But this might be a small price to pay if there is danger of you being forced to reveal the data. I remember just recently actually a bookstore somewhere in the US refused to reveal a patrons purchase record. Cant recall specifics but it was on slashdot.org. So I can see how its a legitimate concern that someone may demand it.
Monica Lewinsky is the ... incident ... you are thinking of. It is also a concern item for our European users, I'd think -- their privacy rules are significantly stricter. Perhaps we could go a middle ground? Instead of a perfectly anonymous code, we could tag it with a patron code that is marked as a "demographic" code (ie first digit is a patron type: local/external, next is age "bracket", etc)? That is usually generally acceptable, as marketing firms keep that kind of data.
That might be a good configuration option. Anonymise issue records (course youd have to wait till the item is returned *grin*)
I'm not a lawyer, but this is _definitely_ a potentially touchy item. My rule of thumb is always to avoid keeping data on a person unless they are a.) aware it exists and b.) have an opt out option. If I'm not mistaken, the privacy of a library user is something that is _heavily_ encouraged by groups like the Amer. Library Assoc. (which has a code of ethics for librarians). I'll put it in the roadmap. Nick