Privacy and Confidentiality Issues in Digital Archives - Patron Records

In December I attended an excellent Society of American Archivists workshop on Privacy and Confidentiality Issues in Digital Archives at Mount Holyoke College's lovely Willits-Hallowell Conference Center. This is the first Digital Archives Specialist (DAS) course I have taken. I was not planning on earning my DAS certificate, but if all the courses are as engaging as this one, I might change my mind.

The instructor, Heather Briston, brought up many interesting points of discussion that apply to all archives, not just digital archives. Ms. Briston is both an attorney and an archivist, so her point of view is slightly different than that of your usual archivist. The issue that I have been mulling over in my mind the most since the workshop ended is her statement that archivists should hold onto patron information for as long as we need it and no longer.

Archives have long differed from libraries in how we treat patron records. We ask patrons to register with their name, address, i.d number and more, and we keep track of the records they look at. In the name of privacy, libraries keep as little information as possible on their patrons and often completely clear the record of what a patron checked out once the item has been returned. These library practices have increased since the passage of the US Patriot Act. Because our holdings are not as easily replaced as those of libraries - indeed, often our holdings are irreplaceable - archivists have favored security over privacy. Most records management guidelines for archives recommend that archives keep patron records permanently.

In the workshop, Heather Briston challenged the practice of keeping patron records permanently. She recommended keeping the records only as long as the statute of limitations for replevin.  The length of this statute of limitations varies from state to state. Her reasoning is that even if repository staff discovers an item is missing, if the statute of limitations has passed, they have no authority to demand an item be returned if it is found elsewhere. Because of this, it is not worth the risk of retaining patron information beyond the statute of limitations. The risk of the repository being held responsible if a patron's personally identifiable information (PII) gets breached is not worth the limited benefits of retaining this information.

I know it is the legal profession's standard position to destroy records as soon as legally possible so the records cannot be subject to discovery. As an archivist, I am glad that many institutions have not always followed that recommendation since many rich historical records are now in archives that might have been destroyed if their original owners adhered to this policy. However, in this age of almost daily breaches of information - as I type this Target Corporation is dealing with a breach of over 40 million credit cards - I also appreciate the argument that destroying information  and being upfront with how we deal with patron data will make patrons and the public trust us more.

But in the back of my mind are the stories that come across my desk once or twice a year of big caches of stolen material being found in the home of a thief who has been pilfering items from archives for years and has finally gotten caught. (One example is the case of Barry Landau.) The authorities often have a very difficult time figuring out who the rightful owners are of many of the items. Sometimes the only hint they have are the call slips filled out by the apprehended thief. In these cases, even when the statute of limitations has expired, items are often returned to the original repositories.

This is something I definitely will have to mull over for a while. Your thoughts?