CILIP Privacy project – Evidence 13 December 2017
CILIP Workshop on Privacy – Flipchart TranscriptionsHeld in Newcastle on 13 December 2017
Contents
What do we understand by Privacy? (Open session)
What are the privacy challenges you face in your work?
(Table discussion)
What do you think are the major Privacy issues facing
the Information Profession? (Table discussion)
Information on provisions relating to Privacy in the Ethical
Principles & Code of Professional Practice (provided)
What would you change about CILIP’s Ethical Principles and
Professional Code of Practice as they relate to privacy?
(Open session)
Does CILIP need a policy statement on privacy? If yes, name
the top three things which should be in one (Open session)
What do we understand by Privacy?
(Open session)
The divide/ balance between you as an individual and you as an employee (restrictions on giving opinion)
Confidence when sharing information (Know what is/ should be kept private)
Understanding/ knowing how and what the systems you are working with collect personal data
GDPR understanding the risks and the rewards of new legislation
Transparency when collecting data
Web usage reports due to filtering
Decisions around filtering/ who decides
T&Cs what are you giving away?
Live surveillance/ monitoring of users online (in public libraries) as part of PREVENT
Police disclosure Lack of information so hard to make a decision
What are the Privacy Challenges you face in your work?
(Table discussion)
Police requests for data/ info
Protecting/ educating the public as to their rights vs. council policy
Encouraging access/ customer service vs. protecting data
Balancing safeguarding duties and police demands with protecting citizens data
*We have access to more personal information / we collect more information about our users than we need/ should
* Staff need to be trained about data protection principles/ & sharing information with 3rd parties/ partners (Hard to know where you draw the line)
*Are we expected/ feels like we are expected to do something that is the police’s job?
*indicates challenges faced in your own work and also for the profession as a whole
What do you think are the major Privacy issues facing the Information Profession?
(Table discussion)
In our profession we’re talking more about collecting personal information than protecting it
How do we make sure our suppliers comply with new legislation around protection of data?
Misinformation from organisation’s information governance officer
Cost of making sure all systems & practices compliant
Knowledge, skills as part of qualifications
Technology, SAAS, server location (USA?)
Information in the Cloud
What would you change about CILIP’s Ethical Principles and Professional Code of Practice as they relate to privacy?
The existing Ethical Principle on privacy states that information professionals should show: “Respect for confidentiality and privacy in dealing with information users” [Ethical principle number 8]
This is further amplified in the related Code of Professional Practice that gives practical pointers to their application:
Within the section on Responsibilities to information and its users it states: Protect the confidentiality of all matters relating to information users, including their enquiries, any services to be provided, and any aspects of the users' personal circumstances or business [Section B]
And in the section on Responsibilities to society it states: Strive to achieve an appropriate balance within the law between demands for information users, the need to respect confidentiality, the terms of employment, the public good and the responsibilities outlined in this code [Section D]
[Note: This information on existing Ethical Principles and provisions within the Code of Professional Practice that relate to privacy was provided to participants. It may help understanding of the following flipcharts exploring this issue]
(Open session)
More details/ guidance
“Respect for” what does that actually mean?
Stronger language needed (eg “strive”?)
Transparency with users regarding use of their data
Does CILIP need a policy statement on privacy? If yes, name the top three things which should be in one
(Open session)
Yes – need a policy that protects the staff who are required to provide details to other organisations whilst protecting users of the service
Yes – having backing of professional body helps when we try to change things within organisation
Due care dealing with third parties
Check what legislation actually says we need to do (and do no more?)
Advocacy/ be more active/ proactive...for example in France
An active statement
Retention guidance – guidance on retention periods
Should cover - surveillance
6
Workshop on privacy – Newcastle 13 December 2017