Monica Lewinsky is the ... incident ... you are thinking of. It is also a concern item for our European users, I'd think -- their privacy rules are significantly stricter. Perhaps we could go a middle ground? Instead of a perfectly anonymous code, we could tag it with a patron code that is marked as a "demographic" code (ie first digit is a patron type: local/external, next is age "bracket", etc)? That is usually generally acceptable, as marketing firms keep that kind of data.
Yep
That might be a good configuration option. Anonymise issue records (course youd have to wait till the item is returned *grin*)
I'm not a lawyer, but this is _definitely_ a potentially touchy item. My rule of thumb is always to avoid keeping data on a person unless they are a.) aware it exists and b.) have an opt out option.
Well you have to keep the info until you return the item, Else how do you know who has the item out?
If I'm not mistaken, the privacy of a library user is something that is _heavily_ encouraged by groups like the Amer. Library Assoc. (which has a code of ethics for librarians). I'll put it in the roadmap.
Sure, there are ways around it. But at any given time you will know all the items a person has out. Theres no way we can anonymise that. But we can certainly allow for an option for anonymising historical data. What I think the HLT use the data for, for their purposes is often they supply books to rest homes. Or elderly borrowers, and theyd like to avoid giving them the same book twice. Im fairly sure they'd like to keep doing this, and that the borrowers are aware the librarians know what books they have borrowed. So if we make it an optional setting, i wonder if thats enuff to satisfy the law enforcement. Being paranoid here, if you have a setting is it conceivable they could get a court order to force you to not anonymise the data? Chris -- Chris Cormack Programmer 025 500 789 Katipo Communications Ltd chris@katipo.co.nz www.katipo.co.nz