7.1  |  Practices to ensure the security of patron data, including at least clearing online session data from public computers and procedures for handling sensitive information, are included in a patron privacy plan


Ensuring patron privacy is one of the core values of public libraries. Public technology introduces a different kind of challenge to protecting patron privacy than securing circulation records. When patrons are using public computers or wireless networks, they are often entering private information to take advantage of online services like banking, applying for jobs, and engaging in social networking, but sometimes inadvertently leave their private information vulnerable to use by others. For example, patrons might save passwords to public computer browsers or their network setting might not secure them against others accessing their laptop computers remotely. Library settings on public computers and wireless networks can also leave patrons vulnerable to security threats; for example, Internet browsers might be set to auto fill forms; in some cases, patrons are able to make changes to settings on the library's computers that make them and other patrons vulnerable to data breaches. Patron data might also become vulnerable because of viruses or spyware. Library staff might also have access to private information, as when they are providing assistance to patrons while they are applying for benefits. To help protect patron data while they are using public technology, libraries at the minimum need to clear session data in between public computer sessions and reset any changes to settings that may create vulnerabilities. They should also have aggressive anti-virus software scanning the computers in real time. Generally, having session management software that logs off patrons, erases patron data, and resets changes to computer settings before allowing the next patron to log on is the best way to protect patron data while they are using public computers; session management software might also help with other aspects of maintaining public computers and wireless networks such as managing updates to web applications, creating intermediate pages where patrons need to consent to terms of use, and managing printing. and develop clear procedures for handling sensitive patron information which library staff may come in contact.


FOR THE ASSESSMENT
Answer Yes if you have a patron privacy plan that includes procedures for clearing online session data and handling sensitive patron information.
Answer No, but plan to in the next year if you do not have a patron privacy plan, but plan to institute one in the next year.
Answer No, would like to but cannot at this time if you would like to have a patron privacy plan, but are unable to develop one at this time.
Answer No, we have no plans to do so at this time if you have decided not to protect your patrons' privacy while they are using public computers and wireless networks.