June 10, 2015 Meeting of Privacy Policies Implementation Team

Time and Location of Meeting

June 10, 2015

Agenda Details

Agenda

Agenda not yet available.

Minutes Details

Attendees

Jim Dohle (notetaker), Lynne Rudasill, Sue Searing (chair), Lisa Hinchliffe

Minutes

1) Charge/Tasks

The Team reviewed its charge and the tasks outlined within it as approved by the Administrative Council (AC) and the Executive Committee (EC). EC has not yet considered and approved the privacy policy that the Privacy Policies Working Group (PPWG) recommended, although the Administrative Council has. Sue will follow up with EC and request that they approve the policy as it is foundational to the work of the Privacy Policies Implementation Team (PPIT).

PPIT is responsible for developing procedures for review and maintenance of the Library’s policies regarding personal privacy in the use of Library materials and related Library records; identifying gaps in current policy and practice regarding privacy and engaging in the development of new policies, guidelines, and best practices, and considering and making recommendations on the Library’s role in educating users about the privacy and security of library records.

2) Ongoing Management/Administration of Privacy Policy

The Library also needs an ongoing mechanism for evaluating and maintaining privacy policies. PPIT discussed a number of possibilities – a privacy policy committee, a more general policy committee, and/or an administrate appointment responsible for policy. In addition to documenting and disseminating policy, the Library needs a mechanism for verifying compliance, recording breeches, and managing exceptions. PPIT will continue this discussion at future meetings.

3) Matrix of Policies

PPIT’s work will be based on the privacy policy matrix that was created by the PPWG. Jim volunteered to update the matrix structure to add the following columns as decided upon by PPIT: Owner, Last Update, Results of Review, Next Review (Due By), and Review Frequency.

4) Policy Gaps

PPIT began a discussion of potential gaps in current policies. Further discussion and eventual follow-up is needed relative to: externally hosted and third party applications, including campus partners delivering services in library spaces, Rare Book and Manuscripts Library, Research Data Services, Illinois Connections, IDEALS, social media accounts, and the GA/hourly job applicants database.

5) Review Rubric

PPIT began to identify the dimensions for the privacy policy review rubric. For a regular, on-cycle review the following elements were proposed for consideration:

  • Review campus and relevant state/federal legal policy on the topic. Is the policy under review still in alignment with campus and state/federal policies?
  • Review circumstances surrounding original formation and implementation of policy
  • Policy owner check – one of following:
    • Policy should be owned by a position in a unit, not an individual per se
    • Policies can be owned by committees (provided they are still active)
  • Solicit user feedback
  • Review any actions taken or breeches of policy
  • Formatted according to template and style guide. Example information that might be required in the template includes who to contact about the policy, how appeals are filed, etc.

PPIT also discussed what circumstances might trigger an off-cycle policy review. Examples include: massive unauthorized data breach, substantial campus policy change, and state/federal law or policy change.

Action items:

  • Jim – update privacy policy matrix
  • Sue – contact EC to request approval of privacy policy