So long, Sunderland – and some data-related unfinished business

After nearly four and a half years at the University of Sunderland, I’m moving on to a new role at ORCID, as their Education & Outreach Specialist.  For most of my time at UoS, I’ve been the E-Resources Librarian and the Law Librarian, which has been a very interesting combination of roles.

When I started at UoS in 2012, we still had Classic Athens authentication and Single Sign-On running in parallel, EDS was implemented but needed more work, and EZproxy was hardly used.  Since then, the use of Classic Athens has been discontinued and SSO has been fine-tuned to give different access permissions to different types of users, EZproxy authentication is in place for all platforms which support it, and I’ve overseen the successful migration of our old EDS to the new EDS FTF.

I’ve enjoyed teaching others about various e-resources topics, especially while dressed as a pirate.  Other subjects included licences and subscriptionsjournals and platforms, and hyperauthorship.

Writing and editing my chapter on Open Access for the Legal Academic’s Handbook helped me to distill and refine my ideas in this field.  Participating in Helsinki University Library’s International Staff Exchange Week 2014 was an excellent experience and further fuelled my Suomi-philia.  And developing a framework for Professional Practice Forum helped to develop communications and nurture relationships within our Senior Library Staff team.

My participation in UKSG has grown from attending the 2013 conference (where I first heard about ORCID), the 2014 conference, being invited to join the UKSG Research & Innovation Sub-Committee, and then being elected to UKSG Committee.  I’m looking forward to carrying on this role in my new job, and glad that ORCID is fully supportive of my involvement.

I would like to thank the colleagues who have helped to realise many of these projects, especially Rachel Webb and Ian Frost, trusty allies in periodicals and IT.

Lastly, there is some unfinished business concerning EBSCO EDS and Single Sign-On.  Bref, EBSCO and Eduserv are proposing a change to how users log in to EDS, so that they will also  immediately be logged in to their personal folders.  This solution will appeal to libraries, as users often struggle with the current situation where you log in first to the system, and then again (with different credentials) to access your personal folders.  However, this change involves sending users’ personal data outside the EU, and therefore has Data Protection implications.  Here is my most recent communication to Eduserv on the matter, sent in advance of last week’s webinar “Approaches to authentication – evolution, security, options for the future”:

I would like to ask you about how the use of EDS and SSO fits with the Data Protection Act (1998) requirements that personal information used by organisations is not transferred outside the European Economic Area without adequate protection.
I have made this enquiry before have been told that it is up to the organisation to decide if EBSCO’s use of servers outside the EU complies with the DPA (really?).  This respondent also quoted the Safe Harbor framework, appearing not to know of the EU Court of Justice decision in 2015 that the Safe Harbor regime did not provide a valid legal basis for EEA-US transfers of all types of personal data.
I wonder if someone at this webinar may be able to provide a better response.  I urge Eduserv and EBSCO not to pass this matter back to individual organisations alone, but to offer some advice and guidance about the implications, especially as many library staff making decisions about implementing the EDS & SSO option may not be aware of the legal implications.

I have not yet had a response from them, and the recording of the webinar has not yet been released so I don’t know if it was addressed during the session.

Library colleagues, please be alert to the implications, keep asking Eduserv and EBSCO about this, and don’t let your users’ data be released without adequate legal and ethical safeguards.

Advertisements