LIBLICENSE-L Archives

LibLicense-L Discussion Forum

LIBLICENSE-L@LISTSERV.CRL.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Book publishing privacy policies
From:
LIBLICENSE <[log in to unmask]>
Reply To:
LibLicense-L Discussion Forum <[log in to unmask]>
Date:
Thu, 13 Feb 2014 20:59:57 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (155 lines) 
From: Tony Sanfilippo <[log in to unmask]>
Date: Thu, 13 Feb 2014 11:29:12 -0500

As a data point, at the Penn State Press we do monitor some behavior,
and use cookies, but I think the key is just how far you're willing to
go in collecting this information, and if you've gone that far, is
what you're collecting really that useful. Sure, we have to follow
some University policies, but we do get a bit more rope and I think
it's because they understand we need it as a commercial enterprise. We
actually don't have to follow quite a few University rules, like their
web style requirements, or some of their purchasing policies, and we
don't have a privacy policy on our site, and have never been asked
about it by a customer or the University.

The University's privacy policy is interesting in that its only two
rules that really impact us are: Don't collect personal information
without permission, and don't sell any information you do collect. The
actual policy is long (http://www.psu.edu/web-privacy-statement), but
as for what really applies to us, that first paragraph seems most
relevant. And thus far they've been pretty hands-off. If we wanted to
appeal for an exemption to collecting personal information, we might
get it, if we could define its scope and the purpose we'd have for it.
But I'm not sure I have a good use for what we might collect, at least
not more than what I might be able to infer from other sources, like
the demographics of the marketing lead/mail/email lists that the
peddlers of such information offer us, or what we might learn from
print ad venues we've had success with, and their target demographics
which they typically share with us, or the information that some
scholarly societies offer in their conference marketing materials.

Within the marketing and sales department we frequently ask ourselves
about both the utility and the ethics of gathering some kinds of data.
For example, we're already measuring traffic to our site using Google
Analytics, and we're using Analytic tracking codes in the URLs we use
in social media and email campaigns. And we count those who come to
our site and then leave using our links to Amazon, or Powell's or
other book sites, however none of that is personal data. But with a
couple of slight modifications we could be collecting information on
where these visitors live, their probable income, education level, or
gender. But is it worth taking that ethical and bureaucratic leap just
to refine the income level of a typical visitor? We already know a bit
about their education level just by their interest in our books, and
I'd like to think our products are for the most part gender-neutral,
so what do we gain by collecting that data?

Another issue to consider is the demographic of the typical university
press marketer. Chances are they themselves are blocking cookies,
and/or have JavaScript turned off, and/or use ad-blockers, so their
interest in collecting this information is a bit colored by their own
preferences and awareness of the issues involved. They probably find
some of this tracking a bit creepy, and probably want to only do what
they themselves are comfortable with, maybe a little bit more when
pushed. But they don't like what they find on the web in terms of
information gathering, and they don't want to be a part of that
problem.

All that said, there are some questions I'd like to know, if I could
gather unlimited amounts of data about our web visitors and our
direct-to-consumer customers. First, how many are librarians and from
where? Next, what book pages do those with a low income look at and
then leave without making a purchase? And finally, we know who left a
book page and then went to Amazon, but we can't easily or confidently
match that exit with a sale at Amazon, or any other number of
associate programs we work with. We can make inferences, but I'd
really like to know what happens after they leave. I'd like to see
that kind of information, but I would want to seek the University's
blessing before I collected it, and I'm not sure my educated guesses
about those questions are so inaccurate that it's worth it, or that it
would significantly change how we do things.

Anyway, yes, I'd love more quality data, but I don't want or need to
know everything. A lot of data isn't the same as useful data.

Hope that's helpful,
Tony Sanfilippo
Penn State Press



On Wed, Feb 12, 2014 at 10:57 AM, LIBLICENSE <[log in to unmask]> wrote:
>
> From: Joseph Esposito <[log in to unmask]>
> Date: Wed, 12 Feb 2014 08:49:37 -0500
>
> Ken,
>
> No quarrel with anything you have here, but you are looking at this
> from the point of view of the end-user, which is only part of the
> equation.  What has caught my attention is that some organizations
> (and I am thinking in particular of universities and university
> presses) may be collecting data without knowing it or at least without
> their staff knowing all the implications.  That's how I interpret Eric
> Hellman's earlier comment.  I am still investigating this and would
> certainly like to know if anyone can cite instances of tracking and
> data collection by such organizations.
>
> Joe Esposito
>
>
> On Tue, Feb 11, 2014 at 6:52 PM, LIBLICENSE <[log in to unmask]> wrote:
> >
> > From: Ken Masters <[log in to unmask]>
> > Date: Tue, 11 Feb 2014 08:59:43 +0100
> >
> > Hi All
> >
> > Eric is quite right.  There are, though, several problems:
> >
> > 1.  Not everyone knows that Google Analytics is running (how many
> > people on this list knew it?).
> > 2.  Not everyone knows how to disable it. (how many people on this
> > list knew it?).
> > 3.  Experience of social media has taught us that privacy policies are
> > not cast in stone, and can change at any moment.  (Google and Facebook
> > are prime examples of this.)
> > 4.  The data collected are not 100% safe.  (No-one can guarantee that).
> > 5.  While many information-gatherers anonymise data, there is no set
> > procedure or protocol for doing so, and the process of de-anonymising
> > data is advanced.  There there are several studies showing how
> > successful this process is (and it requires nothing illegal, no
> > hacking, etc).
> > 6.  Google Analytics is only one.  There are hundreds.
> >
> > Unfortunately, the bottom line is simple.  If you're doing any of these:
> > - using a standard browser (e.g. Firefox, IE, Chrome), without any blockers
> > - using a standard email account (e.g. gmail, yahoo, or your
> > university or company account)
> > - using your standard email address to access ANY public discussion
> > group (including this one), social networking site, blog or newspaper
> > comment page, etc.
> > - not using a secure virtual private network (VPN)
> > - not frequently and regularly running anti-virus and anti-spyware
> > software (ignore your institutional safeguards - install your own),
> >
> > Then you can safely assume that your activities are being tracked and
> > archived, either by the service providers (and then passed on to third
> > parties) or by third parties directly.
> >
> > George Orwell was an optimist.  Be careful what you type next :-)
> >
> >
> > Regards
> >
> > Ken
> >
> > ------
> >
> > Dr. Ken Masters
> > Asst. Professor: Medical Informatics
> > Medical Education Unit
> > College of Medicine & Health Sciences
> > Sultan Qaboos University
> > Sultanate of Oman
> > E-i-C: The Internet Journal of Medical Education

ATOM RSS1 RSS2