FacebookTwitterLinkedIn
Login / Register

Login / Register

IUG FORUM

Stay always connected!
  1. Phil Shirley
  2. Sierra/ Millennium/ Encore
  3. Wednesday, August 30 2017, 12:11 PM
  4.  Subscribe via email
Because email goes through the internet unencrypted (people often say "email is a postcard";), do any libraries out there strip confidential information out of email notices using a print template or some other method? Such an email might be a lot like a voice mail message we would leave, something like "One or more items you have checked out is overdue; use the link below to check your account and renew items."

Phil

pshirley@cuyahogafallslibrary.org
Phil Shirley
Technology Services Coordinator
Cuyahoga Falls Library
Comment
There are no comments made yet.
Add Comment
Greg Ferguson Accepted Answer
0
Votes
Undo
We use Print Templates for all of our patron circulation notices. We are currently reviewing their content with the intent of removing some, possibly up to all, of the "private" personal (name) and transactional (title, author, call number, etc.) information. Discussions are still ongoing, but I expect some changes in the future, possibly offering only a brief message and a link to My Library Account in our catalog.

Greg Ferguson
UC San Diego Library

gferguson@ucsd.edu

pshirley@cuyahogafallslibrary.org
Comment
There are no comments made yet.
Add Comment
  1. more than a month ago
  2. Sierra/ Millennium/ Encore
  3. # 1
John Boggs Accepted Answer
0
Votes
Undo
We are investigating the option of encrypting our email using TLS (we're software only), though since not all receiving email servers will accept encryption perhaps it would be smarter to remove the personal information altogether.

boggs@plsinfo.org
Comment
There are no comments made yet.
Add Comment
  1. more than a month ago
  2. Sierra/ Millennium/ Encore
  3. # 2
Alison Pruntel Accepted Answer
0
Votes
Undo
While I can see this being a good thing to do privacy-wise (and reinforces behavior to log into account to manage services), I would expect complaints that you're making the patron perform yet another step (log on to email, open email, now must click/select link, leave email, log on to online account). Of course, I'm sensitive because our county's topography (approx. 1 hour West of DC) means few/no choices when it comes to broadband or any Internet access, even via cellular. Our patrons love the email notices, but many not great with logging into their account, prefer to call us. So I would expect many, many complaints. Maybe we just have vocal patrons (and staff)! :p Did someone complain or just being proactive? You get a lot of email with personal information (online shopping orders, etc.), would guess that information about your library account would fall low on the list of concerns, but maybe I'm missing something. I guess we could switch our circ notices so that you'd just see the last 4 digits of your library card, no address, phone, etc. There's really no need for that info. to be in the notice. Guess it's time to think about using iReports again...

Alison

alison.pruntel@fauquiercounty.gov

alison.pruntel@fauquiercounty.gov
Comment
There are no comments made yet.
Add Comment
  1. more than a month ago
  2. Sierra/ Millennium/ Encore
  3. # 3
Phil Shirley Accepted Answer
0
Votes
Undo
Alison, I agree: Patrons would be unhappy if we didn't tell give them all the details in the email. If we had never sent email notices before, then I would argue for not sending confidential info in the email, but since patrons are used to detailed email notices, I can't imagine making them generic.

However, that doesn't mean we can't remove some of the confidential info from email notices, like the mailing address. I can also imagine that other types of libraries (I work at a public library) might do different things. Also, we should all be aware that this is not a good practice, and we should look for some other way to send patrons notices in an encrypted way, like maybe using an app that gives notifications for notices. Even if only some of our patrons use that instead of email, that would be better than nothing.

Phil

pshirley@cuyahogafallslibrary.org
Phil Shirley
Technology Services Coordinator
Cuyahoga Falls Library
Comment
There are no comments made yet.
Add Comment
  1. more than a month ago
  2. Sierra/ Millennium/ Encore
  3. # 4
Jennifer Faist Accepted Answer
0
Votes
Undo
Also, making it vague, leaving out identifying information, and then asking the patron to click on a link and login makes it look like a phishing scam.

jennifer.faist@artcenter.edu
Comment
There are no comments made yet.
Add Comment
  1. more than a month ago
  2. Sierra/ Millennium/ Encore
  3. # 5
Greg Smith Accepted Answer
0
Votes
Undo

I think there are certainly valid considerations on both sides of this issue.

In a special library setting, I can say that our organization is constantly trying to train staff not to click on links in email messages unless they are quite certain of the source. We, like many large organizations (and most individuals) are targeted by phishing attacks on a regular basis and are also subject to periodic internal information security audits involving tailor-made simulated phishing messages... all of which is to say that expecting our clients to click through to find out what we wish to communicate to them is a dicey proposition.

If we really wanted to remove private information from notices while still respecting our InfoSec policies we would probably need to ask clients to visit their patron accounts without providing a direct link. I have a feeling that would not be very successful, except perhaps for the wonderful (but not particularly large) subset of our clients who respond immediately to overdue notices more or less regardless of their content. The ones who let 1st, 2nd, and 3rd notices pass without action probably aren't going to find their way to the OPAC without a link... but then again, without fines as a motivator, automated notices tend to have little effect on this group no matter what.



greg.smith@justice.gc.ca
Comment
There are no comments made yet.
Add Comment
  1. more than a month ago
  2. Sierra/ Millennium/ Encore
  3. # 6
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,pdf,ppt,pptx,doc,docx,xls,xlsx,,txt,rtf,jrxml
• Remove Upload Files (Maximum File Size: 2 MB)
You may insert polls into your post. The poll would then appear in the post.
Vote Options
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.