[Koha] COPPA and self registration

Chad Roseburg croseburg at ncrl.org
Sat Jan 7 06:52:44 NZDT 2017


Thank you for your responses! We've read COPPA and have policies in place
as far as privacy ...etc, so we'll be sure to make those available/visible.

I'm interested in the way libraries are implementing this. What does your
process and page(s) look like? Text, links, additional pages, staff process
...etc..  Vanilla, out-of-the-box?
Part of the inspiration for my post [ which admittedly was dashed off a bit
hurriedly ] was sites like TinkerCAD which have
separate processes and verbiage for under 13 and over 13. Also, other
libraries like Chicago using an eCard feature have different links for
children needing parental permission. Since this isn't a social site and we
don't share information in any way we aren't in the same situation as
Facebook ...or TinkCAD for that matter. That said:

   - Do you use the self-reg feature out-of-the-box, or have you customized
   it or, altered the flow with an additional page, links ...etc.
   - Do you monitor the self-reg accounts for duplicates or abuse?
   - Do you expire the cards after a certain time?
   - Have you run into any issues [ not necessarily technical ], how have
   you adapted?
   - Do you validate birthdate or zipcode info -- by hand or via hackery?

I may be overthinking this but am interested in the experiences and
implementations of other Koha libraries using this feature. We've never
used this type of feature in any form, with any ILS, in the past - but
would like to start this year. It is a great service to patrons wanting to
use our services. Would also like to be able to address concerns and
questions from staff and board if they come up.

I apologize for my vague initial post.

Thanks again for your responses!

Chad






On Thu, Jan 5, 2017 at 5:55 PM, Diedre Conkling <diedre08 at gmail.com> wrote:

> I'm not sure how this is all that different from staff doing the
> registration.  You need to protect patron privacy and that happens after
> the information is entered into the system, whether by staff or a patron.
> I'm not sure what would be done differently.  Maybe I am missing something.
>
> ALA actually has lots about privacy policies, including COPPA, though I
> don't see anything specifically about the self registering in a library
> database:  http://www.ala.org/advocacy/intfreedom/librarybill/
> interpretations/qa-privacy (and other places).
>
> On Thu, Jan 5, 2017 at 4:22 PM, Chris Cormack <chrisc at catalyst.net.nz>
> wrote:
>
> > * Chad Roseburg (croseburg at ncrl.org) wrote:
> >
> >> We are planning to use the self-registration feature.
> >>
> >> How do you deal with patrons under 13 and COPPA?
> >>
> >> Thanks!
> >>
> >
> > Hi Chad
> >
> > How do you deal with them now? IE how do you register a child patron
> > currently? Do you have a policy for verifying their age?
> > Does your library have a privacy policy published already?
> >
> > If so I think (you'd wanna check it with your friendly lawyer)
> > that you have to document how you will verify their age and that no
> > information will be retained if you cannot verify it.
> >
> > "The act, effective April 21, 2000, applies to the online collection of
> > personal information by persons or entities under U.S. jurisdiction from
> > children under 13 years of age. It details what a website operator must
> > include in a privacy policy, when and how to seek verifiable consent
> > from a parent or guardian, and what responsibilities an operator has to
> > protect children's privacy and safety online including restrictions on
> > the marketing to those under 13"
> >
> > "Site operators must post a clear and comprehensive online privacy policy
> > describing their information practices for personal information collected
> > online from persons under age 13;
> > Make reasonable efforts (taking into account available technology) to
> > provide direct notice to parents of the operator’s practices with regard
> to
> > the collection, use, or disclosure of personal information from persons
> > under 13, including notice of any material change to such practices to
> > which the parents has previously consented;
> > Obtain verifiable parental consent, with limited exceptions, prior to any
> > collection, use, and/or disclosure of personal information from persons
> > under age 13;
> > Provide a reasonable means for a parent to review the personal
> information
> > collected from their child and to refuse to permit its further use or
> > maintenance;
> > Establish and maintain reasonable procedures to protect the
> > confidentiality, security, and integrity of the personal information
> > collected from children under age 13, including by taking reasonable
> steps
> > to disclose/release such personal information only to parties capable of
> > maintaining its confidentiality and security; and
> > Retain personal information collected online from a child for only as
> long
> > as is necessary to fulfill the purpose for which it was collected and
> > delete the information using reasonable measures to protect against its
> > unauthorized access or use.
> > Operators are prohibited from conditioning a child’s participation in an
> > online activity on the child providing more information than is
> > reasonably necessary to participate in that activity."
> >
> > So it looks to me like you have to put a bunch of policies in place, and
> > document them in your privacy policy.
> > Chris
> >
> >>
> >> --
> >> Chad Roseburg
> >> Asst. Director / IT
> >> Automation Dept.
> >> North Central Regional Library
> >> _______________________________________________
> >> Koha mailing list  http://koha-community.org
> >> Koha at lists.katipo.co.nz
> >> https://lists.katipo.co.nz/mailman/listinfo/koha
> >>
> >
> > --
> > Chris Cormack
> > Catalyst IT Ltd.
> > +64 4 803 2238
> > PO Box 11-053, Manners St, Wellington 6142, New Zealand
> >
> > _______________________________________________
> > Koha mailing list  http://koha-community.org
> > Koha at lists.katipo.co.nz
> > https://lists.katipo.co.nz/mailman/listinfo/koha
> >
> >
>
>
> --
> *Diedre Conkling*
>
>
>
>
> *Lincoln County Library DistrictP.O. Box 2027Newport, OR 97365Phone & Fax:
> 541-265-3066Work email**: **diedre at lincolncolibrarydist.org*
> <diedre at lincolncolibrarydist.org>
> *Home email: **diedre08 at gmail.com* <diedre08 at gmail.com>
>
> “If you don't like something, change it. If you can't change it, change
> your attitude.”―Maya Angelou
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha
>



-- 
Chad Roseburg
Asst. Director / IT
Automation Dept.
North Central Regional Library


More information about the Koha mailing list