From a technical standpoint, libraries rely on a wide range of systems that may unintentionally compromise patron privacy. Some library catalogs and discovery tools retain search histories unless settings are intentionally adjusted to anonymize or automatically delete that data. Third-party platforms like OverDrive or Hoopla, despite being awesome resources that our patrons love, do collect data on what users are reading, along with IP addresses and device information. Privacy enhancing modes like incognito mode can break authentication for digital library resources, causing frustrating access issues for patrons, that library staff may have to troubleshoot. Library staff need more than just a basic understanding of authentication systems or secure browsing—they need confidence in navigating privacy features and troubleshooting common access issues. To address this, libraries can offer hands-on workshops for staff on how to use privacy-enhancing tools like VPNs, encrypted browsers, and secure password managers. Offering patron-facing training materials like short privacy toolkits or drop-in help sessions can also empowers users to take control of their digital presence.  

On the organizational level, privacy is often shaped by decisions made far beyond the library’s walls. Vendor contracts may lack up-to-date privacy clauses, permitting data-sharing practices that conflict with library ethics. Once signed, these contracts can be very difficult to revise, so it’s important that librarians are educated about privacy concerns before signing them. Campus-wide learning analytics initiatives may collect student data from library systems without librarians' input. The answer here is advocacy and collaboration! Libraries can conduct privacy audits of their vendor agreements, work with IT to review campus tracking practices, and push for the inclusion of privacy-preserving clauses in contracts (Wissinger 2017). Creating internal privacy policies and aligning them with ALA guidelines gives staff a stronger framework to stand on when privacy issues arise.  

The cultural component is equally important. Many patrons believe that library use is private by default, and discovering that their e-books or research tools track usage can erode trust. On the other side, some library staff may assume that patrons don’t care about digital privacy, which can lead to missed opportunities to educate and empower users. Staff might also hesitate to speak up about surveillance technologies because it feels outside their scope. To shift this dynamic, libraries can launch awareness campaigns that frame privacy as a core value of intellectual freedom. Hosting events can help build a stronger privacy culture, and encouraging staff to talk openly about their own concerns and ethical commitments can also foster a collective sense of responsibility.