LAUSR

a solid, nuts-and-bolts guide to the data management practices needed to maximize our protection of that privacy. These practices include an understanding of how libraries manage their data internally and how it is shared with, or extracted by, third parties, including our parent institutions, our vendors, and their increasingly data-hungry corporate owners. Each chapter is intended to work as a standalone unit, framed by two continuing scenarios: a public librarian working through the aftermath of a data breach and an academic librarian balancing the needs of a learning analytics project against privacy concerns. While each chapter does work on its own, several form a natural progression. There is a clear flow, for example, from the chapter on creating and using a data inventory; through performing a data risk assessment and threat analysis; to using that information in establishing a library privacy policy. Of particular interest, if only because these topics are often overlooked, are chapters on the privacy risks of our own library assessment and analytics programs; and on the privacy training needed for library employees. No one has as much access to our data as we do, and so no one else has such potential to misuse it. With analytics in particular, we end up putting our need to measure the value of our work against our own code of ethics. This is a clear, forcefully written book that should find its audience among library technologists looking to take next steps in improving patron privacy. It describes in detail ways in which patron data can be deliberately mined or inadvertently leaked, by our systems and vendors, and by our own employees and programs. It should be noted that in matters of law and governmental policy, the book primarily focuses on the United States. Readers in other countries will still benefit from it but may want to supplement it with other sources on local privacy regulations. As a final note, by way of dedication, one of the authors includes a family recipe for pasties with the note, “Pie crust (preferably made with lard).” This reviewer concurs with that recommendation.