2021-06-01 - Privacy SIG Notes

Date

Attendees

Goals

  • Restart the FOLIO Privacy SIG

Discussion items

TimeItemWhoNotes
20minGroup introductionsall

Everyone is encouraged to introduce themselves to the group guided by these questions:

  • What is your personal or professional interest in information technology privacy?
  • What experience in information technology privacy do you bring to the SIG?  (for instance, GDPR expertise, identifying/segmenting personally identifiable information in databases)
  • How familiar are you with the FOLIO project?

Some thoughts from the introductions:

  • FOLIO Is a bit of a "black box" when it comes to understanding data storage a manipulation.  That makes it difficult to feel comfortable taking responsibility for the data in the system.  A tour of FOLIO and its design/development processes would be useful.
  • In implementing FOLIO, there are committees spread out all over the library.  That makes it difficult to have one person who can feel ownership of the data privacy tasks.
10minReview of the Privacy SIG charterall

Review what is there now in preparation for possibly revising it based on the subsequent three years of activity in the FOLIO project.

The existing charter is a good foundation, but there are ways it can be improved: "guidance" needs to be stronger, the SIG is not explicitly integrated in FOLIO design and development work.  We agreed to put the existing charter in a Google Doc and make suggested edits.  The intention is to bring the revised charter back to Product Council for review and endorsement.

10minDiscussion of the convener positionall

The Product Council SIG page has a description of the duties/responsibilities of conveners.

10minList areas of discussion/need for the Privacy SIG to considerall

Start to build this list.

  • Tour of how FOLIO fits together...get to know what areas will need focus.  Where the data is that we're concerned about.  Places of vulnerability.  Data Retention practices (periods, default settings (keeping by default and tossing by default)).  How do the different pools of patron data be exposed for analytics and ways that are unexpected by patrons (excessive patron data being exposed).  How are patrons given a choice about data retention (consent).
  • GDPR: differences been American and European libraries.  California and CCPA.  Make people aware of regulations—enable libraries to be able to answer the questions of their own regulations.

At the end of the meeting, we agreed to set a fortnight meeting schedule; the next meeting will be June 15 at the same time.

Action items

  • For the next meeting, decide on retention of meeting recordings.