Abstract
This research contributes to knowledge on privacy practices in academic libraries, by comparing survey data of librarians and their student-patrons in three top Ghanaian public universities. Our research revealed that Ghanaian academic libraries have not been proactive in promoting privacy issues. There is a general lack of awareness among librarians and their student-patrons about library practices, policies and procedures relating to privacy in their institutions. Besides, very little has been done in terms of providing privacy education and communicating the library’s and vendors’ privacy policies to staff and student-patrons. Among others, recommendations were made for library leaders and the library professional association in Ghana to develop toolkits that will facilitate privacy education and privacy advocacy.
Keywords
Introduction
Privacy and confidentiality of information on patrons are very important concerns to librarians. The ability to protect patrons’ privacy in the library can influence the trust relationship between librarians and their patrons (Sutlieff and Chelin, 2010). Librarians also see this function as a means of safeguarding the democratic values of unfettered access to information, freedom of thought and expression, and intellectual freedom. The current information landscape, however, makes it more challenging for librarians to carry out this professional commitment. For instance, implications of information and communication technologies (ICT) on patron privacy and the confidentiality of records in online environments are far-reaching (Singley, 2020), and the commoditization of user information in this current data economy also raises new privacy challenges (Pekala, 2017). Information leakages have been reported especially in digital library environments where arbitrary data collection often occurs (Affonso and Sant’Ana, 2018). These leakages include search terms, user-agent software, geographical location, time of day, and many more which can compromise patrons’ anonymity (O’Brien et al., 2018).
For librarians, this management and safeguarding responsibility is not just an ethical or professional duty but also a legal one in some cases (Ard, 2016; Pekala, 2017). Data protection laws like Ghana’s Data Protection Act 2012 (Act 843) mandate data collecting agents like the library to protect the personal information of data subjects, in this case, library patrons. This paper seeks to understand how libraries in Ghana execute this responsibility by exploring privacy practices across three top academic libraries in Ghana.
The study was motivated by previous studies conducted by Zimmer (2014) in the United States (USA) and Tummon and McKinnon (2018) in Canada. Both studies assessed privacy attitudes and practices in North American libraries and provide valuable insights into what differences and similarities there are between the two neighbouring countries. Our search of the literature revealed that studies on privacy practices within African and Ghanaian libraries, in particular, are very scarce. Furthermore, both Dagbanja (2016) and Jeske et al. (2016) posit that privacy practices are susceptible to socio-cultural differences. For instance, Ghana, like most African countries, is a group-oriented society where the collective interest mostly takes pre-eminence over the individual interest, and this collective culture correlates with a generally low level of concern for privacy when compared to individualistic cultures (Dagbanja, 2016). Moreover, privacy and data protection laws and the field of librarianship in Ghana are generally different from that of countries in the global north. Researching into Ghanaian academic library privacy practices provides insights into privacy in Ghanaian libraries. This knowledge helps to contextualize and appraise the role of libraries in safeguarding patron privacy and promoting privacy literacy among their patrons, and could ‘alert librarians to potential privacy gaps in patron services’ (Lamdan, 2015: 265). These outcomes can provide guidance for future library policies and training programmes towards improving librarians’ and patrons’ privacy literacy and online choices, and protecting and promoting privacy rights of library users (Tummon and McKinnon, 2018; Zimmer, 2014). The study also provides a useful background for future studies on privacy in Ghanaian libraries as well as an empirical basis for international comparisons. In view of the afore-stated, the study is guided by the question: What are the privacy protection practices in the three selected academic libraries in Ghana?
Literature review
The significance of privacy to the role and operation of libraries has been a subject of ongoing discussions. Recent interests like the attention given to the subject in the third issue of the 2018 volume of the IFLA Journal is an indication of how relevant and crucial privacy is in this era, even though scholars like Doyle (2018) are convinced it is a lost cause. Legislations like the PATRIOT Act in the USA (Hess et al., 2015), Security of Canada Information Sharing Act (Jeske et al., 2016) and similar laws in Europe which threaten to invade patron privacy and confidentiality, coupled with the digital space that most libraries now operate in (Reid, 2019), have driven libraries to renew their commitment to safeguarding the interest of their patrons. Libraries do this mainly by committing to industry standards and guidelines set out by professional library organizations.
Prescriptions of best practices and approaches to patron privacy protections are rife in the literature (Affonso and Sant’Ana, 2018; Inoue, 2018; Jeske et al., 2016; Kritikos and Zimmer, 2017; Lamanna, 2019; Tummon and McKinnon, 2018), often echoing those advocated by professional bodies like the International Federation of Library Associations and Institutions (IFLA) (IFLA, 2018) and the American Library Association (ALA) (O’Brien et al., 2018). These recommendations include educating library personnel and patrons and implementing privacy policies and procedures. However, institutional practices and efforts on patron privacy management are disparate. For instance, although being four years apart, two national surveys by Tummon and McKinnon (2018) in Canada and Zimmer (2014) in the USA respectively on privacy attitudes and practices among librarians, show a sharp contrast in some aspects. While most librarians in the USA said that their libraries had established practices or procedures for patron information requests and also communicated privacy policies to patrons, most Canadian librarians were either unaware of the existence of such practices or procedures or said it was non-existent in their libraries. In Japan, Inoue (2018) raised concerns about the lack of education on technology systems used in libraries and their concomitant privacy issues, and the lack of comprehensive user privacy policies and guidelines at the local level, in light of two main trends in public libraries: outsourcing the management of public libraries; and the use of part-time workforce. Illustrating with two public library cases, Inoue demonstrates that despite the existence of legislation to safeguard personal information, there are still gaps which libraries must strive to address. Some of these gaps include limitation in the scope of what local legislation defines as personal information; the conflict between library industry standards on privacy and local government policies and priorities; conflicts between private business model and practices, and public library norms, traditions and mission; and the lack of understanding about third-party library systems (Inoue, 2018). These results show that the level of privacy and personal information protection can vary even among advanced countries (Jeske et al., 2016).
A potential educational gap is, however, palpable since many libraries are still lagging in terms of organizing educational sessions for both their staff and patrons. Ard (2016: 170) posits that ‘education is a cornerstone of library advocacy’; Krueger (2019) admonishes library managers and professional associations to commit to bridging the educational gap by organizing training on privacy-related trends. Lamanna (2019) indicates that education is vital for effective implementation of privacy policies and systems where they exist, and Singley (2020) states that education can help build a culture of patron privacy consciousness into the library’s operations. While some bold attempts are being made in providing privacy education (Maceli, 2018), more creativity is needed to sustain the effort and outcomes (Lamanna, 2019).
One of the channels for the library to deliver this needed privacy education is through privacy policies development (Tummon and McKinnon, 2018). The importance of developing explicit policies to guide the consistent enforcement of patron privacy and confidentiality has been noted (Dowling, 2017; Hess et al., 2015). These policies inform patrons about the privacy practices of their service provider, the options available to them and their responsibilities in protecting their privacy (Gao and Brink, 2019). Many libraries have developed privacy policies in the USA (Kritikos and Zimmer, 2017; Zimmer, 2014), yet, it has been shown that many libraries still lack clear privacy policies. Affonso and Sant’Ana (2018), in their investigation of privacy issues in data collection from the national digital libraries of nine South American countries, report that only two countries (Brazil and Colombia) had privacy policies for providing some guidance to users. Similar situations have been reported in Japan (Inoue, 2018) and Canada (Tummon and McKinnon, 2018). These studies emphasize the need for transparent privacy policies and guidance, especially within digital library environments, where it has been shown that potential privacy risks are imminent due to possible arbitrary data aggregations unbeknownst to and unapproved by users (Affonso and Sant’Ana, 2018; Liu et al., 2020; Robillard et al., 2019).
Related to library privacy policies are policies of digital content vendors. It is important that as libraries promote and protect patron privacy rights through their policies and procedures, library vendors commit to same (Dowling, 2017). Tummon and McKinnon (2018: 92) asserted that ‘[i]n order for patrons to make informed decisions about using e-resources, they must understand vendor policies abut [sic] such issues as what data are collected, where data are stored, and for what purpose data are being used’. To understand this issue better, a few empirical studies address library vendor policy contents. Magi (2010) conducted a content analysis of the privacy policies of 27 top library vendors; Lambert et al. (2015) also conducted a content analysis of the privacy policies of five prominent digital content providers of public libraries in the USA. These studies report a general trend where vendors’ policies largely fall short of library profession standards and do little in terms of giving meaningful control to users over their personal data.
Other related and more recent studies accentuate this observation. For example, in the context of mobile apps, Robillard et al. (2019) observed that many free IOS and Android apps tracking mental health variables lack privacy policies. The few that do fall short in transparency as most of them lacked statements clarifying issues about the sale of user information and informed consent. Furthermore, though few of the policies indicated measures to protect user data, most could not guarantee users’ data security and in most cases, the right to delete information associated with the app use was shrouded in caveats. In the context of cloud computing, Gao and Brink (2019) found that most of the privacy policies of cloud service providers did not contain information on the collection of usage details, and did not provide detailed discussions on the measures for data safety and integrity, and addressing user concerns. These findings have implications for libraries as they rely on Library 2.0 services from third-party vendors and may also have implications for the libraries’ general privacy policy (Kritikos and Zimmer, 2017).
These privacy policies mean little unless they are communicated and made accessible to staff and patrons. Interestingly, the literature reviewed shows that while vendors’ privacy policies are mostly visible, accessible and communicated (Kritikos and Zimmer, 2017; Lambert et al., 2015; Magi, 2010), the practice varies with libraries’ privacy policies (Tummon and McKinnon, 2018; Zimmer, 2014). It is worth pointing out here that the methodological differences in these studies may imply this revelation. Vendors’ privacy policies are often investigated using content analysis methods, while studies focusing on library privacy policies often adopt self-reported surveys. Still, libraries are not doing a good job in linking library privacy policies to vendors’ policies for seamless access (Kritikos and Zimmer, 2017). The readability and comprehensibility of these policies are also of interest even though there are concerns about the validity of the indexes used to determine the readability or comprehensibility of privacy policy texts (Gao and Brink, 2019; Lambert et al., 2015; Magi, 2010; Robillard et al., 2019).
The conclusion from the literature review is that privacy practices across libraries are divergent and inconsistent. Libraries need to adapt privacy practices to better align with today’s online reality to remain relevant in protecting and promoting patron privacy (Singley, 2020). There is, however, a paucity of research on privacy practices in Africa. For instance, the 2018 special issue of the IFLA Journal which focused on privacy did not present any perspective from Africa, neither have we identified any such discussions elsewhere, since then. This study provides an African perspective to the discussion on library privacy practices and has the potential to yield new insights even for scholars and professionals in more advanced environments.
Another unique aspect of our work is that we conducted this survey from the perspective of both librarians and the student-patrons they serve, unlike previous studies that focused on librarians’ perspectives only. Singley (2020) noted that approaching the privacy problem from the perspective of librarians mainly has proven ineffective and is partly why the library profession has been slow to adapt to the new online reality. Employing this approach allows us to determine whether librarians and their patrons are on the same page regarding patron privacy and data protection practices in their libraries since any misalignment could lead to some privacy challenges for both parties.
Methodology
This study was exploratory, and to achieve our goal we surveyed 74 library staff (out of a total of 410 in all categories) and 726 students across three top public universities in Ghana: University of Ghana (UG), University of Cape Coast (UCC) and University of Education, Winneba (UEW), using the nonprobability convenience sampling method. Our survey instrument was adapted from the study by Zimmer (2014), which surveyed librarians’ attitudes and practices on privacy in the USA. The instrument was slightly modified, and an open-ended question was added to elicit suggestions from respondents on how the library can improve patron privacy. The language of the instrument remained in the original English in which it was developed as Ghana’s official language is English and, therefore, there was no need to translate it to any Ghanaian vernacular. We pre-tested the instrument in two of the public universities with five librarians and 15 students and the feedback was incorporated into the final questionnaire. The questions focused on general practices in the library, the communication of privacy policies, privacy training and suggestions for improving patron privacy. The data was cleaned, coded and entered into SPSS 24 package for analysis. Descriptive statistics were run on the closed-ended data, while the open-ended responses were analysed using content analysis methods. We recognize that the relatively small sample (particularly of library staff) used in this work limits the extent of generalizability of the study results. We, however, assure that sampling from all categories of library staff and public universities across three distinct administrative cities in Ghana helps to minimize this challenge. This notwithstanding, the study’s outcomes provide valuable insight into library privacy practices from a uniquely African cultural perspective, which can advance our understanding of the subject.
Results
Demographics
As shown in Table 1, the majority of library staff who responded to the survey worked in the Collection and Technical Services (35.1%) and Public Services (33.8%) sections of the library. This is followed by 14.9% of staff in Digital Initiatives. These job designations are likely to provide some form of services to users over online systems and electronic platforms. Senior staff (para-professional/support staff with a diploma or Bachelor’s degree) and senior members (professional/senior administrative rank with at least an MLS degree) account for 69% of library staff who responded to the survey (Figure 1). As many as 66.2% have over five years of professional experience (Figure 2) and more than 93% of them had at least a diploma (Table 2).
Job description of library staff.
Rank of library staff.
Level of experience of library staff.
Educational level of library staff.
A plausible explanation for the disparity between the number of library staff with at least a diploma and the actual rank of respondents is that many of them may have been junior staff (support staff with an educational qualification lower than a diploma) who have gone on to pursue further studies to qualify for a diploma or a Bachelor’s degree but are yet to be promoted or upgraded to the appropriate rank. This is quite a common phenomenon in many universities in Ghana. Meanwhile, almost all the students (99.3%) who responded to the survey were pursuing at least an undergraduate programme (Table 3).
Educational level of students.
The five students who indicated ‘Other’ as their educational status did not provide their specific level of education.
Library privacy practices
Most of the respondents demonstrated a lack of awareness of the practices of the library when it comes to privacy issues (Table 4). For instance, 37.8% of librarians and 56.3% of students said they did not know about any established practices or procedures relating to requesting information from patron records. For the rest of the respondents who answered this question, 33.8% of library staff answered ‘Yes’ while 28.4% said ‘No’, with 35.8% of students saying, ‘Yes’ and 7.9% responding with ‘No’. This suggests that 66.2% of library staff and 64.2% of students perceive that their libraries either do not have such established procedures, or they are not aware of the existence of such standard procedures at their institutions.
Library privacy practices.
Whereas most library staff (39.2%) said the library trained staff on handling requests for patron records, most of the students (47.7%) said they ‘don’t know’. Still, a significant number of librarians (60.8%) perceive that either their libraries did not offer such training, or they were unaware of the existence of such training. Likewise, only 41% of students selected ‘Yes’ for this question.
On whether patrons had ever enquired from the library regarding the privacy of their personal records, or any other surveillance issue, most of the library staff (43.2%) said ‘No’, 33.8% said they ‘Don’t know’ and 23% said ‘Yes’. Comparatively, most of the students (66.9%) selected ‘Don’t know’, 22.3% said ‘Yes’, and 10% said ‘No’. When asked whether their libraries communicated privacy policies to patrons, most library staff (45.9%) said ‘No’, 35.1% said ‘Yes’ and 18.9% said they ‘Don’t know’. On the other hand, most of the students (59.9%) selected ‘Don’t Know’, 25.3% said ‘Yes’ and 14.7% said ‘No’. Respondents who answered ‘Yes’ to this question were asked to further indicate how policies relating to ‘general patron data’, ‘circulation and borrowing data’, and ‘computer and Internet usage’ are communicated to patrons. For policies on patron data, most of the library staff (28%) said it was communicated through the library website, but most of the students (26.8%) claimed it was communicated through the notice boards.
Most of the library staff (48%) said that a written policy on circulation and borrowing data was issued to students during registration. However, most of the students (25.8%) reported that such a policy was not communicated to them. A majority of both the library staff and students conceded that policies on computer and Internet usage were communicated to students through the library website and on notice boards (Table 5). When asked whether e-resources privacy policies were communicated to patrons, most of the library staff (44.6%) said ‘No’, 31.1% said they were unaware and 24.3% said ‘Yes’, they did.
Communication of privacy policies on specific library activities.
On the other hand, most of the students (64.1%) said they were unaware, 20.1% indicated that such vendor policies were communicated to patrons, and 15.8% said ‘No’ in responding to the same question (Table 4). When asked if their libraries trained students on privacy issues resulting from using the Internet and other online library services, the librarians were fairly divided on the question; 41.9% said ‘No’, 40.5% said ‘Yes’ and the remaining 17.6% selected ‘Don’t know’. Comparatively, most of the students (43.1%) said ‘Yes’, followed by 32.1% who selected ‘Don’t know’ and 24.8% who said ‘No’.
According to most of the library staff (47.3%), their libraries had not hosted or organized any public information sessions, lectures, seminars, or other events related to privacy and surveillance in the past five years. This is followed by 28.4% who said their libraries had held such sessions and the remaining 24.3% were unaware of such events. For the students, 52.9% selected ‘Don’t know’, 26.7% selected ‘Yes’, and 20.4% selected ‘No’ for this question.
Suggestions for protecting patron privacy in online library environments
Respondents were asked to suggest ways in which the library could help protect the privacy of patrons in online library environments. In all, 46 library staff and 442 students responded to this open-ended question. The content analysis revealed several thematic areas that characterize the responses. Sixteen content categories emerged from the responses with eight being common to both librarians and students (Table 6).
Summary of suggestions for improving patron privacy in academic libraries.
Education
The calls on the library to educate or train both librarians and students on privacy issues in the online library environment were a prominent suggestion from both categories of respondents. Some of the approaches proposed for the training include workshops, seminars, lectures and orientations. This underscores the importance of the instructional services libraries offer in empowering their users for effective and safe use of the library resources in online environments. Some of the library staff (L) and students (S) suggested: By educating the user community on privacy issues and building the capacity of staff to handle privacy issues. (L) Educating the students about privacy issues and also organizing sensitization workshops and seminars for them on how to protect their privacy in the online library environment. (S)
Passwords
The use of passwords, security codes, personal identification numbers and similar mechanisms to protect users’ privacy also ranked very high among both categories of respondents. Users, however, had the responsibility of keeping their passwords safe and secured: Library users can be protected by the use of passwords and other identification and authentication codes. (L) By enabling individuals to create personal accounts where they can log in and out anytime they access online library materials.(S)
Policy and regulations
While the enactment, communication and enforcement of privacy policies and regulations were still among the top suggestions of both categories of respondents. comparatively, far fewer students recommended this. It is also important that these policies and regulations are made easily available and understandable to users. Some of the suggestions were: A clear and unambiguous promulgation of privacy policies and their communication to users could help alert library patrons to their responsibilities of protecting their own privacy. (L) There should be strict and concrete policies to ensure privacy is highly protected. (S)
Data security
The need for the library to adopt the best security measures that would secure the personal data of users was also among the top recommendations from both categories of respondents. Elements of data security include investing in infrastructure that secures patrons’ data, restricting access to data and anonymizing data if there was a genuine reason to share, and providing safe access to the Internet. Below are some of the suggestions of respondents: Library user data must be seen by authorized personnel only. All user data kept by the library must be stored in a way that does not allow unauthorized copying. User data must be encrypted. Don’t allow hackers and spammers to intercept data transmission. (L) By ensuring that resources are invested in making and strengthening existing infrastructure that is designed to ensure privacy. PCs should be protected from software that harvest people’s information and the library should avoid using monitoring software. (S) They should make sure that our search engines and social media are being protected from hackers. There should be constant clearing of students searches and history online. (S)
Awareness creation
Respondents also expect the library to create awareness about privacy issues. For instance, using the library website to promote library privacy policies was seen as a useful method for awareness creation; or providing safety tips for using online services using leaflets or fliers to sensitize library users about their privacy rights or even policies of database vendors. A lot of awareness needs to be created so as to expose staff who are not familiar with the dangers of privacy intrusions. (L) Post privacy issues on the library webpage. (L) The library could make users aware of all the privacy policies that are attached to using certain online websites especially the implications of the said policies whether beneficial or harmful in nature. (S) Sensitize students about privacy issues in online library environments. creating awareness of individual rights to privacy with regards to personal information. (S)
Competent staff
A few respondents also suggested recruiting competent staff that understand privacy issues and can assist users to navigate the privacy challenges while working in online library environments. Some of these suggestions are as follows: There should be personnel who are competent professionals, who abide by the ethics of the information society and capable of assisting students on matters of privacy. (L) This can basically be done by employment of personnel who are competent enough and are of high moral standing in society who will be unwilling to share or leak such information to any other person. (S)
Sanctions
Some respondents also called for sanctioning people who are found to be infringing on people’s privacy rights. Anyone who abuses information must be punished according to the law. (L) Enforcing laws governing privacy of library users in the online library and giving the necessary punishment due when users privacy is infringed on by others. (S)
Limit data collection
Some of the respondents in both categories showed concern about libraries collecting too much information about users in online library environments. They proposed the following: Limit sign-up details patrons are supposed to provide in their registration into specific library services. (L) By asking for basic information and keeping it private. (S) Reduce the quantity of data required from the individual for services rendered. (S)
User consent
Users want more power and control over their privacy. They expect decisions about their personal data in the custody of the library to be made with their consent. Libraries should not share personal information about users to everyone unless authorized by the individual. (S) Before anyone can be granted access to the personal information of the users, permission should be sought from the user. (S)
Report breaches
Users also expect to be notified when their privacy within online library environments was compromised. They suggested the following: Inform us anytime the library finds that our privacy has been breached by someone. (S) The library could help by providing the library users or prompting them immediately on cases relating [to] security of their library account etc. (S)
Surveillance
Some of the students called on library staff to be vigilant, to monitor or track suspicious activities in online library environments: Ensure students’ surveillance at various libraries. (S) It is their responsibility to track peoples [sic] using our website to defraud others. (S)
Personal space
Some students also want to work in spaces that are free from intrusions of any kind: I suggest that computers used in online library environment are arranged in a way that nobody would see what others do. (S) Secured personal privacy in the library room with no interference. (S)
Purposeful data collection
Some students want the library to disclose what data is being collected about them and what it is going to be used for. Also, the data must only be used for the purpose for which it was granted. Information collected about me should only be used for the purpose of which it has been collected. (S) There should be full disclosure of whatever information they are requesting and what it is going to be used for. (S)
No need for privacy
Some have no concerns about privacy in online library environments. They made the following statements: One must not be too particular about privacy because there is the need for information flow for the advancement of technology. (S) Privacy issues in the library should not all at times be in secret. The library is a place of research. So, information in the library should not be hidden. (S)
Prioritize user privacy
One person said the library must demonstrate a genuine interest in patrons’ privacy by treating it as a priority: by making our privacy protection their priority. (S)
Library doing well already
Another person expressed confidence in the library’s efforts in protecting users’ privacy interests: Honesty, not too sure but I haven’t heard of any major incident, so it seems you’re doing a pretty good job so far. (S)
Discussion
The survey sought to investigate privacy practices in the three institutions polled to understand how Ghanaian academic libraries were currently addressing the issue of patron privacy. It is argued that privacy practices and systems within libraries have implications for patrons’ concerns, perceptions and actions (Gao and Brink, 2019). Tummon and McKinnon (2018) further note that awareness about institutional practices and procedures is essential for librarians to successfully protect patrons’ privacy and support them in making informed online decisions. They posed the question, ‘[a]re librarians doing enough to communicate privacy practices and policies to students, and to build awareness about how online personal information is being used or potentially misused?’ (p. 87).
Our investigation reveals that most of the respondents were not aware of privacy practices within their institutions. Just a few claimed to be aware of specific practices in their libraries. For instance, only 33.8% of librarians and 35.8% of students said their libraries had established practices or procedures relating to requesting information from patron records. This general lack of awareness about institutional practices and procedures by the library staff in our study is consistent with the experience of Canadian academic librarians (Tummon and McKinnon, 2018) but contradicts the experience of librarians in the USA (Zimmer, 2014). Plausible explanations for this lack of awareness by librarians and students in the present study include the non-existence of such practices and procedures, or if they exist, perhaps not enough is being done to promote and create awareness about such practices and procedures. For library staff, their own lack of awareness about institutional practices, policies and procedures is a serious hindrance to their ability to effectively support their patrons’ privacy needs (Tummon and McKinnon, 2018). The low level of awareness among students may have also contributed to the discouragingly fewer number of them who had made inquiries to library staff regarding privacy and surveillance issues; although it is also plausible that students trust their libraries to protect their privacy interests, hence the seeming lack of interest in privacy issues by the students (Hess et al., 2015; Sutlieff and Chelin, 2010).
While the majority of Canadian librarians (42.3%) were unaware if privacy policies were communicated to patrons (Tummon and McKinnon, 2018), a majority of the librarians (45.9%) in our study admitted that privacy policies were not communicated to patrons. Though 35.1% of librarians claimed they did so, only 14.7% of our student respondents corroborated this claim. Those who said that their libraries communicated policies also provided further details about the approaches used to communicate policies relating to ‘general patron data’, ‘circulation and borrowing data’, and ‘computer and Internet usage’ in their libraries. These include a written policy issued during registration, library website, notice boards/signs, email or other methods. This, notwithstanding, a significant number of these respondents (48% of librarians and 41.9% of students) indicated that their libraries either did not communicate policy on general patron data or they were not aware if they did. Similarly, 28% of librarians and 50.5% of students expressed the same sentiment concerning policy on circulation and borrowing data. Fewer respondents felt this way about policies on computer and Internet use data (Table 5). These revelations from the data do not provide a strong premise to conclude that these institutions actually communicate privacy policies to their users. At least, in one of the institutions surveyed, it has been reported in a previous study that policies addressing privacy are scattered and disjointed with no unified privacy policies for the library services (Owusu-Ansah et al., 2018). This presents a challenge in communicating or creating awareness about privacy policies. When combined with responses regarding electronic resources vendors communicating their privacy policies to patrons, what is very evident is that most of the respondents within the two categories lacked knowledge about policies relating to privacy in their institutions. It is not surprising then that many of the respondents from both categories called for development, communication and enforcement of policies regarding privacy in their libraries.
Less than half of the respondents said their libraries offered training to staff on how to handle requests for patron records, and to students on privacy issues resulting from using the Internet and other online library services. Also, most of them said their libraries had not hosted or organized any public information sessions, lectures, seminars or other events related to privacy and surveillance in the past five years. These findings are consistent with the situation in Canada (Tummon and McKinnon, 2018) and the USA (Zimmer, 2014) and indicate that there is the need to train both library staff and patrons on privacy issues. This revelation is accentuated by the calls for education on privacy issues in online library environments which ranked very high among the suggestions proffered by both librarians and students. The IFLA Statement on Privacy in the Library Environment recommends that libraries should embed data protection and privacy issues into their media and information literacy services for patrons; and also, that education for librarians should include data and privacy protection principles and practices in online settings (IFLA, 2015). Privacy education sessions can be used to communicate and create awareness about national data protection legislation (Dagbanja, 2016), institutional policies, regulations and practices and vendor policies (Tummon and McKinnon, 2018). Ghanaian academic librarians must also see this educational role as a powerful advocacy tool for promoting privacy issues within their institutions (Ard, 2016).
The content analysis of the open-ended question shows that respondents, especially students, recognized the library’s role in securing their privacy. They acknowledged that libraries have a responsibility to protect their privacy interests and trust librarians to uphold that interest. The majority of the students demonstrated their concern for privacy, recommending that the library needs to adopt best practices to secure their personal data. These measures include, but are not limited to, anonymizing data, restricting access to data, clearing search and browsing history, using encryption systems, blocking monitoring applications and investing in infrastructure that generally provides safe access to the Internet. These propositions together with the themes that emerged from our content analysis do not deviate from the recommendations in the literature (IFLA, 2018; Jeske et al., 2016; Lamdan, 2015) and should drive librarians to take tangible steps to secure personal information and promote the privacy of their patrons.
Furthermore, the fact that students made unique recommendations in their desire to have their data protected by librarians points to the fact that students have enhanced expectation of libraries to protect their data while using online library services. Though some of these recommendations may seem counterintuitive or even unrealistic, for instance, the call for librarians to be gatekeepers of online activities could represent a breach of students’ privacy and right to search without being observed, it is possible that students see librarians as trustworthy gatekeepers, or they just have a relaxed attitude towards privacy (Sutlieff and Chelin, 2010). This may be why some of them showed no concern for privacy. These revelations align with the position of Doyle (2018) who argues that concerns for privacy will continue to dwindle over time, especially, as libraries’ adoption of digital resources from third-party vendors to deliver personalized service experience already defeats patron privacy. Singley (2020) further opines that surveillance is becoming a common practice in libraries with the adoption of learning analytics to demonstrate value and that the solution is not to avoid surveillance but to ensure that users are aware of when and how they are being monitored.
Reconciling these calls with other recommendations that reject any form of surveillance, express concern for privacy or the desire to exercise control over personal privacy may sound contradictory. Yet, it shows that different people may have different attitude or concerns toward privacy (Zimmer, 2014). The desire for power and control over personal privacy, however, may be challenging in reality, because patrons have limited control on licence negotiations and other service agreements that the library enters into (IFLA, 2019). Their willingness to use such services or resources is deemed as their personal consent to the agreed terms. The onus thus lies on librarians to be proactive in understanding the concerns of their patrons to factor that into their data collection and subscription decisions (O’Brien et al., 2018). Perhaps, this is where promoting institutional and vendor privacy policies through education and accessibility to patrons is worthwhile.
The answer to Tummon and McKinnon’s question, ‘[a]re librarians doing enough to communicate privacy practices and policies to students, and to build awareness about how online personal information is being used or potentially misused?’, in the case of academic libraries in Ghana is, therefore, ‘No’. This may be symptomatic of the low concerns for privacy issues associated with group-oriented cultures (Dagbanja, 2016).
Conclusion and the way forward
This survey helps to understand how academic libraries are responding to privacy concerns in Ghana. This was achieved by comparing survey data from library staff on their perceptions about privacy practices and procedures with that of students in their universities. This approach is beneficial in two ways: first, library staff self-reported perceptions about their institutional practices can be verified and corroborated, and second, the authors can determine any gap in students’ and librarians’ perceptions regarding library privacy practices and procedures. The results of the study suggest that the situation in Ghana is similar to the case in some developed regions. Ghanaian academic librarians have not been proactive in promoting privacy issues in their libraries. There is a general lack of awareness among librarians and their students about library practices, policies and procedures relating to privacy in their institutions. And very little has been done in terms of providing privacy education and communicating the libraries’ and vendors’ privacy policies to staff and patrons.
Based on these findings, Ghanaian librarians need to do more in educating, communicating and creating awareness about privacy issues in their institutions. They first need to increase their own knowledge about privacy practices in their institutions, raise awareness about privacy practices and procedures in their libraries and engage their patrons to understand their concerns and address any challenges they might have. This can be done by embedding online privacy and data protection issues in their information literacy sessions. Library leaders and the professional library association in Ghana must consider developing toolkits that will facilitate these. Valuable lessons can be gleaned from recommended best practices in the literature in developing these toolkits. Additionally, librarians should implement measures that ensure the security of patrons’ data in the custody of the library.
A limitation of our work is that these practices are self-reported by the respondents through the questionnaire alone. They have not been personally observed and can at best be considered to represent the perceptions of the respondents about these practices in their institutions. A logical next line of action would be to conduct focused privacy practices audits in these libraries using other approaches like onsite observation and document/content analysis of library policies to derive a more realistic picture, even more so because the literature review reveals a gap in library privacy policy content analysis. Also, the themes that emerged from the respondents’ suggestions reveal diverse expectations of librarians with regards to how to improve privacy protection in these libraries. More research is needed to validate these views and the other results from the study.
Footnotes
Acknowledgment
We would like to thank Professor Michael Zimmer for permitting us to adopt his instrument for this study.
Declaration of conflicting interests
The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Funding
The authors received no financial support for the research, authorship, and/or publication of this article.
