Libraries are facing new challenges and concerns about preserving patron privacy, protecting networks against security threats, and defending users from scams and identity theft. They must be able to authenticate users while protecting user records, both electronic and on paper, from those who would seek to gain unauthorized access.

User records have expanded beyond the standard lists of library cardholders and circulation records as libraries begin to use electronic communication methods, such as electronic mail for reference services, and as they provide access to computers, the Web and printing.

Marshall Breeding, director of innovative technologies and research at Vanderbilt University Library in Nashville, Tenn., said, over the last five or six years, there has been a huge change in the technology libraries use to protect sensitive information, such as the names, addresses, and research and reading habits of patrons.

“These days, libraries use specialized software to support patron privacy,” Breeding said. “This software has features that ensure that no personally identifiable information about users is maintained long-term. For example, when an individual checks out a book, the statistical record of that transaction is maintained while the individual’s identifiers are purged.”

To ensure that an unauthorized intruder does not gain access to sensitive information through a worm or virus, many libraries are using a multilevel approach that incorporates tools, such as desktop-level virus software and firewalls on the edges of their networks, especially surrounding their data centers.

“Libraries are getting pretty good at this,” Breeding said. “There was a time when we didn’t have a depth of understanding about information technology. But in today’s world, everyone recognizes that it’s vital.”