Brooklyn. But when I was a kid, we had a computer, we had encyclopedia, and I was thinking recently about a time when I had to do a report on Martin Luther King and I wanted to look him up in the encyclopedia that we had and he wasn't there. I just went right from Martin Luther to mastodontical things. But then I realized it was because we had gotten that encyclopedia from my grandparents. It was printed in 1957. And I was thinking about this recently because I was wondering what the literacy rate in New York City was. I did search the modern encyclopedia for that question and one of those Google-endorsed answers was at the top and it said 80. And the headline was from RT and it's saying that actually that 80% of high school graduates in New York City are illiterate, which is false. And if you go down, you see the stories debunking that article. But it just reminded me of all these times in our lives when we really need information scientists or people to really give us the skills to guide us through the systems of information that are not complete, that are either hiding things from us or maybe even taking things from us. And the incredible role that the libraries have. And I think that for many of us, we get that reminder now on an all too frequent basis with stories like this. And it's one of the reasons why this event is so timely. As with many things that seem timely, they are many, many years in the making. This work goes back to research that CETA had been doing for at least five years. And at the time, we'd already known each other for a while at that point, but it was just one in a long series of incredible insights into the world of digital inclusion that there was this gap that I think was really coming from the fact that many people who had economic and education privilege who had been the early adopters of the internet just weren't really seeing the ways in which low income communities or communities that were coming onto the internet at a later point over lower skills, lower level of digital skills, or who were coming from communities that had historically been subjected to this development, it's much more than communities like the one like mine or like I grew up as a part of really that insight that this was a missing part of digital inclusion. And so that incredible work over the years to do the research to show that but to build these partnerships and develop the curriculum and the training program that we're hearing about tonight is I think just to really show her foresight and leadership in this area and how incredibly lucky we are in New York to have our library systems and the key role that libraries have here really is trust. And I think unless you have trust you really can't have privacy or information sanctity and so the role of libraries is so critical and really in New York our three systems are the national leaders in this conversation and in this work and really are also setting New York City up to be I think well represented going into this future so I'm incredibly excited to hear more about this work to hear about what they've done and what's coming next and really just to thank these four people and the institutions and body of work that they represent for their achievements and for sharing this with us tonight and thank you all for being here as well. Thank you so much, Josh. Thanks, Josh. I do like to think of this as a panel of leaders and we're going to hear first from Bill Martin from New York Public Library and as I mentioned, Bill is the Director of Data Privacy and Compliance and that's a relatively new position for libraries in general and I'm really excited to hear you talk about what some of your biggest accomplishments or one of your biggest accomplishments has been in that capacity as Director of Data Privacy and Compliance. Thank you. Thanks. So as Cida mentioned, it's a new position that I'm in at the library so let me just back up a bit and tell you a bit about my background. So I started out as a librarian actually as a newspaper reporter that's a further back story. Got my MLS from Columbia back in the days when Columbia still had a library science program and worked on and off in libraries for about 10, 15 years and then I went into banking for various reasons, mainly financial. I worked in the banking industry for about 15 years but I found myself in the IT departments working in compliance and then little by little because I was in compliance, I worked at the Tory work, working with the OCC and the Federal Reserve and the FDIC so I had all this compliance experience and then lo and behold one day I see an advertisement on NYPL site we're hiring and one of the positions was this newly created position for Director of Privacy and Compliance. I applied and they said, you're the guy, nobody else has the experience we want. They wanted somebody with a law degree which was one thing I didn't have any experience looking for and Asita mentioned we are the only library as far as I know in the country that has a full-time Privacy Director or Privacy Officer. So my initial task was to revise the privacy policy. Most institutions have them. They sit at the bottom of the web, the home page and you know it's the type of thing that you click past and never look at again but this was a fairly important document that the library had been wrestling with for five years to revise and we have a very active Board of Trustees, Evan Chesler who's Chairman of Cravis Swain and Moore is our chairman we have a lot of very smart people on the board and they're very interested in the topic of privacy. My first week on the job, Carl Fortzheimer who's one of our Board members said well why can't we just go back to the days when you can go in the library you can research something there and I kind of started off with that tenet of the right to be forgotten as it's sometimes known and said well maybe this is where we need to explore and talking to various people I realized very quickly that this is we're in an age now where that's most likely never going to happen one person I talked to put it quite eloquently said you always leave a digital footprint in our current world whether you want to or not and from the moment you walk into our library you're being videotaped various transactions are happening digitally when you borrow something of course that information gets recorded however there is a limit to the amount of information that libraries can and should keep and this was kind of the key thing that as we started revising our privacy policy we tried to take into consideration and we wanted to make the policy readable not always an easy thing for a privacy policy this is legalese it's a document that at the end of the day is meant to be a disclaimer most disclaimers are never well written or very interesting to read but we put this thing together with the idea of telling people essentially what information do we collect about you when you use our library where do we hold it who can access it how can you control it and ultimately what does it mean to have this information in terms of where it goes eventually is it disposed of is it wander off into the ether and never seen again so a couple of things that were key components in this is doing an inventory I'll only mention that Brooklyn is doing one right as we speak but getting an understanding of what it is we collect on a day to day basis was was massive I always tell people the story New York Public Library the fourth largest library in the world after British Library Library of Congress National Library of Canada but we have 23 million transactions a year and most of them are electronic but a good half million of them are still the carbon copy paper call slips and I tell people we are an institution that was born in the 19th century we grew up in the 20th and we continue to try to thrive and grow in the 21st and we have elements of that whole 120 year history under our roof and that is the big challenge for I think us and most libraries is that we're still dealing with old technology and old expectations while we're trying to address the new ones so when we revised privacy policy as I said we built it in so that people could at least understand what they can do with their information our board members are really keen on the concept of opt-in and opt-out and those of you who work in the library world know most libraries have to rely on third party vendors and this is just a conundrum for us because we work with I'll just give you an example, Eventbrite it does ticketing for a lot of our events when you sign up for an NYPL event through Eventbrite Eventbrite by the rights of the contract we have with them keep that information and they can contact you for other things so you have the ability to opt-in and opt-out of that thank you sorry there we go do you have the ability to opt-in and opt-out of that that is a question and we tried to make it clear to people that for our marketing materials we built into the policy an easy phone number or an email that you can contact to let us know that you don't want to receive those emails anymore and it was interesting when we finally rolled out the policy on the end of November we got hundreds of phone calls and emails from people saying take me off that mailing list no, I didn't realize that you had that but now I know how to get off of it and I'll just jump forward to one thing that we did that was a key piece of the new privacy policy which is just making people aware of what we did and I'll never forget the day Tony Marks the president said to me how are you going to tell people that this thing is updated and I said we're going to put a little notice at the top of the website that says last updated on November 30th and he looked at me and said no that it's been updated so we came up with an arrangement where we took every single patron name, every donor every person who subscribed to our newsletters and on November 30th at 9am we sent out an email to 1,044,000 people telling them that the policy was updated not only did we do that at the top of the web page there was a static bar, bright yellow that said we've updated our website and our privacy policy rather it got a lot of attention at the point that the London Guardian actually ran an article incorrect as it was but they ran an article saying that we had updated our privacy policy and they claimed in the article that we had done so as a result of the recent Trump election the timing of the release of our privacy policy was November 30th obviously three weeks before some other big event had happened so they conflated those two so we got some interesting publicity and but at least we got around to letting people know we had done it I know we're short on time so I'll just leave you with that and the fact that that was the big accomplishment for last year new privacy policy but the areas that we're expanding into this year is public education letting people know more about about opt in, opt out, about what we do with our information and basically in the current political environment reassuring people we're allaying their fears however you want to look at it that we are a trustworthy source that we are guided by as Josh and I think Zeta mentioned that laws, specific laws state laws that require us to keep information confidential and that's what we want to that's what we want to tell the public about thank you thank you and it's rare to hear institutions have such a vast campaign about updating their privacy policy in ways that actually allow them to provide feedback about it so thanks for sharing that we're going to move to speaking or hearing from Jamie Anno from Queens Library and one of the things that I spoke about with Jamie earlier was the fact that she comes from a public health background and in the health profession there's HIPAA and there's a legal framework for ensuring the privacy of patients health records there's been quite a bit of research on the health sector and the extent to which privacy is protected and so I'm excited to hear about your insights and the work that you're doing at Queens Library and some of the differences that you're seeing with respect to the health sector and the library sector so yeah looking forward to what you have to share so I'm the manager of organizational assessment which means that I sort of manage all of the data that we're generating in the library comes from all different sources and basically my job is to look at the trends and see the areas that we need improvement in so I have this very detailed view of what kind of data we're generating and because I have this public health background my very first job was working at NYU as a research data analyst so I was taking these data from medical records and that are bound by HIPAA and doing research with that data we had to de-identify we had very strict laws about how to de-identify the data and what kinds of data that we can work with so that has always been in my mind as I moved through my career in nonprofits and now I'm at the library and it was just something that I was always thinking about but it's not the library field talks a lot about privacy issues but we don't talk about the data or the kind of issues surrounding the data so basically I think about a year ago I was talking to one of our directors for our community library directors and she was also sort of concerned about the ways in which the technology in our library was moving at a faster pace than how we can update our privacy policy so we decided to convene a working group and do basically a data audit so we're still in our first phase of doing this data audit and looking at what kind of data we are collecting let me see, I have the whole thing you know, what possible actions you can take in the library and what kind of data is generated from that and so what are we collecting where do we keep it how do we secure it how long do we keep it and then we have the legal guidelines the current policy recommendation and any new policy recommendations that we would have at the very end of our data audit you know things might come up where we decide to change that based on new technologies or just better ideas of how to keep library data safe yeah, that's okay that's it maybe I can ask a follow up question so one of the things that I've been a part of with at Brooklyn Public Library is a working group that helped co-create the digital privacy curriculum that we've used to train library professionals and one of the exercises we took part in was trying to document all the different technologies and all the different kinds of data that are collected within the institution and this was with frontline librarians as well as technology resource specialists and so I'm just wondering if you can provide a bit more detail about either the scope or number of I have it right here so I can't tell you the number but it's all kinds of things when you enter a branch you are videotaped and so what does that mean how long do we keep that video if you're involved in an incident in the branch what happens then if we have to give your information to the police or other authorities what does that mean and how we have these policies on basically how long we can keep it and the idea is librarians here can probably correct me if I'm wrong but basically how I understand it is it was in the 1970s that with the Nixon administration that privacy really became an issue within the library you also did research on this so you can correct me but this is the story that I heard and so there was just this idea that yes if you have a warrant you can gather this data on our customers but if we don't collect it then that means we don't have anything for them so they can have a warrant we can't you know we've never heard of that customer before we have no record of what books they're checking out or what websites they're looking at and so that was the idea that is permeating through the library field but we also have these new technological advances that are not keeping up with that kind of ethic and so that was the story so we have things like when you enter the branch when you request in our library alone when you request a website to unblock on our filter do we keep data on that we do when you borrow a hotspot or any sort of material if you sign up for an ESOL class the one that I did just yesterday I had a conversation about the medical librarian we have a medical librarian here who keeps all of he doesn't keep it but people will come to him and say sensitive information about themselves and so what happens to those records that he has is it emailed through our system because then that means it's on our email server which could be exposed to a breach so it's all kinds of things every time we have a meeting we find new questions to ask about it and sort of new actions even that are happening in our library great thank you you actually I think perfectly set up story at Brooklyn Public Library story you have a position that is thinking about innovation within the library you also have a sort of bird's-eye view of some of the strategic visioning within the institution and this idea that if you don't collect the data you can't request it must be a part of how you are thinking about some of the challenges and the tensions between trying to serve the library community and take advantage of some of these new tools and services that can help us better serve patrons but also being mindful and I think thinking about how to fulfill the value of the professional ethic of privacy that's so pervasive in the profession yeah thanks so I came to the library a little over a year ago and I came from the civic innovation, civic tech side of the world I was in Philadelphia really advocating for the opening of data from lots of sources so coming to the library one of the first things I read was something about a core value and I will read this where it says only record personally identifiable information when necessary for the efficient operation of the library and one of my mandates when I came in from my boss was to figure out how we use data in better ways and so I think one of the interesting challenges that we are all wrestling with is what is the business case for keeping the data that we have and what does it mean to efficiently operate a library in 2017 I think we have all these different types of communities, all these different types of patrons some individuals for whom it is incredibly important we are their first entree into the world of technology we have other individuals so we all talk about providing Amazon type services and being able to recommend and really personalize the work and the experience of engaging with the library and there is a lot of tension there and this is something that the library has been wrestling with long before I got there my colleague Melissa Morone worked with CETA in developing the state of privacy project and for us I think one of the things that is incredibly important is figuring out how we ultimately communicate with our patrons and educate them on how important privacy issues are and understanding how to navigate the digital world and for us there is a lot of staff training that needs to go into that a value that really underpins a lot of the work that we are doing strategically and so for a lot of the work that Melissa has been leading, making sure that we are effectively positioned to serve as technology translators for our patrons is a really really critical concept we are not going to be the people who are developing the technology again we are working with all of these third party vendors but we need to understand how to communicate where your information is what is going on in the world what is safe, what is not safe and we have started like Bill was talking about and as Jamie was talking about doing this kind of data audit and data inventory and if we are going to trying to efficiently or effectively communicate to patrons in engaging ways about your privacy policy or data usage is not necessarily the sexiest thing in the world for people to talk about at this ball of yarn and it is incredibly complicated and incredibly tangled and I can't wait to follow up with you guys more to make sure that our understanding particularly of these third party vendors is something that we are all on the same page on because I think one of the things that we are going to figure out is that there is a lot that we need to advocate for I think this is one of those areas where particularly right now we have an incredible opportunity to engage a lot of people in thinking about what is your digital footprint you know if there is for me personally a silver lining from November other than the Cubs winning the World Series it is that people are interested in this and there is a wedge that is being driven in and we need to figure out how do we stand there how do we lead so that we can continue to maintain the trust that people have in libraries and how do we lead so that people can start to rebuild their trust in institutions and I think figuring out how we effectively communicate with our patrons how we make sure that our staff are bought in to this so that it is not just something that is coming down centrally for us that it is something that every branch librarian feels like they have a way to own and enter into this conversation that there is always somebody who is staffed and has a perspective on this that they can offer this is a lot of training that is not going to be a one time and done type of initiative and I think that is one of the things that for us as a library system what we are looking at in terms of strategies how do we build that internal capacity to be able to continually go back and innovate and iterate and reevaluate and change our policies I think you know probably 20 years ago you could do a privacy policy and you are good for 8 or 10 years you don't have to relook at that now we need to be looking at this all the time there are always new vendors always new tools that we are going to be engaging with our staff with our patrons and so one of the things that we are really working on is figuring out how do we develop the competencies and the capacity internally to be able to be in a constant state of reevaluation and that is something that is really uncomfortable for large bureaucratic institutions and we are just starting that path but I think this type of work where we have gone in and we have trained staff across the board to make sure that people have the vocabulary and we need to continue to refresh that and I think that is something that we hope to be able to do but I think we have an incredible opportunity right now to make this a topic that really is at the forefront of conversations with our patrons and that we shouldn't what is it don't waste the opportunity presented by a good crisis and I think it is something that we should all be working together to figure out how do we effectively or most effectively address that great thank you and thanks to all of our panelists so I want to open up the floor to questions and the way that I would like to do it is I want to ensure that we get as many questions as possible so I would like to take three questions at a time as you are thinking about your questions I want to pose my own question to the group which is so you have all described sort of internal processes that are being undertaken at the library and you have also alluded to the current climate and I am wondering what lesson do you want to share with the wider ecology of civic institutions that may not have birthed this code of ethics that is interested in protecting privacy of their constituents what one thing do you want to leave them with because I can assure you that the conversations around privacy are happening in these civic institutions but they are happening under different conditions so I am wondering what you can share with those groups I will start so when we reviewed the new privacy policy with our board of directors one of the questions they said was how do we know that you are just not going to turn over information to law enforcement when they come in and this is something in the library world that goes back many years the ALA has had something on the book since 1939 about patron privacy but the story I wanted to tell them that I really didn't have the time to but it is the story about Zoya Horn a librarian at Bucknell University Library in the early 70s and you have alluded to this so this goes back to there was a prisoner down the road from Bucknell by the name of Father Philip Berrigan who was incarcerated was on a work release program and worked in the library long story short the FBI decided that there were allegations against Berrigan that he was foam ending a plot we can't make this stuff up to kidnap Henry Kissinger now more anyway this thing goes to trial and the key witness for the prosecution was the librarian at the Bucknell University Library when the prosecution wanted to testify about what she saw when he came into the library and there was an FBI mole involved in all this too she refused to testify for the prosecution the judge in the case was so angry that he actually had her hand and foot thrown into the county jail she spent three weeks in the county jail until the charges were dropped but it's the first known case of a librarian in this country going to jail to protect the patron's privacy rights and I think that's a great story because it goes to a time before privacy policies were even written or thought of to the degree they are today and it speaks to what I call the DNA of librarians and their desire and their ability to protect patron's privacy we have laws in the books but those are fairly recent this goes back a long ways and I think that's a key thing that I would tell anybody who says what the librarians do beyond what privacy protection they can get from Amazon so one of my one of the things that we found out in this in the process of doing a data audit is when a child checks out a book they have a fine and then they you know you're supposed to get a notice and there were some librarians who said you know the mail goes to the parent we mail it through the USVS but so there were some people who said no I swear that it goes to the parent and that's a violation of their privacy and then other people said no it goes to the child and that should be the correct thing to do once it gets to the home and if the parent opens it that's not our problem but that was one of the things that that really illustrates the need for these privacy issues in the library setting because we need a child to be able to check out any book that they want without fear of a parent finding out what kinds of things that they're reading and the kind of subjects that they're interested in so that was one thing that really stuck out to me doing this process I think one of the things that I've been thinking a lot about is really how do you personalize this conversation and you know you look at things like your credit score and how opaque those processes are that start to define that and I don't think that we as a society do a really good job of communicating like what data we have about people I mean why can't someone when they are logging into their library record see like here's the history of all the information that we have on you at this given time that we should expect that kind of data snapshot from people and I signed up for a mailing list of a company that makes yoga pants and I got an email back that here's all the data that we have about you right now and then I added a couple of other pieces into that and I continued to get updates and like that is an amazing way to build trust in like a brand you know as a startup I think that's brilliant especially in this day and age and I think that we need to think about how do we get other civic institutions to do that to share that data with individuals so that you know what somebody else knows about you and I think trust in these institutions is what our democracy is founded on and if we don't have that that really starts to break down and so again like we have all of these amazing technology tools that we can use and put to good if we so choose Great thank you I see one hand up two and three so right here and if you could kindly phrase your pose a question and also try and keep it short so that I can take notes and relay that back to everybody My question is when you speak about library staff being able to talk about these issues to patrons are they talking about issues of patrons at the library or are they also discussing patrons and their own privacy like does the conversation blend between what is your privacy when you're at home and what is your privacy when you're in the library or is it two different conversations Great Down in front here Hi I am confused by at one hand hearing that it is important to educate patrons about privacy protections but I do not understand what the library's real perspective is because nobody is talking about you say you have a great deal of data but nobody is explaining what your policies are on why you need this data how long you keep this data I was just looking at the New York privacy policy and while it's very general it seemed to me that it doesn't give you very much information on how to delete data and subscribe it says that you share this data with your fundraising arms and also with other third party nonprofits so I don't understand exactly what the various libraries policy is on accumulation of data One second Can we just get one more question in the back there Good evening great panel tonight I actually did another place to come here for those patrons that are for whatever reason hesitant to provide data to obtain a library card what is your education process current education process for those patrons Great thank you so we have three questions the first that's curious about the education process of staff gets them if their staff are talking about patrons or if they're talking or learning about privacy for themselves in the home for example as consumers the second question is focused on confusion about library privacy policies and the extent to which these policies explain why certain data are collected and how they're being used and how you might delete your data in a library context and a third question that addresses those individuals those communities that might be scared or anxious about obtaining a library card and the data that you give in that context and what libraries are doing in relation to that so I'll let you sort of pick and choose I can jump in on the first one and it's both it's not just your privacy in the library there are a lot of tools and resources that are shared that recommend good policies when you're back at home or outside the four walls of the library I think these three questions actually all relate to each other one of the things that not just me but our entire working group is kind of struggling with is this idea of third party vendors and the kind of data that they are gathering on our customers and we can say that you can opt in or you can opt out but opting out means that you don't get that service and is that really at the call from a library standpoint a public library standpoint so that's really something that we're struggling with and I agree that we should be way more detailed in our privacy policy and with everything basically during the working group I've put together kind of a best practices sort of book really borrowing from the privacy policies of libraries all over the country really and I've seen some that there's a kind of a legalese privacy policy and then there's sort of an FAQ on the privacy policy that's a little more easier to understand especially for people who aren't lawyers or don't have a graduate education so that's something that we're really working on the idea of the data audit is to go back and revise our privacy policy and incorporate some of those ideas into what we're doing so I'll just talk about the education aspect so I look at it in two aspects the public aspect and today New York Public Library has what we call tech connect classes one of them is teaching people about good privacy practices and they're online but Josh was part of a convening or convention that we had at NYPL back in September where about 100 people from various nonprofits, Ford Foundation, Mozilla across the board city was there and we just talked about how we empower people with this new technology I mean if you think of you know old fashion research as sort of the Volkswagen now you've given people this Ferrari that gets them anywhere in the world instantly with powerful search tools how do you train people to use that responsibly so that they don't get hurt and so that's one aspect that we want to work more on as far as internal staff training this was interesting when we rolled out the privacy policy this was November of last year we wanted to make sure our staff all 2,500 staff members knew that this was happening and knew what it contained so we had online required training for all 2,500 staff members about 5 or 10 minute training and they had to take it to know what the policy was about so that if somebody came up to the CERC desk and asked they could explain it to them and so that's you know it's an ongoing effort but that's those are the two sort of directions we handle it I'll just add really quickly before people go through the trainings it's really interesting that the level of knowledge about different privacy issues and the way that data flow on the internet that knowledge is about as average as the average consumer which is to say it's not great for example people don't necessarily know what the function of privacy policies are or is and that I think tells a powerful story which is as library professionals there's a really great opportunity to learn these issues for oneself and through learning for oneself one is able to then share with the wider community and I think that's really powerful I was just going to add I have a friend who he hates the term privacy policy and spends a lot of his time thinking about this we need to call them data usage policies maybe people would actually start to read them if they recognize that this was about how your data and how your information is being used I guess I would throw in that we work with the Berkman Center at Harvard when we revised our policy and they deal primarily with internet information privacy and their suggestion was just talk about the online stuff and forget about everything else in your privacy policies and we can't do that we have a half a million transactions a year that are on these carbon copy paper slips and we have to we have to address that so like I said before we're caught in this world where we have everything and I always say to people think of it in terms of the digital the analog certainly but always there's always the third element which is the way a horn had in her head the knowledge that you have of what people are doing that's also and I didn't want to miss this ladies question about you know what information do we keep and how long and for what purpose so yes it is available for a subpoena for anybody to use to data mine so why are we keeping all this information so first of all this was a question actually what information are we keeping so raw statistic 23 million borrowing transactions go through our ILS system every year 23 million of those the only ones that remain are people who have outstanding finds if you borrow a book and you return it and I think this works for most libraries that information is deleted from the system and that is where the majority of our transactions stand I'll give you an example with the paper call slips this is an interesting one because we did a data inventory like all these guys did and we discovered all kinds of interesting things and I'll tell you about San Francisco in a minute but one of the things we discovered was we kept these paper call slips in only certain instances but there was a reason there was a guy named E Forbes Smiley if any of you remember him famous map stealer he came into many libraries he stole maps we kept them out of the books and we found ourselves in the middle of an FBI investigation which we had to cough up these call slips showing that yes we were perloined and we had lost valuable material so ACRL part of the American Library Association says research libraries have a duty for their own protection to keep certain information borrowing but let's talk about third party vendors that's the one that is the bet nois I think of every library so you go to our site and you can go to Gale Research or EBSCO or use all kinds of third party databases but the minute you leave our domain and you go and use those ancestry.com as a common one you are going to be sharing information with those entities that we don't have any control over but as much as we can we want to allow people to opt out of those mailing lists we came in the other day and said I just want to delete all my records from the system I don't want to be a patron anymore we had concerns for whatever reason we will do that to the extent that we are capable but I think everyone up here anybody who is a librarian in the room will know there is no way that you can just across the board delete people's information we do it as much as possible and we state right up front in that privacy policy that we keep it minimally as possible that is our mantra just one more thing I think it's important to note that there are things that you can do in the library without making without a library card or making a transaction on your library card it's something that drives the administration crazy because we like to be able to track those things but you can come in and you can go to a program you can read any book read a newspaper you can just sit down we have a lot of people in our central branch who just sit down and they watch New York one on the TV and you're completely anonymous doing that great thank you other questions okay in the back there up in the front and right here hi so this question may be more to Sita because of your research and partly the policy motivations you all have so in part you're making these policies in the behest of the board for legal reasons for protection but we know there are communities who are challenged and marginalized as it is that use these public locations and services how do they interact with this information you're trying to put forward policies that are long, very wordy and while available and emailed to some people emails maybe not how they interact with the library so how are you trying to deal with how do you communicate the policy to these marginalized communities great up in the front here thank you Bill spoke about the problem of third-party vendors and users doing these implicit agreements with third-party vendors in addition to the explicit agreement with the library I'm just wondering are libraries entering into a conversation not just about allowing users to opt out of these vendors but actually replacing the functionality of those vendors themselves like build an internal ticketing portal versus having to rely on an event pride for example just wondering if libraries have a conversation about that hello just a quick plug I'm a government information librarian I'm the outreach chick for Godor which is any librarian that's here please come and talk to me afterwards because I really have a bunch of questions I need you I need everybody my question is this people when they talk about this is having issues people when they talk about privacy think about anonymity and we talk about the right not to be counted not to be included but I'm very concerned with the right to be counted a lot of times when we delete the information no one gets a chance to be included you have to you know it and it's kind of a privilege that way and I think that let me I wrote this down I'm sorry I'm nervous because you're so great and I think that people don't understand that that we need to keep track of the questions we need to keep track of the books that people are taking out so you know they can be included how do we deal with that not only in the library but outside how do we know that if folks aren't being tracked then we don't know what to do or what to have or you know what's an important issue great so we have a question about how do we serve how do we translate privacy policies for example for members of historically marginalized communities that don't necessarily have the same resources to grapple with those kinds of documents second question on whether we're building technologies in-house at libraries and a third that discusses the right to be included in the importance of counting people and of having the data trail I'll jump in starting with the last one and I think that's one of the things that our team is particularly interested in is how do we understand the patterns of patron behavior how do we understand how do we staff a branch based on when we know it's going to be busy or how do we manage our circulation more effectively in our collection and so we're doing a lot of work looking at how do we aggregate this data so we can be sure to de-identify any of the personal information that we definitely do not want to have we don't want to get subpoenaed and have to testify so we're working as hard as we can to make sure that we are getting rid of this information but we're also doing a lot of work mapping out how do we potentially triangulate a patron's behavior and ever connect an item with a patron based on we know when people are coming like what day of the week is something that we thought we could collect and now it turns out we can't we need to cut that off because it was possible for us in a month when a branch happens to be closed under these rare circumstances that we might be able to connect that information we want to use data to go beyond just reporting and really to help decision making at all levels of the institution but we are a library first and so we will always default to we're going to get rid of it and there are going to be a lot of questions that oh we wish we'd kept that information for the last two or five years but we can start aggregating some of that from here moving forward and so part of this is just the business that we're in and recognizing that we're always going to be kind of reacting to what are the questions that are coming up on any given day but that we have a job and that is to make sure that we are protecting the patron's privacy sort of at any cost we can. There is, we do have a set sort of population that it does expect this kind of Amazon tracking recommendation kind of you should be counting what I'm doing to sort of anticipate my needs within the library system and so we are trying to balance that with this idea that we really do need to you know put privacy at the very top but also service the people that really want that kind of recommendation sort of service one of the more fascinating ALA sessions that I went to I think it was about a year ago maybe two years ago I believe there are people in Multnomah County who are they did some sort of tracking and then they did I'm not a tech person so I'm not sure that I can really explain this but there was this idea that there was a hashing algorithm to sort of translate their bar code on their library card to become this a different kind of identifier basically so you don't have this their name or their address or anything but you can still keep track of them and so they had this pilot project where they were tracking I think it was only circulation so it was basically what books and then can we recommend it based on your past history so that was really interesting to me and I would like to be able to do that first of all and then one of my one of the things that I really want to do is be able to track the people who are going to programs and really understand does that correspond to the materials that they're checking out does it increase the number of materials checking out? We know anecdotally that it does but we just don't have that data there so there's this balance between keeping things anonymous but also understanding that there's a population that wants that kind of handheld service I guess so data is the lifeblood of every library I think without exception so all three of us participate in something called the Mayor's Management Report that 23 million number that I gave you a little while ago comes straight out of that report it's publicly available but everything we do is measured in terms of volume and that volume translates into dollars pure and simple and every library in this country I was just at ALA at the midwinter convention and there was a big discussion about the political environment so we have to be careful whose feet we tread on because they control the purse strings to our libraries so the same thing with, we have a very good relationship with the city of New York but at the end of the day they control 40 million dollars of what we do or don't get so in order to justify our programs not just the basic library things but all of our after school time anything where numbers can be counted it's important so we try to do it anonymously of course but there's always the desire to let's talk to the people who are in that program, let's do an interview let's find out a little more most of you are probably familiar with the hotspot program libraries are lending out these portable internet connectivity devices there's a great deal of interest in knowing how people are using them whether they're useful it's just a constant demand for that data we have an entire department at NYPL that does nothing other than data analytics so it's it's a necessary beast but that's only one of the questions do you want me to answer the others we may not have time I think that we're running out of time unfortunately we have another event that is taking place in this space directly afterwards so I want to give us a wiggle room to allow for people to mingle and ask our panelists additional questions I just want to really quickly address the first question since I was named in that I think it's really exciting to think about the social space that libraries provide for members of historically marginalized communities and in that social space there's a lot of ways in which on the front lines library professionals technology resource specialists are using everyday language to talk about complex issues and so in the transaction at the library desk a question comes up or as somebody is getting help in front of a public computer there's a real anxiety and concern and library professionals can triage they can translate they can speak everyday language and I think that's a really important starting point and a very instructive model for how we continue to talk about these issues around data protection around privacy around safety because that is often what members of historically marginalized communities are thinking of so unfortunately I have to bring this conversation to a close I do want to just mention really quickly the website for our project that was referred to earlier it's dataprivacyproject.org and on that website you can find curriculum material as well as some of the history around libraries and privacy and technology as well as all sorts of other good information so I really hope that you go to that site and visit it and please join me in thanking our panelists for tonight's discussion