Professional Documents
Culture Documents
.
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of
content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms
of scholarship. For more information about JSTOR, please contact support@jstor.org.
The University of Chicago Press is collaborating with JSTOR to digitize, preserve and extend access to The
Library Quarterly.
http://www.jstor.org
This article reports ndings from a new survey measuring librarians views on privacy rights and
protecting library users privacy. The study, which builds on a 2008 American Library Association survey assessing librarians attitudes about privacy, provides important data that will help
privacy advocates evaluate the state of privacy in the United States and libraries role in protecting library users privacy. Overall, the results indicate a high level of concern among respondents
over information privacy and a desire to control access and use of personal information, but they
also reect some shifts in privacy attitudes compared to the 2008 study. Implications are discussed for future advocacy and outreach by the American Library Association and related advocacy and educational groups.
raditionally, the context of the library brings with it specic norms of information
ow regarding patron activity, including a professional commitment to patron privacy Foerstel 1991; Gorman 2000; American Library Association 2006a; Morgan
2006. In the library setting, a patrons intellectual activities are protected by decades of
established norms and practices intended to preserve patron privacy and condentiality,
most stemming from the American Library Associations Library Bill of Rights and related
interpretations American Library Association 2002, 2006b. As a matter of professional ethics,
most libraries protect patron privacy by engaging in limited tracking of user activities, instituting short-term data retention policies, and generally enabling the anonymous browsing of
materials. These are the existing privacy norms within the library context, and they are the
cornerstone of what makes up the librarian ethics.
However, these norms are being increasingly challenged from numerous fronts. For example, law enforcement and government agencies have historically pressured libraries to
turn over data on patron activities McFadden 1987; Kennedy 1989; Foerstel 1991; Doyle 2003;
Foerstel 2004, and provisions of the USA PATRIOT Act have sparked new concerns about law
This research was made possible by a generous grant from the American Library Associations Ofce of Intellectual
Freedom and the Open Society Foundations, with special thanks to Barbara Jones and Deborah Caldwell-Stone for their
support of this project. Research assistance was provided by Adriana McCleer and Jeremy Mauger, and I would especially
like to thank Mark Schroeder for his valuable assistance.
Library Quarterly: Information, Community, Policy, vol. 84, no. 2, pp. 123151. 2014 by The University of Chicago. All rights reserved.
0024-2519/2014/8402-0001$10.00
123
124
enforcements ability to secretly request library patron records Matz 2008; Reid 2009. In one
notable case, the Federal Bureau of Investigation issued a National Security Letter to request
all information associated with a Connecticut librarys public computer and imposed a gag order
on the recipients preventing them from informing anyone of receiving the letter Goldberg
2005; Jones 2009.
Additionally, new so-called Library 2.0 tools and services promise to improve the delivery
of library services and enhance patron activities, yet these require the tracking, collecting,
and retaining of data about patron activities Casey and Savastinuk 2006; Litwin 2006; Zimmer 2013, and given the dominance of social mediawhere individuals increasingly share
personal information on platforms with porous and shifting boundarieslibrarians and
other information professions are confronted with possible shifts in the social norms about
privacy.1
Despite these challenges, patron privacy remains the centerpiece of librarian ethics. The
ALAs Library Bill of Rights American Library Association 2006b begins with the premise that
everyone is entitled to freedom of access, freedom to read texts and view images, and freedom
of thought and expression, and the ALA has repeatedly conrmed the importance of patron
privacy as a necessary ingredient in preserving intellectual freedom American Library Association 2002, 2012a. The American Library Associations Ofce for Intellectual Freedom has been
defending privacy rights for nearly forty years, and it has been closely studying privacy concerns
unique to the digital age.
In 2008, the Ofce for Intellectual Freedom surveyed over 1,100 librarians and allied library
professionals to better understand librarians role in and attitudes toward protecting patron
privacy in the face of the challenges noted above American Library Association Ofce for
Intellectual Freedom 2008. This internal research revealed strong opinions about the importance of information privacy and overwhelmingly indicated that librarians consider privacy a critical issue within the profession and society at large. For example:
80 percent of respondents say librarians are doing all they can to prevent
unauthorized access to the personal information and circulation records of patrons;
96 percent of the survey respondents agree that people should have more control
over their personal information;
125
such as Choose Privacy Week, a campaign providing libraries with tools to educate and
engage patrons about their privacy, including promotional materials, study guides, videos,
and programming ideas.2 In light of the original study, the ALA Ofce for Intellectual Freedom recognized the importance of engaging with the academic community to administer
a more robust and methodologically rigorous study to provide greater insights and better
tools for addressing the issue of library privacy and government surveillance. In 2011, the Ofce
for Intellectual Freedom commissioned a new survey, the ndings of which are reported in this
article. The results provide important data and benchmarks that will help the ALA evaluate
the attitudes of librarians regarding information and Internet privacy and guide the development of future initiatives aimed at engaging librarians in public education and advocacy to
advance privacy rights.
126
does not subject her to reprisals or punishment can the individual enjoy fully the freedom
to explore her ideas, weigh arguments, and decide for herself what she believes.3
Such assurances to protect patron privacy and intellectual freedom are continually challenged, most commonly through government attempts to gain access to patron records
McFadden 1987; Kennedy 1989; Foerstel 1991, 2004; Doyle 2003. Growing challenges to intellectual freedom and privacy prompted the ALA to reafrm its commitment to protecting these values, culminating in new policy statements on Condentiality of Personally Identiable Information about Library Users American Library Association 2012a and Privacy:
An Interpretation of the Library Bill of Rights American Library Association 2002.
Along with the ALAs formal responses to new threats, individual librarians and libraries often take their own actions to protect patron privacy and condentiality, including destroying records of what patrons had borrowed, scrapping plans to use new computer technology to prole the reading habits of patrons and inform them when works they enjoy are
published, destroying Internet access logs on a daily basis, posting warning signs, and offering
patron education on privacy issues Murphy 2003; Sanchez 2003.
To summarize, librarians have a rich history of protecting patron privacy, and they have
fought to ensure that the democratic ideal of intellectual freedom survives such challenges
to the privacy and condentiality of patrons information-seeking activities. Protecting these
freedoms is necessary to ensure free and unfettered access to information, the cornerstone
of the ALAs Code of Ethics and the librarian ethics it promotes.
Related Work
During the past few decades, the issue of information privacy has drawn considerable attention among researchers from a range of disciplines, including law, policy, consumer behavior, economics, and sociology, with much of the focus on measuring privacy attitudes and
preferences among the public. Between 1978 and 2004, Alan Westin conducted over thirty
privacy-related surveys, covering general privacy, consumer privacy, medical privacy, and
other privacy-related areas, culminating in his creation of numerous privacy indexes.4 With
the emergence of the Internet as a dominant tool for communication, information-seeking,
and commerce, increased attention was placed on the privacy attitudes of online users. One
of the rst attempts to understand the nature of online privacy concerns was a 1999 study by
Lorrie Cranor and her colleagues at AT&T Labs Cranor, Reagle, and Ackerman 1999, which
reported a high level of concern about privacy in general and particularly on the Internet.
Numerous important empirical studies on privacy attitudes and opinions of Internet users
have followed, ranging from studies that attempt to update Cranor et al.s original investigations and frameworks Malhotra, Kim, and Agarwal 2004; Tsai et al. 2006; Buchanan et al.
3. See, broadly, American Library Association 2012b.
4. For a summary of Westins work, see Kumaraguru and Cranor 2005.
127
2007, studies exploring economic and psychological aspects of information sharing in social
networking environments Gross and Acquisti 2005; Acquisiti and Gross 2006, and investigations of any generational differences in privacy attitudes and behaviors online Hoofnagle et al. 2010, just to identify a few.
Despite the importance placed on patron privacy within the librarian ethics, there has
been little study of the privacy attitudes and practices of librarians and information professionals themselves. Related empirical research has ranged from surveys on how library responses to the September 11, 2001, terrorist attacks implicate patron privacy Estabrook 2002
to the tracking of laws and court cases related to protecting the condentiality of library
records Kennedy 1989; Carson 2001. Other than the ALAs 2008 survey, no signicant research surveying privacy-related opinions and attitudes of librarians and information professionals has been published.
Method
Participants
The target population of this study was dened as librarians and related information professionals currently practicing within the United States, including those in public, academic,
school, and special libraries. A nonprobability self-selective sampling method was used to
recruit participants: notice of the survey was posted on web and social media platforms by
the author and the ALA Ofce for Intellectual Freedom; promoted by the ALA through an
online press release; published in American Libraries, the ALAs agship magazine, with circulation of 65,000; and communicated on various e-mail lists for librarians and related information professionals. State library associations were also asked to promote the survey to
their membership through e-mail, social media, or related communication channels.
This purposive sampling method generated 1,866 unique survey submissions, with 1,214
surveys completed to the end. Respondents were not required to answer all of the questions.
Half the respondents worked in public libraries, with 36 percent in academic library settings.
Over 50 percent had the title librarian, while one-fourth were library administrators. The
vast majority of respondents were between the ages of twenty-ve and sixty-four. One-third
of the respondents were from the Northeast of the United States. The overall demographic
breakdowns of respondents are available in table 1 library type, table 2 job title/description,
table 3 age, table 4 education, and table 5 geographic region.
Materials
The study comprised a descriptive survey with forty-four questions divided into four parts.
Part 1, titled General Privacy Attitudes 1, generally mirrored the questions asked in the 2008
ALA study, measuring privacy attitudes of respondents related to concerns over commercial
and governmental privacy threats, online privacy, and the role of libraries. Respondents
431
606
58
52
54
6
36
50
5
4
4
0
1,207
100
Academic
Public
School
Special
Other
Not currently employed
Total
688
90
3
21
2
305
63
4
3
30
57
7
0
2
0
25
5
0
0
2
1,209
100
Librarian
Library paraprofessional or library worker
Student worker or intern
Student in a graduate library science program
Library volunteer
Library administrator management
Library administrator staff level
Library trustee or board member
Library patron
Other
Total
0
14
270
220
285
348
53
0
1
23
18
24
29
4
1,190
100
129
12
24
26
111
998
44
1
2
2
9
82
4
1,205
100
391
251
269
244
17
33
21
23
21
1
1,172
100
were provided with a ve-point ordinal scale of strongly disagree, disagree, neither agree
nor disagree, agree, and strongly agree to indicate their response.
Part 2, Library Practices, also built upon the 2008 study, requesting information about
privacy-related practices at the respondents home library, such as patron record retention
policies, use and communication of privacy policies, and frequency of law enforcement requests for patron records. This part comprised nominal questions e.g., yes/no to collect
information from the respondents.
The third part of the survey, titled General Privacy Attitudes 2, sought additional information about respondents general privacy attitudes. This section utilized ve-point ordinal scales as well as nominal questions, and it was developed from established privacy-related
question sets developed by Tom Buchanan et al. 2007, as well as questions asked by Chris
Hoofnagle and his colleagues 2010 when studying the privacy attitudes of American adults.
The fourth section collected demographic data from the respondents.
Procedure
The survey was administered online via the Qualtrics software platform, provided through
the University of WisconsinMilwaukee UWM. The UWM Institutional Review Board ap-
130
proved the survey and consent materials; no personally identiable information was collected. The survey was available online from December 1, 2011, until March 31, 2012, at http://
tinyurl.com/ALAprivacysurvey. Upon accessing the link, respondents were required to agree
to the online consent form before they were able to access the survey instrument. The survey
was self-paced, allowing respondents to leave and return to where they left off at any time
while the survey was active. Respondents were not required to answer all of the questions.
Limitations
A nonprobability purposive sampling method was used to quickly and efciently target active
librarians and information professionals. Because random sampling was not utilized, the results presented are not necessarily statistically generalizable to the entire population of library
professionals. Notwithstanding this limitation, purposive sampling can provide informationrich responses to help learn a great deal about issues of central importance to the target
population Patton 2002. Thus, the choice of purposive sampling is appropriate to provide
rich benchmark data that will help the ALA build on its internal 2008 study and evaluate
the attitudes of librarians regarding information and Internet privacy, with the goal of guiding the development of future initiatives aimed at engaging librarians in public education
and advocacy to advance privacy rights. Future research, discussed below, can address this
limitation.
Results
In order to ascertain the current attitudes of librarian and information professionals regarding both information and online privacy concerns, descriptive statistics were calculated and
a series of chi-square and ANOVA analyses were conducted to determine whether or not
response patterns differed according to salient demographic variables: age, education level,
type of library, and geographic location. Results are presented in the following sections. They
are organized according to the structure of the survey.
131
only 70 percent are similarly concerned about government data collection practices. Over 95 percent of respondents feel that government agencies and businesses should not share personal
information with third parties without authorization and that when personal information is
provided to a company for a specic purpose, it should not be used for anything other than
that stated purpose. And over 80 percent feel that Congress should do more to protect personal information from unauthorized disclosure.
Regarding library-specic issues, 97 percent of respondents agree or strongly agree that
libraries should never share personal information and circulation or Internet records without authorization or a court order. Over three-quarters of respondents feel that libraries are
doing all they can do to prevent unauthorized access to patrons personal information and
circulation records, and over three-quarters of respondents feel that libraries should play a
role in educating the general public about issues of personal privacy and risks resulting from
using the Internet.
Comparison to 2008
The rst part of the 2012 study repeated the questions from the 2008 survey, providing a
rudimentary comparison of attitudes between the two time periods.5 Overall, attitudes and
responses in 2012 aligned with those from 2008, with some notable differences. In both surveys, the vast majority 95 percent in 2008, 90 percent in 2012 of respondents expressed
concern that companies are collecting too much personal information about me and other
individuals. However those who strongly agree dropped from 70 percent in 2008 to only
54 percent in 2012, indicating a possible dampening in the level of concern over time. Similarly, the number of those who strongly agree with the statement expressing concern that
the government is collecting too much personal information about me and other individuals dropped from 61 percent to 33 percent, with 22 percent of respondents opting for the
neither agree nor disagree option.
When considering the statement Libraries should play a role in educating the general
public about issues of personal privacy, 92 percent of respondents in 2008 either agreed or
strongly agreed, while only 77 percent in 2012 held the same view. Of the 2012 respondents,
18 percent took a neutral neither agree nor disagree position. Similarly, the percentage of respondents who agreed or strongly agreed with the statement Congress should adopt more
laws that protect personal information from unauthorized disclosure dropped from 96 percent in 2008 to 82 percent in 2012, with 15 percent taking a neutral position.
In 2012, 37 percent of respondents were neutral to the statement Im concerned that
search engines are sharing my personal information and search records with the government.
5. The 2008 survey only had a four-item response scale: strongly disagree, disagree, agree, and strongly agree.
The 2012 survey, by comparison, included a fth neutral option, neither agree nor disagree, allowing for greater
renement of opinions expressed in the later survey.
Question
1. Individuals should be able to control
who sees their personal information:
2008
2012
2. Im concerned that companies are
collecting too much personal information
about me and other individuals:
2008
2012
3. Im concerned that the government is
collecting too much personal information
about me and other individuals:
2008
2012
4. Government agencies should not share
personal information with third parties
unless it has been authorized by the
individual or a court of law:
2008
2012
5. Librarians are doing all they can to prevent
unauthorized access to individuals
personal information and circulation
records:
2008
2012
6. When people give personal information to a
company for a specific purpose, the company should only use the information for
that purpose:
2008
2012
7. I dont mind if the government knows what
Ive been reading:
2008
2012
8. Businesses should not share personal
information with third parties unless they
first obtain specific permission of the
individual:
2008
2012
9. I dont mind if people can view my personal
information on the Internet. I have nothing
to hide:
2008
2012
Neither
Agree nor
Strongly
Disagree Disagree Agree Agree
%
%
%
%
3
3
1
0
22
23
74
72
2
1
3
2
25
36
70
54
2
1
8
6
22
29
37
61
33
2
0
1
1
14
21
82
76
2
1
17
10
13
57
53
24
22
2
0
0
1
11
23
87
74
57
55
28
25
10
12
9
3
2
0
0
0
0
0
20
0
78
63
52
30
34
6
4
1
1
132
Table 6. (Continued )
Strongly
Disagree
%
Question
10. Libraries should never share personal
information, circulation records, or
Internet use records with third parties
unless it has been authorized by the
individual or by a court of law:
2008
2012
11. Companies and government agencies
that collect personal information should
take more steps to prevent unauthorized
access to individuals personal
information:
2008
2012
12. Librarians should play a role in educating
the general public on the potential privacy
rights risks resulting from using the Internet:
2008
2012
13. Libraries should play a role in educating
the general public about issues of
personal privacy:
2008
2012
14. Congress should adopt more laws that
protect personal information from
unauthorized disclosure:
2008
2012
15. Search engines such as Google, Yahoo,
and Bing should prominently display
policies on how a users information
is treated:
2008
2012
16. Im concerned that search engines are
sharing my personal information and
search records with the government:
2008
2012
17. I self-censor my search and reading
habits out of fear that my records could
be misunderstood:
2008
2012
Neither
Agree nor
Strongly
Disagree Disagree Agree Agree
%
%
%
%
1
1
3
1
18
18
78
79
1
0
0
0
14
25
84
71
1
1
5
5
15
45
48
49
31
1
1
7
4
18
49
45
43
32
1
1
4
3
15
31
38
65
44
0
1
2
2
37
42
61
50
1
1
4
3
15
31
38
65
44
24
26
52
40
19
19
12
6
3
Note.The 2008 survey did not have a neither agree nor disagree option.
133
134
This large neutral position came from both a reduction in those who disagreed from 30 percent in 2008 to 20 percent in 2008 and a reduction in those who agreed or strongly agreed
68 percent in 2008 down to 41 percent in 2012.
Demographic Variables and Response Patterns
The rst seventeen questions in this section used the ve-point Likert scale, and linear
regression and ANOVA analyses were run to determine whether or not there were signicant
differences in ratings by respondent age, education level, type of library, and geographic
location. Analyses indicated that there were no signicant differences in ratings based on
the respondents education level or the type of library the respondent worked in but that
there were some differences in mean ratings based on age and geographic region:
Age: ANOVA results indicated that there were signicant differences in mean
ratings for six of the seventeen questions based on age groupings, and follow-up
tests using Holms sequential Bonferroni adjustment indicate that differences
lie between respondents in the 5564 age group and those in the 2534 and
3544 age groups. Means, p -values, and indicators of heterogeneous groups
are presented in table 7. Due to space restrictions, F-values and other descriptive
statistics are not presented, but these are available upon request. An overall
examination of age group means suggests an increase in concern as respondent
age increases, and linear regressions of responses on age indicate that this
pattern is generally true statistically, but this holds little practical signicance as
age only accounted for between 0 percent and 2 percent of variation in scores
across all questions.
Library Practices
Overall Results
Part 2 of the survey requested information about privacy-related practices at the respondents home library, such as patron record retention policies, use and communication of privacy
135
5564
E
651
F
Question
2. Im concerned that companies are
collecting too much personal
information about me and other
individuals.***
4. Government agencies should not share
personal information with third parties
unless it has been authorized by the
individual or a court of law.**
9. I dont mind if people can view my
personal information on the Internet.
I have nothing to hide.**
15. Search engines, such as Google, Yahoo,
and Bing, should prominently display
policies on how a users information is
treated.**
16. Im concerned that search engines are
sharing my personal information and
search records with the government.**
17. I self-censor my search and reading
habits out of fear that my records
could be misunderstood.***
2534
B
3544
C
4554
D
3.95
4.00B
4.06B
4.02
4.09
3.43
3.76D,
3.93
3.72E
3.77
3.87
3.99B
1.50
1.77E
1.81E
1.65
1.56B,
4.57
4.26E
4.37
4.43
4.47B
4.50
2.79
3.17E
3.24
3.34
3.45B
3.25
1.79
2.08E
2.24
2.27
2.42E
2.43
1.67
policies, and frequency of law enforcement requests for patron records. Results are reported
in tables 912, and they reveal how libraries are currently addressing issues of patron privacy.
While 69 percent of respondents indicate that their library has established practices or
procedures for dealing with government requests for patron information, only 51 percent
indicate that staff training is performed to handle such requests. Nearly 30 percent of respondents indicate that their library collects and retains less patron data than before in
response to concerns about antiterrorism laws and possible records requests from law enforcement agencies; 40 percent indicate that their library made no changes to data collection or retention policies. Half of all respondents indicated that there were no known instances when law enforcement served the library with a request for patron data, while
36 percent were unsure. Instances totaling fewer than ten in the past ve years were reported by 14 percent of respondents.
Nearly a third of respondents indicate knowledge of patrons making inquires to library
staff regarding privacy-related issues, with 36 percent stating that patrons have not made
Table 8. General Privacy Attitudes 1 Questions That Differed According to Geographic Region
Northeast Midwest
A
B
Question
7. I dont mind if the government knows what Ive
been reading.***
8. Businesses should not share personal information
with third parties unless they first obtain specific
permission of the individual.**
10. Libraries should never share personal information,
circulation records, or Internet use records with
third parties unless it has been authorized by the
individual or a court of law.*
11. Companies and government agencies that collect
personal information should take more steps to
prevent unauthorized access to individuals
personal information.*
1.68C
1.73C
4.79C
4.82C,
4.77C
4.74C
South
C
West
D
2.00A,
B, D
1.69C
4.69A,
4.72B
4.77C
4.62A,
B, D
4.77C
4.66
4.59A
4.66
Table 9. Library Practices Overall Results Questions 18, 19, 21, 22, 26, 27, and 20
Question
18. Does your library have any established practices or
procedures for dealing with requests for information from
patron records by law enforcement or other government
officials?
19. Does your library train staff on how to handle requests
for information from patron records made by law enforcement or other government officials?
21. Have patrons made inquiries to library staff regarding privacy
of patron records, or any other surveillance issue?
22. Does your library communicate privacy policies to patrons?
26. In the past 5 years, have you participated in any information
sessions, lectures, seminars, or other
events related to privacy and surveillance?
27. In the past 5 years, has your library/organization hosted
or organized public information sessions, lectures, seminars, or
other events related to privacy and surveillance?
Yes
No
Dont
Know
881
158
247
652
431
203
400
732
467
334
420
220
686
519
23
160
833
234
Yes
More
Yes
Less
No
Dont
Know
23
375
513
373
Circulation/Borrowing
Data
Computer/Internet
Usage
260
94
353
57
161
47
34
273
70
327
22
155
50
45
187
139
332
236
125
59
43
Books
Online
Databases
Government
Documents
Internet
Access
16
984
219
10
984
223
9
969
241
28
933
255
59
923
235
Number of Responses
609
171
5
2
438
5
50
14
0
0
36
0
138
such inquires, and another one-third stating that they do not know. Only 57 percent indicate
that their library communicates privacy policies to patrons, mostly through written policies
provided when a library account is created and on the librarys website. Less frequently,
privacy policies are displayed in the library itself or near computer terminals.
Over half of the respondents56 percenthave participated in some form of privacyrelated event or information session within the past ve years. And while over 75 percent of
the respondents feel that libraries should play a role in educating the general public about
privacy issues see above section, only 13 percent indicate that their library has hosted or
organized information sessions, lectures, or other public events related to privacy and surveillance in the past ve years.
Only 1 percent of respondents indicate that books, magazines, newspapers, or online databases have been restricted or removed from public accessibility in reaction to antiterrorism
or other law enforcement-related measures. Slightly more of the respondents indicate that
government documents and Internet access have been restricted for similar reasons, 2 percent and 5 percent, respectively.
Fewer than expected respondents in the Northeast indicated that privacy policies
were shared with patrons when a library card was issued note: respondents did not
specically indicate that the privacy policy was not shown; they merely failed to
indicate that they were shared.
Fewer than expected respondents in the South indicated that privacy policies were
provided on the library website.
More than expected respondents in the Midwest indicated that they did not know
if or how privacy policies were shared with patrons.
Similarly, with regard to the display of privacy policies about circulation/borrowing data:
Fewer than expected respondents in the Northeast indicated that these particular
privacy policies were shared with patrons when a library card was issued.
Fewer than expected respondents in the South indicated that these privacy policies
were provided on the library website.
139
x2
15.43***
16.01***
Dont know
8.78*
Circulation/borrowing data:
When the library card was issued
On the librarys website
Internet usage:
When the library card was issued
On the library website
14.47**
13.70**
16.76***
10.56*
Dont know
8.43*
Yes
NR
Yes
NR
Yes
NR
22.8
1.4
2.6
.4
21.5
.3
1.2
2.6
1.8
21.2
2.4
2.5
.4
.2
22.5
1.6
2.1
.0
1.7
2.9
1.3
2.8
2.5
.1
Yes
NR
Yes
NR
22.6
1.4
2.4
.2
1.6
20.8
1.0
2.6
0.1
0.0
22.4
1.4
1.4
20.7
1.8
21.1
Yes
NR
Yes
NR
Yes
NR
23.1
1.3
2.5
2.3
2.3
.1
1.4
2.6
1.7
21.1
2.3
2.5
1.4
2.6
21.9
1.2
21.7
.4
.9
20.4
.8
20.5
2.2
.0
Fewer than expected respondents in the Northeast indicated that these privacy
policies were shared with patrons when a library card was issued.
Fewer than expected respondents in the South indicated that these privacy
policies were provided on the library website.
More than expected respondents in the Midwest indicated that they did not know
if or how privacy policies were shared with patrons.
An analysis of responses to the same question based on the type of library provides
similar insights table 14. Across nearly all combinations of privacy policy and means of
sharing with patrons, more than expected respondents from public libraries indicated that
privacy policies were shared with patrons, while considerably fewer than expected respondents from academic libraries indicated that the same policies were shared with their patrons.
140
Public
x2
Yes
No
Response
Yes
No
Response
98.64***
26.58***
17.63***
12.21***
26.7
23.8
22.7
22.6
5.6
3.2
2.2
2.2
3.6
1.1
1.8
.6
23.1
2.9
21.5
2.5
110.23***
14.77***
11.98***
13.28***
27.0
22.9
22.2
22.6
5.9
2.4
1.9
2.2
3.9
.7
1.4
1.0
23.3
2.6
21.2
2.9
74.01***
34.30***
32.37***
75.87***
26.0
24.2
23.7
25.9
5.1
3.5
3.1
5.0
2.7
1.6
2.4
3.0
22.3
21.3
22.0
22.6
Note.N 5 1,037.
*** p < .001.
141
Question
28. Generally, how concerned are you
about your privacy while using
the Internet?
29. How concerned are you about
family, friends and people whom
you know getting personal information about you and your web
activities?
30. How concerned are you about
businesses and people whom
you do not know getting personal
information about you and your
web activities?
31. How concerned are you about the
government and law enforcement
getting personal information about
you and your web activities?
309
697
193
14
97
381
569
160
592
481
125
11
361
505
292
50
Beneficial
to You
Harmful
to You
Both
Neither
Dont
Know
316
556
244
89
Neither
Concerned
Not at All
Somewhat
nor
Somewhat
Very
Concerned Unconcerned Unconcerned Concerned Concerned
96
159
211
577
169
39
32
587
547
45
41
568
550
41
72
173
453
461
10
61
93
547
495
79
84
197
459
390
110
158
241
460
238
33
98
181
539
357
29
98
156
556
362
33
55
143
453
520
78
108
228
434
359
143
Neither
Concerned
Not at All
Somewhat
nor
Somewhat
Very
Concerned Unconcerned Unconcerned Concerned Concerned
35
63
136
541
433
65
71
178
450
442
75
78
285
436
332
numerous questions table 18. Considering the general question of how concerned respondents are about privacy while using the Internet, respondents aged 2534 and 3544 were,
on average, less concerned than 5564-year-olds. Respondents aged 2534 were, on average,
less concerned than respondents 55 and older when asked about the following scenarios:
that you are asked for too much personal information when you make online purchases,
online identify theft, and who might access your web browsing history from your computer
itself. Related, 3544-year-olds were less likely to agree with the statement Generally speaking, anyone who uploads a photo or video of me to the Internet where I am clearly recognizable should rst get my permission than 5564-year-olds.
Analysis
General Privacy Attitudes
As noted above, the results of the 2012 survey revealed a high level of general concern over
privacy and a desire among respondents to retain control over who has access to their personal information. In terms of outreach and education, the results suggest that the American Library Association and related advocacy groups have been successful in ensuring that
librarians and information professionals are largely aligned with the broader librarian ethics
regarding the protection of patron privacy and intellectual freedom and understand the
Question
34. Have you ever refused to give information to a business or a company
because you thought it was not really
necessary or was too personal?
35. Do you think there should be
a law that gives people the
right to know everything that
a website knows about them,
or do you feel such a law is
not necessary?
36. Do you think there should be a
law that requires websites and advertising companies to delete all
stored information about an individual, or do you feel such a law is not
necessary?
Yes
No
1,088
88
31
787
184
236
NA
817
155
238
NA
Disagree
Neither
Agree nor
Disagree
Agree
119
236
473
Less
Concerned
Same
Dont
Know
22
301
Strongly
Disagree
37. Generally speaking, anyone
who uploads a photo or
video of me to the Internet
where I am clearly recognizable
should first get my permission.
27
More
Concerned
Id
Rather
Not Say
Dont
Know
888
612
98
59
356
Some
You Know You Have
Other
Personal
More About More to
Lose
Experience Reason
Risks
39. Please tell me which one of
the following is the most
important reason you are more
concerned about privacy issues
on the Internet than you were
five years ago.
Strongly
Agree
113
Dont
Know
145
5564
E
651
F
Table 18. General Privacy Attitudes 2 Questions That Differed According to Age
1524
A
Question
General questions:
28. Generally, how concerned are
you about your privacy while
using the Internet?* 14 scale
31. How concerned are you about
the government and law enforcement
getting personal information about
you and your web activities?*
14 scale
35. Generally speaking, anyone who
uploads a photo or video of me to
the Internet where I am clearly
recognizable should first get my
permission.*** 15 scale
33. Level of concern for the following
15 scale:
331. You are asked for too much
personal information when you
make online purchases.***
332. Online identity theft.**
335. People you do not know
obtaining personal information
about you from your online
activities.*
336. Who might access your medical
records electronically.***
337. Who might access your web
browsing history from your
computer itself.***
2534
B
3544 4554
C
D
2.07
1.99E
2.00E
2.05
2.17B,
2.07
1.88E
1.90
1.93
2.08B
4.29
3.63D,
E, F
3.75E
3.87B
3.97B,
3.14
4.21
3.25E,
4.26E
3.42
4.28
3.44
4.32
3.64B
4.46B
3.75B
4.42
4.57
4.12
4.11
4.16
4.30
4.38
3.71
3.50
3.65
3.92
4.05
4.00
2.86
3.16E,
3.45
3.39
3.70B
3.72B
2.06
2.08
3.83B
146
disagree option. This tempering of the level of concern over time might be due to numerous factors: perhaps respondents truly are no longer as concerned with commercial or
government data collection or perhaps there has been some normalization and desensitivity to these practices since 2008. Further, while respondents indicated a lower concern over
commercial and government data collection, overall privacy concerns, as reported in questions 38 and 39, grew from ve years ago, largely due to increased awareness of broader
privacy risks. Privacy advocates should continue to target education and outreach on issues
of commercial and government surveillance at librarian and information professionals
such as the ALAs Ofce for Intellectual Freedoms Choose Privacy Week initiativeto ensure that librarians and information professionals maintain sufcient awareness of both
commercial and government surveillance practices, ensuring that any opinions expressed
whether expressing strong concern or not are properly informed.
If the opinions expressed in the survey indeed reect a dampening of concern among
librarians and information professionals regarding these issues, the ALA and its advocates
must ensure that respect for patron privacy within the context of the library does not diminish. This concern arises given that the percentage of respondents who agreed or strongly
agreed that Libraries should play a role in educating the general public about issues of
personal privacy dropped from 92 percent in 2008 to 77 percent in 2012, with 18 percent
choosing the neutral neither agree nor disagree position. If fewer librarians and information professionals feel that the library has an important role to play in privacy education and awareness, there is danger that the librarys own culture of protecting privacy could
be threatened. Again, the Choose Privacy Week initiative is an appropriate forum to remind
librarians and information professionals of their historical commitment to patron privacy and
to recognize the vital role in libraries for teaching users about issues of privacy and surveillance
broadly.
The results reported in tables 7 and 18 suggest an increase in concern about particular
privacy-related issues as respondent age increases, which appears to reect the popular belief that younger people have less concern about privacy online, or at least on those particular issues expressed within the relevant questions. Reasons for this lower level of concern are
not readily evident in the data but might relate to a relative increased familiarity with online technologies and related tactics to manage ones privacy or perhaps a general lack
of experience or exposure to possible privacy threats these technologies pose, compared to
older respondents who possess more history with the potential harms of commercial and
government surveillance tactics. Despite these possible explanations, library advocates must
ensure that the privacy concerns particular to library settings and the librarys patrons are
sufciently understood even by younger librarians and information professionals. This could
be accomplished through education and outreach targeted to MLIS programs and recent
graduates.
147
148
even in these research settings and that their patrons are made sufciently aware of the relevant privacy policies and practices.
Conclusions
Future Research
Future research can build on this study in various ways. First, another general survey can be
performed in the next three years to continue the longitudinal comparison with the 2008
study and analyze the potential impact of any continuing education and outreach. Any future surveys can also utilize probability sampling to provide more representative and generalizable results, as well as mixed-method approaches to solicit rich responses through targeted interviews or focus groups. Deeper analysis of regional differences in privacy attitudes
can be explored to determine if other environmental factors such as existence of strong state
privacy laws or notable cases of government access to library records, to name two might
impact librarian attitudes.
Further, a more specic audit of privacy practices within libraries could be performed,
moving beyond simply self-reporting of privacy policy placements and related information
gathered in the current study. Such an audit could involve both survey and on-site observation and analysis of activities, including communication on privacy matters with patrons,
actual data logging and retention practices, and even measurement of instances of physical surveillance e.g., of security cameras or RFID scanning. Future research can also
lead more directly to sets of best practices for libraries in terms of addressing patron privacy matters, as well as training materials for both staff and patrons, ensuring proper education and awareness of these vital issues. Finally, this research would be greatly enhanced
with additional cross-cultural components: efforts could be made to collect data specically from libraries that serve particular immigrant or cultural communities or from nonAmerican libraries to determine if they have differing attitudes or practices related to online
privacy.
149
cerns. Further, the ALA should update and expand existing patron privacy-related policy documents to ensure that best practices are being implemented.
References
Acquisti, Alessandro, and Ralph Gross. 2006. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. Proceedings of the 6th Workshop on Privacy Enhancing Technologies
4258:3658.
American Library Association. 2002. Privacy: An Interpretation of the Library Bill of Rights. http://www
.ala.org/Template.cfm?Section5interpretations&Template5/ContentManagement/ContentDisplay
.cfm&ContentID5132904.
American Library Association. 2006a. Intellectual Freedom Manual. 7th ed. Chicago: American Library Association. http://www.loc.gov/catdir/toc/ecip0517/2005022409.html.
American Library Association. 2006b. Library Bill of Rights. https://www.ala.org/ala/issuesadvocacy
/intfreedom/librarybill/index.cfmhttp://www.ala.org/work/freedom/lbr.html.
American Library Association. 2012a. Policy Concerning Condentiality of Personally Identiable Information about Library Users. http://www.ala.org/Template.cfm?Section5otherpolicies&Template
5/ContentManagement/ContentDisplay.cfm&ContentID513087.
American Library Association. 2012b. Privacy and Condentiality. http://www.ala.org/Template.cfm
?Section5issues&Template5/ContentManagement/ContentDisplay.cfm&ContentID525304.
American Library Association Ofce for Intellectual Freedom. 2008. Rallying Americans to Defend Their
Rights in a Digital Age: Librarian Attitudes and Behaviors Regarding Information Privacy. http://www
.privacyrevolution.org/images/uploads/ALA _ Privacy _ Survey _ Findings.pdf.
Buchanan, Tom, Carina Paine, Adam Joinson, and Ulf-Dietrich Reips. 2007. Development of Measures
of Online Privacy Concern and Protection for Use on the Internet. Journal of the American Society for
Information Science and Technology 58 2: 15765.
Carson, Bryan. 2001. Surveying Privacy: Library Privacy Laws in the Southeastern United States. Southeastern Librarian 49 3: 1928.
Casey, Michael, and Laura Savastinuk. 2006. Library 2.0: Service for the Next-Generation Library. Library
Journal 131 14: 4042.
Cranor, Lorrie, Joseph Reagle, and Mark Ackerman. 1999. Beyond Concern: Understanding Net Users
Attitudes about Online Privacy. Technical Report TR 99.4.3, AT&T Labs-Research, Florham Park, NJ.
http://arxiv.org/html/cs/9904010/report.htm.
Doyle, Charles. 2003. Libraries and the USA PATRIOT Act. Congressional Research Service Report for
Congress, February 26.
Estabrook, Leigh S. 2002. The Response of Public Libraries to the Events of September 11, 2001. Illinois
Libraries 84 1: 17.
Foerstel, Herbert N. 1991. Surveillance in the Stacks: The FBIs library Awareness Program. New York: Greenwood.
Foerstel, Herbert N. 2004. Refuge of a Scoundrel: The Patriot Act in Libraries. Westport, CT: Libraries Unlimited.
Goldberg, Beverly. 2005. Connecticut Library Takes on Patriot Act. American Libraries Magazine, August 26.
http://www.americanlibrariesmagazine.org/news/08262005/connecticut-library-takes-patriot-act.
Gorman, Michael. 2000. Our Enduring Values: Librarianship in the 21st Century. Chicago: American Library Association.
150
Gross, Ralph, and Alessandro Acquisti. 2005. Information Revelation and Privacy in Online Social Networks.
In Proceedings from 2005 ACM Workshop on Privacy in the Electronic Society. Alexandria, VA: Association for
Computing Machinery.
Hoofnagle, Chris, Jennifer King, Su Li, and Jospeh Turow. 2010. How Different Are Young Adults from
Older Adults When It Comes to Information Privacy Attitudes and Policies? http://www.techpolicy
.com/TechnologyAcademicsPolicy/media/document-library/Hoofnagle-Turow-Sp10.pdf.
Jones, Barbara. 2009. Librarians Shushed No More: The USA PATRIOT Act, the Connecticut Four,
and Professional Ethics. Newsletter on Intellectual Freedom 58 6. https://members.ala.org/nif/v58n6/03
_ librarians.html.
Kennedy, Bruce. 1989. Condentiality of Library Records: A Survey of Problems, Policies and Laws.
Law Library Journal 81 4: 73367.
Kniffel, Leonard. 2008. Delusions of Privacy. American Libraries 39 8: 4.
Kumaraguru, Ponnurangam, and Lorrie Cranor. 2005. Privacy Indexes: A Survey of Westins Studies.
Technical Report, CMUISRI5138. School of Computer Science, Institute for Software Research International, Carnegie Mellon University.
Litwin, Rory. 2006. The Central Problem of Library 2.0: Privacy. http://libraryjuicepress.com/blog/?p
568.
Malhotra, Naresh, Sung Kim, and James Agarwal. 2004. Internet Users Information Privacy Concerns
IUIPC: The Construct, the Scale, and a Causal Model. Information Systems Research 15 4: 33655.
Matz, Chris. 2008. Libraries and the USA PATRIOT Act: Values in Conict. Journal of Library Administration 47 34: 6987.
McFadden, Robert. 1987. Libraries Are Asked by F.B.I. to Report on Foreign Agents. New York Times,
September 18.
Morgan, Candace. 2006. Intellectual Freedom: An Enduring and All-Embracing Concept. In Intellectual
Freedom Manual. 7th ed. Edited by American Library Association, 313. Chicago: American Library
Association.
Murphy, Dean. 2003. Some Librarians Use Shredder to Show Opposition to New F.B.I. Powers. New York
Times, April 7.
Patton, Michael. 2002. Qualitative Research and Evaluation Methods. London: Sage.
Reid, Michele. 2009. The USA PATRIOT Act and Academic Libraries: An Overview. College and Research
Libraries News 70 11: 64650.
Sanchez, Rene. 2003. Librarians Make Some Noise over Patriot Act. Washington Post, April 10.
Solove, Daniel J. 2008. The Future of Privacy. American Libraries 39 8: 5659.
Tsai, Janice, Lorrie Cranor, Alessandro Acquisti, and Christina Fong. 2006. Whats It to You? A Survey
of Online Privacy Concerns and Risks. Working Paper no. 06-29, NET Institute, October.
Zimmer, Michael. 2013. Patron Privacy in the 2.0 Era: Avoiding the Faustian Bargain of Library 2.0.
Journal of Information Ethics 22 1: 4459.
Michael Zimmer: assistant professor in the School of Information Studies at the University of
WisconsinMilwaukee and director of the Center for Information Policy Research. With a background in new media and Internet studies, the philosophy of technology, and information policy
151
and ethics, Zimmer focuses in his research on the ethical dimensions of new media and information technologies, with particular interest in privacy, social media, Internet research ethics, and
values-in-design. Recent research has focused on the ethical dimensions of the Google Books project, the privacy implications of Library 2.0, and privacy attitudes and practices of librarians and information professionals. E-mail: zimmerm@uwm.edu.