Building the Audit Framework
A privacy audit will cover a wide breadth of information, allowing you to dig deep into all areas of your library that interact with user data. The first step is to brainstorm all the places you will need to audit.
Exercise
What are the different places in your library that collect user data?
- Examples
- Integrated Library System
- Volunteer Paperwork
- Social Media
- Learning Analytics Software
- Website
- Student Dashboards
- Where is User Data Collected in Your Library?
Core Questions
Once you’ve identified all the areas in the library that interact with user data, you’ll want to ask yourself a set of Core Questions. Keep these questions handy and ask them anytime you, a partner, or a vendor is planning to collect user data. They will help you to collect the least amount of data needed, ensure it’s stored securely, and deleted according to a regular schedule.
Exercise
Pick one of the places in your library that collects user data. Answer these Core Questions.
- What information do you collect?
- Why do you collect it? Do you need to collect it?
- How do you collect it?
- Who has access?
- What are the storage and retention policies/procedures?
- What are the current best practices and policies?
Is the user data shared with or collected by third-party vendors?
- What information do you collect?
- Why do you collect it? Do you need to collect it?
- How do you collect it?
- Who has access?
- What are the storage and retention policies/procedures?
- What are the current best practices and policies?
