[Koha] Questions on data security, liability and RFP issues

Baljkas Family baljkas at mts.net
Sat Nov 6 13:39:58 NZDT 2004 

Friday, November 5, 2004    18:14 CST

Greetings all,

Owen's question reminded me of some issues I had been meaning to ask about for a while now.

First off, the whole issue of data security in the Koha ILS.

I don't think this question has been raised before -- and I apologise in advance if it has been, or if asking it this way is simply hopelessly naive/ignorant: but how safe against hacking, e.g. would Koha be? Or is this more a matter of systems admin level securities behind which Koha would be shielded? (G*d, I hope so.)

Does anyone in the library world side of things know if there have been any papers or studies on security issues that one should look at?

I know that the security aspect was important for the military library that I worked at as a cataloguer, not so much for the materials that were in it, to be honest, but just as a matter of standing protocols on the base. Nowadays, though, increasingly in Canada and my little bit of it in Manitoba, protection of privacy information is important, and the CLA has made it clear that libraries have a duty to protect borrower information.

Also, I need some advice on the separate but related issue of accountability and legal liability.

I realise that in adopting Koha we are accepting personal (individual or corporate) liability as part of the responsibility for adopting, but has anyone out there had to deal with not being able to use an Open Source application basically because -- and I am sorry for being crude here -- as far as the PTBs in their corporate or organisational culture were concerned, it was against the rules because there would be no one to sue if something went wrong?

{To be clear I find this whole line of thinking ludicrous, but then again, I probably don't understand the law well enough to worry about things like Koha that seem to work so well being allowed to work to everyone's benefit.)

Again, from my experience on the military base, this was one rationale given for excluding Open Source solutions (even if the Chief Librarian had been seriously interested in such). 

Does anyone have any experience dealing with this legalistic problem in promoting Open Source generally or Koha specifically as a viable solution?

Prof. Chawner, if you are still tuned in, is this something you might have happened across in your research?

The final issue likely will seem trivial to those not in the library side of things so I apologise in advance again: but is there a recommended practice in doing an RFP process with Open Source?

And yes, I know how stupid that sounds, but in the situation I am looking at, it will be absolutely critical to fill out that standard paperwork and I honestly have no idea how to do it (and no, asking for help in bending the rules would get me nowhere).

Computer support, by the way, would be a given :-) , but determining how much would be nice. IIRC Paul (?) gave us some estimates a while back. Any further recommendations for costing this from the system admin people?

Any and all input on these matters will be gratefully received and greatly appreciated. TIA.

If I can provide a concrete proposal with answers to objections on the issues above, I am hoping that through some contacts we have here, I might be able to advance Koha for school and community library use. I know Koha could do the job: I am convinced it is just a matter of successfully navigating the process.

Steven F. Baljkas
library tech at large
Koha neophyte
Winnipeg, MB, Canada

More information about the Koha mailing list