Shopping with Privacy in Mind
The first and best place to protect user privacy is during the vendor selection process. Libraries who have sole discretion as to which products to buy have the greatest amount of control in this area. For other libraries, this might not be the case. However, this does not mean that libraries can’t have privacy-conscientious products! Refer to the “Who Controls the Decision to Buy?” section in this guide for strategies in selecting privacy-conscientious products when the library is not the primary decision maker in the selection process.
Selecting a vendor product can be overwhelming when there are a variety of choices, while at other times a dearth of choices can make the process extraordinarily underwhelming. In both cases, libraries still need to do their research into each vendor’s privacy practices. The research done up front can save you time down the road during the contracting process as well as reduce the chance of surprises around vendor privacy practices.
Having a systematic way to evaluate vendor choices can help save time and resources, as well as ensure that each vendor is evaluated with the same set of criteria. Depending on the organization and nature of the proposed purchase, libraries might be able to use a Request For Proposals (RFP) to collect information from vendors for evaluation. RFP templates can be updated to include questions around data privacy and security practices, as well as list privacy requirements that the vendor must meet in order to be considered for selection.
- How does your library’s vendor selection process assess vendor privacy practices?
- How can you incorporate privacy requirements and questions into that process, including in the RFP?
- Use this Annotated RFP Guide for examples of different approaches.