Book Reviews

The Ultimate Privacy Field Guide: A Workbook of Best Practices. Erin Berman, Bonnie Tijerina, eds. Chicago, IL: ALA Editions, 2022. 96 pp. Paperback, $29.99 (978-0-8389-3730-3)

In an all-encompassing, digitally connected world, librarians are at the forefront of protecting patrons’ digital privacy. This is evident in programs like the Library Freedom Project, a group that teaches librarians about privacy issues; the annual New York City Privacy Week, a joint program between the metropolitan area’s public libraries that focuses on digital privacy and security; and recent privacy-oriented books such as law librarian Sarah Lamdan’s Data Cartels. Privacy is a tenet of librarianship, as library users should have the ability to read and research without intrusive surveillance from the state and, in modern times, big tech. However, librarians may find it difficult to know where to start when it comes to privacy initiatives and policies.

The Ultimate Privacy Field Guide, edited by Erin Berman and Bonnie Tijerina, is a workbook that can be used to discuss, plan, and implement privacy initiatives at libraries. The real world examples and scenarios included throughout the book guide librarians in an easy and accessible manner that not only informs readers about digital privacy and security, but also provides step-by-step instructions to apply best privacy practices. Berman and Tijerina are privacy advocates in their own right; they have led the Institute of Museum and Library Services–funded Privacy Advocacy Guides for Libraries project, which was used to create online guides to instruct librarians on privacy. Berman also led the Privacy Subcommittee through the ALA Office of Intellectual Freedom from 2018 to 2022, and Tijerina has worked on related projects involving privacy and big data research ethics.

This well-organized book takes readers through the process of ensuring privacy for their libraries and communities over seven short chapters. Each chapter introduces a component of privacy, followed by practical examples and exercises that librarians and library staff can complete as individuals or together in order to fully understand the issues at stake. The first chapter highlights digital security basics such as password creation, multifactor authentication, and malware. The second chapter explains how to discuss the importance of privacy with stakeholders such as administrators, patrons, librarians, library staff, and others, providing talking points that explain why privacy should be an institutional priority. Chapter 3 explores non-technology–based privacy practices. Berman and Tijerina open with the design of a privacy-friendly physical space, followed by a discussion of privacy over the data lifecycle, specifically the exposure points of patrons’ personal identifiable information (PII). Privacy audits are addressed in chapter 5, which provides strategies for evaluating a library’s ability to manage user data based on best practices. Chapter 6 assists readers in crafting plain-language privacy policies that show patrons how their data is being used. The final chapter supplies information on working with vendors and addressing privacy issues in contracts.

The exercises in each chapter give readers space to take notes and answer questions. This is a book you can write in, recording and documenting a history of the reader’s privacy journey in the manner of a journal. The exercises can also be completed in a collaborative manner involving all library colleagues and staff, and could usefully shape an internal workshop or skillshare within library departments. Additionally, the exercises and problems presented to the reader come from real-world examples. The mere act of discussing privacy concerns with patrons, library staff, and administrators can be complicated and overwhelming, something librarians who have tried it will know. It can be difficult to understand where to begin, why to talk about it, and how. Berman and Tijerina provide helpful talking points tailored for specific stakeholders to make it easier to start the conversation.

The highlight of this workbook is its readability. The authors don’t focus on deep theory or philosophical discussions about privacy. Instead, their intent is to provide the practical foundation necessary to implement policies and practices to protect patrons. They introduce modern dangers such as ransomware, phishing, and surveillance culture, as well as the ethical ramifications of privacy and the importance of informing users about vendor policies–or the lack thereof. These brief introductions may compel readers to delve deeper into privacy research.

This book is highly recommended for any college or research library in the early stages of exploring privacy practices or that are looking to improve their current ones. It may also appeal to an even larger audience, exploring how library associations and consortia can use this work for wider, collective change in prioritizing privacy. The holistic approach that the editors outline, from the user level of passwords, to the data lifecycle of what information libraries collect, to how librarians can navigate vendor policies and contracts, properly illustrates the interconnectedness of library privacy issues and how librarians can address it. — Junior Tidal, New York City College of Technology