Online Data Collection


An Educational Service of the American Library Association

Office for Information Technology Policy


Prepared by Leslie Harris & Associates in conjunction with OITP staff



In addition to the potential privacy violations stemming from criminal investigations, librarians should be aware that one of the greatest threats to patron privacy is the Internet.  While almost no activity feels more private than surfing the Internet in the privacy of one's home, the Internet, particularly when accessed in a public setting such as a library, is much less private than many of us believe.  Librarians should be aware of online data collection practices in order to educate their patrons on the extent to which their privacy may be compromised while accessing the Internet.


Personally identifiable information may be collected during almost all online activities.  The information collected may range from merely tracking how many hits a web page receives in a given day or month, to more sophisticated analysis of the specific user's Internet connection, computer, and software through the use of cookies (small pieces of computer software code placed on a web visitor's computer) and stealth data recording software (software that records personally identifiable information "behind the scenes" and sends it to a third party without the knowledge of the user).  This information is often referred to as transactional data.  As discussed in subsequent tutorials, librarians should work with their technology services department to minimize the personally identifiable information available to third parties as patrons use the Internet.   


Current technologies permit web operators and companies to link and "mine" myriad personally identifiable information from disparate sources for purposes the user may never have anticipated.  In addition to the information collected from individuals surfing the Internet, users often voluntarily disclose significant personally identifiable information in order to purchase products, participate in online contests or surveys, or receive online newsletters.  Many companies and organizations then sell, trade, or share this information with their affiliates.  As a result, consumers may receive unwanted "spam" e-mail, junk mail, or telemarketing calls, and are at an increased risk for identity theft or other fraudulent use of their personally identifiable information.


Traditionally, the content of online communications is granted broader statutory protection than transactional data.  Recent legislative developments, however, have strengthened privacy protections for transactional data because it may reveal as much sensitive information as the actual content of a communication.


Despite these risks, Internet users also benefit from online data collection in many ways.  Web operators may use the information they collect to determine which features, pages, and sites are most popular and adjust the web site to maximize these features.  Furthermore, cookies can provide a seamless, personalized Internet experience for each visitor to a web site.


Upcoming tutorials will discuss different online data collection practices, and ways in which librarians can act to protect patron privacy.


Further information:


ALA Office of Intellectual Freedom Privacy Q and A:


Department of Defense Information Awareness Office:


"Poindexter's Laboratory: The Know-It-All Plan To Fight Terrorism":


The Federal Trade Commission's Site Seeing On The Internet:


"Stealth P2P Network Hides Inside Kazaa," C-Net


Copyright 2002, American Library Association, Office for

Information Technology Policy




This Online Privacy Tutorial is a service of the American Library Association. The content of this tutorial is primarily the work of Leslie Harris & Associates in Washington, DC. The views expressed in these messages are not necessarily the views of ALA or Leslie Harris & Associates. This tutorial is for information only and will not necessarily provide answers to concerns that arise in any particular situation. This service is not legal advice and does not include many of the technical details arising under certain laws. If you are seeking legal advice to address specific privacy issues, you should consult an attorney licensed to practice in your state.