As researchers use materials in libraries, their actions tend to generate records—research trails in digital databases, lists of borrowed books, and correspondence with librarians. Most of the time, these records are innocuous, but to facilitate freedom of inquiry, librarians generally hold these records as confidential. This confidentiality is especially important in law libraries because legal matters can be very sensitive and stressful. Researchers implicitly trust librarians with at least hints of concerns the researchers would prefer not be generally known. If researchers knew any records of their questions could become known to others, some researchers would avoid using library collections or asking librarians for advice, guidance that very well may help them find valuable information.
In her interesting post, Meg Leta points out that, despite some exhortations that information on Web lasts forever, most information now online will disappear at some point. Websites go down when their owners fail to pay hosting fees. Data is deleted, either by purpose or mistake. A file sitting on a drive or disc will, without maintenance, eventually becomes inaccessible because the storage media has decayed or because the hardware and software needed to read the file has become obsolete. Since information will tend to vanish without action on our part, Leta suggests we should instead focus on actively saving information that is worth keeping.
Leta makes an excellent point, but I’d suggest that in addition to thinking carefully about what information needs to be kept, legal professionals also should consider whether certain types of information warrant purposeful destruction. I’d also suggest that for law libraries, patrons should be given the ability to retain, either through the library or themselves, records of their use of library resources.
Leaving Breadcrumbs Along the Research Trail
Just as most web browsers keep a history of websites visited and search engines retain logs of search terms, law libraries and their vendors maintain records of some researcher interactions with library resources and staff. A very thorough researcher could generate records by using web browsers on library computers, writing to library staff, borrowing books, and accessing databases that require individual user accounts. Many of the major legal databases, such as Westlaw, LexisNexis, and Bloomberg Law require users to log in and maintain individual research trails.
Just as Leta said, most of these records will be destroyed over time through the library’s and vendors’ normal procedures. The library computers probably are set to erase their browser histories every so often, and most integrated library systems delete circulation records once books are returned. Legal databases keep research trails, but generally those trails eventually expire. However, the vendors also keep server logs and track users with cookies; those records probably are deleted at some point, but probably later than when users lose access to their research trails. Any written records the librarians keep of patron interactions might be covered by an organizational records retention schedule; if not, they are kept at the whim of the librarian.
So this appears to be the present situation: law libraries and their vendors collect a variety of records about their patrons’ research. Through normal business processes, much of those records is eventually discarded. Depending on the researcher’s circumstances, the records may be sensitive, and librarians generally strive to keep all such records confidential as a matter of professional ethics. Is there anything in the status quo worth changing?
Retaining Information has Risks and Benefits
Almost all the records libraries keep about their patrons have a purpose. Circulation records are kept so libraries do not lose materials and to make usage statistics. Vendors keep research trails so researchers can retrace their steps and know how their products are being used. After a certain period of time, these records are generally not needed for those reasons.
While records are needed for important reasons, keeping them also involves risk of harming researchers. The most serious risks are that a researcher’s sensitive legal research records will be revealed to others who should not have that information and that the records will be used for a purpose different from the one for which the information was originally collected. I imagine law libraries are not high-priority targets for criminals and government agents, but then again, library databases and email systems are probably not equipped with state-of-the-art security. Certainly the longer records are retained, the more opportunity there is for security to be compromised.
It is easier to imagine a scenario in which library records are used for a new purpose. Database vendors could decide to use research histories to market products to researchers. This seems possible for law students and attorneys. Publishers could seek to use library or database records to help track researchers committing copyright infringement. I have not heard of any recent attempts by law enforcement to obtain law library records and it is hard to fathom what relevance the records would have to any investigation. On the other hand, the government has sought library records before.
These risks that library records might be wrongly disclosed or misused exist while the records are useful, but the beneficial intended uses of the records outweigh the risks. Once that need has ended, though, there is no justification for keeping the records. The minimize risks to patrons, libraries should determine how long they need certain types of records and then destroy the data as soon as it is not required.
On the other hand, records of research activity can be used to benefit patrons. Surely many researchers could use a list of every book they have borrowed, or a research trail that covers multiple databases. Perhaps software could be developed that would analyze research histories to help make data-driven collection development decisions or recommend new books and articles to faculty and students. Services like this might require keeping patron records for quite some time.
Librarians thinking of future historians might suggest that patron records should be kept in some form so on ancestors can have a better understanding of how we conducted research and to look into the thought processes of significant legal scholars.
Giving Patrons Greater Control of Their Records
How these risks and benefits weigh against each other depends to a great deal on the researcher’s circumstances. For many faculty and students, the privacy of their library records is not a matter of great concern. For attorneys and private citizens (and faculty and students when conducting research on their personal legal matters), privacy is very important, and if they knew of a risk that their records might be used in unexpected ways, they may reduce their use of library resources, or be deterred from using the library altogether.
I suggest law librarians seek to give researchers greater control over their library records. Records should be retained for the absolute least amount of time needed for providing the services for which the data was collected. After that time, the records should be rendered totally irretrievable or reduced to anonymous statistics that cannot be traced to any individual. However, before the records are destroyed, they should be easily accessed and saved by the researcher for her own use. Researchers that choose this option can then keep their records as they see fit, just as they can download bank statements and export their financial transactions to personal money management software.
Below are suggestions for how this might be done.
Make a privacy policy and records retention schedule — Each library should publish a privacy policy that describes how the library collects and retains records of patron interactions. Each library should also make a records retention schedule that details how long each type of record is kept and how researchers can obtain a copy of their records before they are destroyed. Many researchers may choose not to download their records, but in that case the data will be destroyed as soon as it is not needed. The default option is most protective of patron privacy.
Make records easy to obtain and use — Researchers who wish to save their records should be able to more easily obtain them in a format that is compatible with software that organizes, searches, and retrieves the records. For instance, borrowing histories and database research trails could provide citations of accessed materials that are compatible with citation management software like Zotero, citeulike, and Mendeley. Since most integrated library systems and journal databases are provided by vendors, the best librarians can do is urge vendors to add these functions and subscribe to products that allow privacy-protecting defaults while also giving patrons access to their records.
Convince vendors to do the same — Libraries license most of the systems used to catalog and provide access to their collections. Protecting researcher privacy and providing patron access to their records will require the cooperation of vendors. Librarians should ask vendors to publish privacy policies that tell researchers what records are collected and how long they are retained, and encourage development of software that will give patrons copies of their records that are compatible with leading research management software.
For further reading on records destruction and privacy, I suggest Daniel Solove’s Understanding Privacy (Harvard University Press, 2008) and Viktor Mayer-Schonberger’s Delete: The Virtue of Forgetting in the Digital Age (Princeton University Press, 2009).
Benjamin Keele is a reference librarian at the Wolf Law Library of the William & Mary Law School. He earned a J.D. and M.L.S. from Indiana University. His research interests include copyright, privacy, and scholarly publishing. His website is benkeele.com.
VoxPopuLII is edited by Judith Pratt. Editors-in-Chief are Stephanie Davidson and Christine Kirchberger, to whom queries should be directed. The information above should not be considered legal advice. If you require legal representation, please consult a lawyer.
[Editor’s Note] For topic-related VoxPopuLII posts please see: Meg Leta Ambrose, Accounting for Informatics in the “Right to be Forgotten” Debate.