Thursday, 31 July 2014

Data sharing between libraries

We're at the stage in the evolution of the AGMA library consortium where we're starting to work through the practical — and legal — implications of shared services.

  • Sharing our catalogue data is relatively easy: the data standards are well-established and most the data itself is published in the public domain on library OPAC's, etc. Which doesn't mean that it was all plain sailing and we've not got some more work to do. 
  • Sharing borrower data is obviously fraught with all sorts of information governance and data protection issues on top of the problem that there isn't any data standard save that imposed by the structure of our shared LMS and the commonalities we've discussed and agreed on a case-by-case basis.
  • Virtually every circulation dataset is a back door into the borrower data.
I've been thinking through some of the questions we need to be asking ourselves on this journey. It's still early days so isn't exhaustive; at this stage I'm trying to work out what we need to worry about at a general level prior to starting work on a risk analysis.

Purpose Type of Information Recipients Data Controller Notes/queries
Membership information including contact details –voluntary service, customers will be asked if they want to opt in
Customer name, address and contact information, DOB.

Disability, ethnicity and other demographic details

Family relationship details

Lending history
Library staff (including all other authorised Spydus users) of approved Authorities within the scheme Local Authority
(Data Subject’s Local Authority will be the data controller)
Which data is to be shared? Is it all or nothing?

  • If partial, which parts and how managed?

Same question applies to who the data is being shared with

  • What would be the position of volunteer-managed community libraries?

How do we switch sharing on/off?

  • What happens if a customer changes their mind? How are they “quarantined?”

What happens to the data held in loans, charges and reservations?

What happens to any outstanding loans, fines and charges?

Who owns (and is responsible for) the data?
Loans information Details of the loan including borrower, item, location and status of loan.

Loans history
Library staff

Specific customers can see all details of their loan(s)

All customers can see some details of the loan(s)
Local Authority
(which?)
This is the crucial element to be managed:

  • It is the purpose of the data-sharing agreement
  • It is the bridging element between the personal customer data and nearly all the other data sets

There is a hierarchy of viewing permissions

If a customer has said “no” to data-sharing, how is the borrower data in the loan, charges and reservation records expressed?

  • If the customer changes their mind about sharing their data, is it automatically redacted from these records?

Who owns (and is responsible for) this data?

Whose loan policies?

  • Applied from the lending library?
  • Including fines and charges?
  • How do exceptions apply?
  • “Non-default” borrower types and collections
Overdue/pre-overdue notices Contact details including borrower name, address, telephone and email; loan due dates and items involved Library staff

Specific customer
Local Authority (which?) Derived from loans data and subject to same questions

It would make sense to aggregate these to improve efficiency and save costs (see notes on charges, etc.)
Reservations Contact details including borrower name, address, telephone and email and items requested Library staff

Specific customer
Local Authority
(which?)
All the questions for loans apply for reservations (which are effectively loans-in-waiting)

Whose charge régime applies?

Would the Data Controller be the “owner” of the customer record, the library that placed the reservation or the library it will be picked up from (if a different library authority)?
Requests Contact details including borrower name, address, telephone and email and items/articles requested Library staff

Specific customer

ILL system (bibliographic and/or article data only)
Local Authority
(which?)
In nearly all respects as reservations, just more complicated charges

[The operating procedures would probably need modifying in the light of the shared lending environment.]

This will need to be revised in the event of a fuller integration with UnityWeb or equivalent third-party systems
Notifications for any reserved items Contact details including borrower name, address, telephone and email and items requested Library staff

Specific customer
Local Authority
(which?)
Derived from reservations/requests data and subject to the same questions

It would make sense to aggregate these to improve efficiency and save costs (see notes on charges, etc.)
Charges/fines/fees Contact details including borrower name, address, telephone and email; details of the transaction that generated the charge Library staff

Specific customer
Local Authority
(which?)
Derived from loans and reservations/requests data and subject to the same questions

How will these be managed:

  • Payable only where incurred?
  • Payable globally?
  • Impact on traps/alerts (whose parameters apply?)

In the event of recovery, who legally owns the charge?

In the light of the above, what would be the effect (if any) of aggregated notices?
Catalogue/ discovery records — bibliographic data Title-level catalogue data Library staff

Library customers and general public
Local Authority
(which?)
Bibliographic data – already shared data

Don’t forget that there is a link to the borrower record from the review/rating in the bib data in Staff Enquiry

  • Potentially links to more than one Data Subject, so which would be the Data Controller for this catalogue data?
  • Shared responsibility? How?
  • Similar questions are required of other customer-created content such as tags (these are lost in the current versions of Spydus 9)

(Not all data are published for the public)
Catalogue/discovery records — holdings/item-level data Catalogue data, including electronic holdings Library staff

Library customers and general public
Local Authority
(Which?)
Holdings data

Links to personal data via loans/loan history and status/status history

  • Potentially these link to more than one Data Subject, so which would be this Data Controller for the catalogue data?
  • Logically should be the owner of the holding item

(Not all data are published for the public)
Management Information/ Business Intelligence Reports detailing usage of service, per location Library Managers Local Authority
(Data Subject’s Local Authority will be the data controller)
Essentially should be summary data, though we’d need to have safeguards against breaches caused by very small sample data

Proper safeguards and risk analyses are required before making this data available to third parties
Demographic breakdowns Library Managers

Designated authorised analysts
Local Authority
(Data Subject’s Local Authority will be the data controller)
Most would be summary data, though we’d need to have safeguards against breaches caused by very small sample data

Some data (e.g. lists of postcodes) are granular enough to easily identify Data Subjects so safeguards need to be in place on the use and presentation of this data are required before making this data available to third parties
Marketing databases Library Managers

Designated authorised marketing staff
Local Authority (Data Subject’s Local Authority will be the data controller) Is the “I agree to receive marketing” (or equivalent) field global or local?

The selection of data explicitly must be limited to those customers who have agreed to contact so as to comply with Privacy and Electronic Communications Regulations.

Proper safeguards and risk analyses are required before making this data available to third parties
Stock management data Library staff

Designated authorised third-party service providers
Local Authority (which?) Nothing pertaining to Data Subjects should be included in this data.

Stock ownership should be straightforward.

Stock usage more problematic:

  • Global usage figures recorded against bibliographic/holdings data?
  • Local usage only?
  • How would (if at all?) third-party stock analysis systems like CollectionHQ differentiate between local and extralimital use?

In the early days at least there will be pressure to be able to provide evidence that stock is being used “fairly” with local library customers having first dibs for local stock
Ad hoc data requests Library Managers

Designated authorised third parties
Local Authority (Data Subject’s Local Authority will be the data controller) Most would be summary data, though we’d need to have safeguards against breaches caused by very small sample data

Some data (e.g. lists of postcodes) are granular enough to easily identify Data Subjects so safeguards need to be in place on the use and presentation of this data

Proper safeguards and risk analyses are required before making this data available to third parties

FoI requests would be subject to the proper exclusions
SIP2 data Data used for interfacing between Spydus and third-party systems Library staff

Specific customer
Local Authority (Data Subject’s Local Authority will be the data controller) The particular case at the moment would be where data held in the customer record determines the access or not to third-party systems and services.


  • Would the data be determined globally or locally?
  • Standard use of data fields?
  • Standard coding sets?

I'd be interested to know if/how this analysis sits with the experience of established consortium libraries, especially if I've missed something that could cause us problems.