Who Controls the Decision to Buy?
Institutions have a wide range of purchasing processes. Some library workers have sole discretionary power over acquisition of vendor electronic resources or software. In this case, you can choose your standards regarding privacy and refuse to purchase products that don’t meet your standards. For library workers with full control over purchasing, this guide can provide ideas of what to look for regarding privacy, and how to see if the vendor or the product meets those standards.
Don’t know a person in the process? Wondering how to figure out who you need to convince to become a library privacy ally?
Check out the “How to Talk About Privacy” Field Guide!
Investigate the vendor selection process at your library by listing the answers below.
- Write the name of each library staff member involved in the vendor selection process.
- What is their role in the selection process?
- Do they consider privacy in evaluating resources?
- Are there opportunities to discuss with them how privacy should be part of the evaluation?
Privacy Protections When Vendors Don’t Align
The final decision to acquire vendor products may technically be made by the library; however, the political cost of not getting a database or product may simply be too high. When a product is so popular with users, or when a powerful person in your organization (professor, administrator, board member) pushes for a product, your library may need to acquire the product despite your concerns over user privacy.
Even when you can’t control the selection of a product you feel doesn’t protect user privacy, you can still take short-term actions to protect user privacy:
- Educate users through website notices before they leave the library website to navigate to a vendor resource.
- Use library instruction sessions and library e-resource product promotions
as opportunities to educate users about the privacy risks of using
vendor products and ways they can protect their personally identifiable information (PII).
- Advocate for adoption of aggregated metrics for internal use, particularly with software that identifies individual users.
- Do not retain personally identifiable information from vendor usage reports. Use aggregated totals when possible.