Keywords

Introduction

Archives exist to preserve and promote cultural heritage and history. In keeping with the goal of supporting research and reuse, the archival mission is inherently bound to the idea that archival records are meant to be used. Privacy, to archivists, may be seen as a right, a restriction, a privilege, a protection, and a shield. It is interwoven throughout all aspects of archival practice, from discussions with potential collection donors to the appraisal and description of archival records to the provision of records to researchers. At each stage, archivists seek a balance between sensitivity to the rights and well-being of creators and subjects and responsibility to researchers and the access mission.

The Society of American Archivists’ Dictionary of Archives Terminology defines privacy as “n. 1. the quality or state of being free from public scrutiny 2. the quality or state of having one’s personal information or activities protected from unauthorized disclosure by another” (2023). Archivist Elena Danielson, however, defines privacy not as a passive quality or state, but as an ability imbued with agency: “the ability to control personal data—how it circulates in society, in archives, in publications, and on the Internet” (2010).

Statutes regarding information privacy proliferate, as do institutional policies and decision-making frameworks. There is no single, unified framework for determining what precisely constitutes a privacy concern in archival records, even for entities operating under the same legal frameworks. The archival conception of privacy is not particularly unique from that of other disciplines—it is, in fact, deeply shaped by the disciplines of records creators—but the archival approach toward privacy is distinct in that access rather than privacy is the end goal. One notable exception is grounded in the fact that archives are not merely record holders. They are also records creators, and archivists’ approaches toward archival patron records are grounded in the broader library principle that the privacy of patron circulation data is an absolute right (albeit one challenged by the 2001 Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, also known as the USA PATRIOT Act and other legislation in the United States).

Types and components of archival records that might be considered private are multiform and range from the mundane to the esoteric, including (but not limited to):

  • Personally identifiable information (PII)

  • Health information

  • Educational records

  • Financial information

  • Records containing passwords and security information

  • Personal confessions and discussions of vulnerable topics

  • Documentation of immigration status

  • Legal materials intended to be covered by attorney-client privilege

  • Trade secrets and confidential business information

  • Culturally sensitive or taboo materials.

The privacy issues of all other fields can find their way into an archivist’s domain, where they intertwine with each other and complicate an access-focused mission.

Danish archivist Eric Ketelaar identified five layers of privacy protections for private records held in public archives: (1) Legislation; (2) Transfer conditions; (3) Researcher agreements and ethics; (4) Repository access and security policies; and (5) A two-part “human dignity” test, to occur before the records are even acquired, asking, “[W]hich risk accrues to human dignity through the disclosure of confidentially imparted data?” and “Is that risk acceptable in the light of an identifiable advantage for the individual or for society?” (1995). These layers span all aspects of the archival process, often overlapping.

Archivists’ roles as preservers and providers of access to information and to the protection of privacy have important consequences for society at large; as archivists Richard Cox and David A. Wallace have argued, “[p]rivacy and access to information may be the distinctive hallmarks of the modern Information age, and as a result, archivists and records managers should have pivotal roles to play” (2002).

The archival profession is guided by best practices from its professional organizations; in the United States, this is primarily the Society of American Archivists (SAA), and internationally, it is the International Council on Archives (ICA). These bodies set best practices, but do not enforce them; it is up to individual practitioners to apply the principles to their own professional contexts, and up to their co-workers and peers to serve as checks and balances.

The ICA Principles of Access to Archives and the SAA Code of Ethics and Principles are very similar in their core messaging, and that similarity is extremely significant in a field where practice and standards vary widely internationally. Even Canada and the U.S., which both have graduate programs accredited by the American Library Association (ALA), do not share a descriptive content standard. There are also wildly varying regulatory contexts. For instance, in the European Union, the General Data Protection Regulation (GDPR) offers more stringent personal data protection regulations than are present in the United States, and many nations around the world have nothing comparable to the United States’ Freedom of Information Act (FOIA) laws, or even the principle that a government should be accountable to its citizens. Yet among international archivists there are agreements on these common principles—that access is the primary goal, but that privacy must be respected—even as interpretation and application may vary.

The weighting of privacy versus access has not been a constant. As recently as 1986, archivist Alice Robbin’s survey of state archivists found that most prioritized personal privacy over access considerations (Robbin, 1986). However, professional attitudes have evolved in the decades since, and the modern archival access mission means that personal privacy, even when respected and protected, is never the sole criterion when considering how to handle archival records.

Scholars such as Michele Caswell, Marika Cifor, Anna Culbertson, and Amanda Lanthorne have advocated for an approach based on an ethics of care (Caswell & Cifor, 2016; Culbertson & Lanthorne, 2021). This approach to privacy in archives involves thinking of issues as person-focused rather than institution- or issue-focused. For a particular collection, a particular set of records, the idea of the potential for harm is not abstract or anonymous. If it was, there wouldn’t be a personal privacy issue. There are real people or real communities that may be impacted, and good intentions alone aren’t enough for responsible stewardship.

This chapter provides an overview of privacy considerations and conceptions in archival practice, but a variety of other scholarship explores this topic and many related sub-topics in further depth. The most extensive works on the subject to date are Heather MacNeil’s Without Consent. The Ethics of Disclosing Personal Information in Public Archives and the Menzi L. Behrnd-Klodt and Peter J. Wosh-edited Privacy and Confidentiality Perspectives: Archivists & Archival Records (Behrnd-Klodt & Wosh, 2005; MacNeil, 1992). Both volumes are now out of date with regard to many specific laws and policies but remain deeply relevant in their discussions of ethics and practical considerations. The archival literature establishes privacy’s status as a deeply relevant but unsettled theoretical and practical territory—one whose terrain is continually changing in response to new laws and shifting perceptions.

Privacy Considerations During Acquisition and Appraisal

Privacy considerations in archival practice begin long before a researcher ever asks for records, and even before records enter an archival repository. The choices made during the acquisition and appraisal stages serve as a key foundation for future decision-making and include considerations regarding creator intent, third-party privacy, donor restrictions, legal and statutory restrictions, and ethical considerations.

Record Creation, Creator Intent, and Donor Responsibility

Privacy considerations may vary depending on how and when records are acquired by an archival repository. Unlike records managers, who typically work with records once they may have already served their primary function but are still in active use by the creating or commissioning entity, archivists typically manage records later in the lifecycle, often once they’ve left their originating institution and context. By the time they have reached an archival repository, records have typically lost any urgent sensitivity related to business or trade secrets. That is not always the case, however. Particularly in community archives, but also sometimes in cases where traditional organizations are trying to collect documentation of an event as or right after it happens, such as after a local disaster or tragedy, archivists and information professionals may be involved in the creation of a collection. When those doing the archiving are also active participants in the creation of records, there are additional considerations—the aspects of privacy determination that are typically left to the creators are now also vested with the archivists.

In recent decades, archivists have looked to web archiving as a way to preserve a record of under-documented groups and movements, as well as of contemporary events. However, such collecting initiatives can bring ethical challenges and raise questions about user privacy. Several researchers have noted that even when posting on public platforms, creators may have certain expectations of privacy. Ethical issues in preserving such content, often originally intended to be ephemeral or expected to be seen by a limited audience, may be compounded in cases of documenting protest movements or other cases in which posts may be used as incriminating evidence or put an individual at risk of harassment (Breed, 2019; Custers et al., 2014; Lindstrom, 2019; McCrow-Young, 2021; Velte, 2018). Archivist Ashlyn Velte, in her investigation of emerging archival practices of social media documenting activist movements, notes that “the archival profession is struggling to document sensitive groups without unintentionally endangering communities,” and identifies a need for more refined ethical approaches when acquiring such records (2018).

Archivists balance the need to preserve historically significant content with the desire to respect creators’ personal privacy and intellectual property rights. This balance can be difficult to get right, but new digital tools show promise in assisting content review. Angeliki Tzouganatou has argued that a guided approach with artificial intelligence (AI) tools could allow for greater democratization of access to born-digital collections, including those containing social media, that foreground inclusive collecting while safeguarding personal privacy (2022).

In the more typical case where archivists are not records creators or co-creators, however, there is always some degree of responsibility on the donor or transmitter to identify private materials, and then either not donate the materials or arrange for an appropriate restriction, if needed. Some transfers, particularly of organizational and government records, are guided by records retention schedules (plans identifying when certain categories of records should be retained, destroyed, or transferred to an archival repository) or legal mandates, and are not subject to the creator’s desires. But with personal papers, archivists will generally note that the greatest responsibility rests with the donor, who may be the creator, their heir, their estate executor, or some other party.

A well-known case of an executor disregarding a creator’s wishes is that of writer Franz Kafka, who burned many of his papers and entrusted his executor, Max Brod, to incinerate the remainder after Kafka’s death; Brod instead published them, and the collection was eventually donated to the National Library of Israel, for which this subversion of creator intention is advertised on the digital collection website as an interesting bit of provenance, not a guideline for how or whether to provide access (The National Library of Israel, 2023).

In contrast to the Kafka example, estate manager Rob Wilkins did have a steamroller run over a hard drive containing the late novelist Terry Pratchett’s unfinished works, per Pratchett's desires (Haigney, 2017). Archivist Sara S. Hodson recounts how novelist James Joyce’s grandson, Stephen Joyce, destroyed family correspondence and unapologetically explained it as a necessary action to safeguard his family’s privacy (2004). Certain professionals, such as lawyers, must also adhere to professional ethics that privilege the privacy and confidentiality of client records over information access (Behrnd-Klodt, 2008; Hobbs, 1992).

In other cases where a creator’s wishes may be less explicit, donors may make privacy decisions based on their own comfort levels. Within the University of Arkansas Libraries Special Collections is a collection of correspondence between a soldier during WWII and his wife that was donated to Special Collections by their son after their deaths; neither creator nor recipient was involved. The University Libraries fully digitized the correspondence and placed it online as a digital collection that includes both innocuous, quotidian letters, and others that delve into personal tragedy. Depending on one’s own personal comfort levels, the idea that this couple’s story is now fully open to the public, thanks to a descendant’s commitment to sharing it, may be either inspirational, or cause someone to second-guess ever passing down any of their personal papers to their family members. That’s because conceptions of privacy are personal and contextual, which can make the archivist’s job particularly challenging.

To some extent, the degree to which archivists rely on donors to self-identify materials that need to be restricted, and conduct their own due diligence before transferring records, is a matter of expediency. It is also an extension of the belief that those closer to the creation of records are more knowledgeable about their original context and are better equipped to make those decisions. “The third parties represented in a manuscript collection donated to a repository may have legitimate privacy rights,” archivist Mark A. Greene conceded—but his view was “that the archival profession is not (and to the extent possible should not be) in the best position to determine whether those rights would be violated by permitting access to the donated collection. The donor should have that responsibility, just as he/she has it up until the time the papers are donated” (1993).

Third-Party Privacy

Acquisition is also a time for information-gathering about the potential for sensitive/protected information in a collection that the donor may not personally be concerned about: that of third parties whose information is represented within the collection materials. Archivist Marybeth Gaudette calls these third parties “blind donors” and argues their rights should be a priority for archivists, just as the privacy rights of donors are (20032004). Third-party creators are rarely called on to provide their consent for archival materials to be donated, or offered involvement in deed of gift negotiations. Lafayette College is relatively unique in having specific workflows and policies relating to third-party privacy for its Queer Archives Project—but even it does not actually call for consulting the third parties, just considering them and potentially imposing restrictions on their behalf (Queer Archives Project (QAP) Team 2020).

Issues of third-party privacy are particularly significant when the third parties are members of vulnerable populations, such as those who are incarcerated, are undocumented, or are victims of state-sponsored violence or genocide. Archival repositories have struggled with the best ways to sensitively handle such materials. Well-documented cases of such quandaries include the records of the Mississippi State Sovereignty Commission, which conducted invasive surveillance of Civil Rights leaders (Schwind et al., 2002; Speer, 1999), and the records of the Stasi, the East German secret police who routinely surveilled the civilian population (Beattie, 2009; Danielson, 2004; Schwartz & Cook, 2002). While these types of records may typically reside in government archives, records of vulnerable populations who had little or no agency in the creation of records involving deeply personal and potentially harmful information about them may exist in any kind of archival repository.

A particularly unique third-party privacy consideration is related to traditional knowledge (TK), or indigenous material that is believed to belong to a group or culture rather than to an individual. Archivist Lara K. Aase, writing of her stewardship of indigenous archival collections, notes that she goes against the general archival trend of providing access: “Professionally, therefore, I prefer to err on the side of caution and to restrict access for a number of reasons. I do not believe the pursuit of knowledge for its own sake trumps an individual’s or a culture’s desire for privacy” (2020). This approach is supported by the SAA-endorsed Protocols for Native American Materials, which call for archivists to manage Native American records differently, noting that “[p]rivacy rights extend to groups in some situations. The limited right of organizations, governments, and families to associate in confidence may apply to American Indian tribes who wish to minimize or prevent intrusion into their practices” (2007). Archivist Kay Mathiesen, in line with the Protocols, has also argued for Native Americans’ moral rights related to the management of their traditional cultural expressions and knowledge (2012).

Negotiating and Renegotiating Donor Restrictions

According to the Association of College & Research Libraries (ACRL) Code of Ethics for Special Collections Librarians (2020), “Special collections practitioners have a responsibility to ensure the privacy and confidentiality of users, donors, record creators, record subjects, and vendors.” In order to fulfill this responsibility, the Code of Ethics recommends that “[w]hen working with potentially sensitive information within collections, practitioners prioritize access while recognizing the need to respect confidentiality of some materials, including the possible use of time-delimited restrictions. Practitioners are transparent with donors and users about the potential legal limitations of any confidentiality promises” (2020).

In keeping with this guidance, during the pre-acquisition stage, archivists will talk with potential donors about any privacy or sensitivity considerations within the records, and whether any restrictions are needed. If restrictions are merited, then they will typically be noted in the deed of gift, a donation instrument used by archival repositories to formally document transfer and outline expectations and commitments on the part of both the donor(s) and the repository. When imposed, restrictions should be specific, time-bound, and mutually agreed upon. Moreover, restrictions must be applied equitably within the archival institution’s mission and operating framework, rather than arbitrarily or prejudicially privileging certain groups’ access over others.

The majority of advice in archival scholarship regarding deeds of gift is that they should be final about whatever transfer of ownership or rights is occurring—i.e., they should not set up an ambiguous situation in which the donor may request their materials back later on,  perhaps after the repository has already invested significant resources into the collection. Some scholars have urged for more flexible approaches, however. Archivists Anna Culbertson and Amanda Lanthorne recommend including revocation clauses for consent, particularly for materials that may be digitized, as a way of ameliorating power imbalances and giving donors greater agency, although they acknowledge that such a model may be difficult for most institutions to implement (2021).

Archivists’ ability to protect privacy (and, by extension, donors’ trust in that ability) is, several scholars have argued, essential to archival collecting and the preservation of a fuller historical record, free from over-sanitization and purging by possible donors. “Confidence in the discretion of the archives and in the enforcement of restrictions demonstrably contributes to the creation and preservation of important documentation,” claims archivist Elena Danielson, noting that, somewhat paradoxically, it is reasonable restrictions that can ultimately lead to greater access (2010). “Trust is essential to build donor confidence in the archivist’s ability, including the resolve to keep sensitive material confidential, to protect family secrets, and to ensure copyright is respected,” declares archivist Rob Fisher (2015). Pekka Henttonen argues similarly: “Public records react to exposure like photographic film. If it is known that the information will become accessible to outsiders, it starts immediately to affect the content of records. […] Thus, protection of privacy is not only a problem for archives: it is also a tool for guaranteeing that full and frank documentation is generated in the first place and then preserved” (2017).

Some institutions may be better suited than others to care for materials that merit restrictions, such as private institutions, or public institutions in jurisdictions that provide specific exemptions for archival records from any FOIA or public records laws. Archivist Eira Tansey has argued that public institutions should reconsider accepting any private donations that come with donor restrictions, both to ensure that all promises to donors can be kept (and not undermined, for instance, by FOIA requests or subpoenas), but also in recognition of the duty those institutions have to the public that funds them (2021). Private archives may have a great deal more flexibility to offer their donors, and community archives in particular have explored donation mechanisms that sometimes look very different from a traditional deed of gift in order to ensure donors have agency and ownership over their materials. For instance, archivist Judith Schwartz describes the very granular discussions she had at the Lesbian Herstory Archives with donors about how and the degree to which they wanted their materials to be attributed, shared, digitized, and/or promoted (1992).

There is, then, broad consensus in the archival profession that reasonable donor-imposed restrictions serve a valuable and even essential function—but there is debate about when and how much they are justified.

Legal and Statutory Restrictions

Within the United States, there are four primary federal laws or legal rights governing privacy protections in archival collections.

The first of these laws is the Family Educational Rights and Privacy Act of 1974 (FERPA), which protects certain educational records.

The second is the 2000 Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule) issued by the U.S. Department of Health and Human Services as part of the implementation of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and which protects certain health records.

The third is the Freedom of Information Act (FOIA), which governs which federal government records are required to be made available to the public and, most relevant in this context, also specifies which kinds of records are exempt from its provisions, for reasons that may include personal privacy. Unlike HIPAA and FERPA, which are both withholding statutes (preventing certain records from being shared), FOIA is a disclosure statute—that is, a record may be exempted under FOIA, but that only means its release is not mandated, not that it can’t be released.

The fourth is the constitutional right to privacy, which is the only federal protection that applies to all archival repositories.

Laws like FERPA and HIPAA only apply to certain institutions, or covered entities (for example, FERPA applies to records maintained by educational institutions receiving federal funding, or by organizations/individuals acting on their behalf). Many repositories that are not legally bound by these laws, due to their status, will still use them as models for what reasonable privacy protections are, and so these laws do have an impact beyond the statutory one. For example, HIPAA applies to protected health information created or collected during the process of health care provision by a covered entity. Someone’s personal diary in which they detail their own or family health issues is not covered by HIPAA, but some archivists may use HIPAA as a framework for thinking about how to approach access to that diary.

There is wide variation among data privacy laws, FOIA laws, and other privacy protections not only at the statewide level, but also sometimes at the county or municipal level. Portland, Oregon, for instance, has more stringent data privacy protections than the state of Oregon overall. This variation makes it difficult for archival organizations, even regional ones, to provide useful guidance for their members, and makes it difficult for archivists to collectively advocate for changes. Most records laws acknowledge the importance of context, which introduces further variance. A person’s address as standalone information is directory information, and would generally be public under FERPA, but if it were tied to health information at a covered entity, it might be protected under HIPAA. Considerations may also be role-dependent. The height and weight of a university student would likely be considered private by many institutions, but for student-athletes, the University of Arkansas and other institutions have identified those data points as directory information.

Archivists must follow applicable laws but must also ensure that their policies and procedures do not create a legal obligation where there isn’t one if they do not have the resources to uphold it. Most archivists are not lawyers, and have limited access to internal or external legal counsel, so in many cases, archivists are left to self-educate on the laws that apply to them, and how; thus, it is perhaps unsurprising that many archivists err on the side of caution in relation to health and education records, in particular.

Another consideration in the application of privacy laws is the passage of time. In the United States, the right to individual privacy is generally understood to end with death. Notable exceptions are that FERPA provides no explicit expiration date (and in the absence of one, many university archives have set their own time frames, such as 72 (following the Census restriction period), 75, or even 100 years from the date of a record’s creation, and that HIPAA extends 50 years beyond an individual’s death in order to protect descendants’ privacy. Although some scholars have argued for the idea of post-mortem privacy rights, particularly in the context of reputational networks, these have not yet been legislated (Buitelaar, 2017; Craik, 2009).

Similarly, time-based restrictions imposed either by donors or archivists are based either on an intent for a specific time frame to act as a proxy for a likely lifespan, or with the assumption that the relevant privacy concerns will lessen over time (for example, as someone leaves public office or retires from the workplace). However, archivists do not universally recognize these perceptions of the passage of time as a lessening force on privacy. Heather MacNeil advises that “[t]he process of establishing access guidelines requires a sensitivity on archivists’ part, first, to the common law principle that rights to privacy do not diminish significantly over the lifetime of the individual to whom the information relates and second, to the common sense principle that, in some cases, these rights are not extinguished with the death of the individual” (2005).

Archivists have, with varying degrees of success, sometimes lobbied for changes to or clarification of privacy laws. In 1993 SAA, ALA, and the ACRL successfully lobbied the FERPA compliance office to provide guidance on unpublished undergraduate theses, and the office confirmed that theses could be made available without violating FERPA, even without the author’s permission (Chute & Swain, 2004). 2013 changes to the HIPAA Privacy Rule that excluded otherwise covered information of those who had been deceased for more than 50 years occurred in part because of the advocacy of archivists; two archivists testified before the committee, and SAA as an organization endorsed the change during a public comment period (Novak Gustainis & Letocha, 2015). Other laws have been enacted or changed due to the advocacy of archival users, such as through the Federation of Genealogical Societies’ efforts to increase access to historic vital records (Cooke McKay, 2002).

Ethical Considerations

While all archivists are bound to follow applicable laws, and generally understand what those laws are, interpretations may vary. For all the influence they have on the archival profession and on the availability of materials for research, those laws only cover a small fraction of records and privacy considerations. As Sara S. Hodson has noted, “[t]he potential for revealing private information more often constitutes an ethical concern than a legal one” (2004).

Professional codes of ethics, such as the SAA Code of Ethics and the ACRL Code of Ethics for Special Collections Librarians, lay out some basic principles, with few specifics. Elena Danielson identifies a flawed premise of many of these codes, however, noting that “[i]t is disingenuous to write ethical guidelines saying that archivists should protect the privacy rights of data subjects. Violation is part of the process. The real question is how it can be meliorated” (2010). That is, she goes on to explain, “The violation of privacy is an intrinsic and unavoidable part of archival work because it involves the secondary use of documents, which were originally created for another, so-called primary, purpose” (Danielson, 2010). This kind of violation is related to information science scholar Helen Nissenbaum’s concept of “contextual integrity”—that is, people may willingly share some information about themselves in a certain public sphere, but be dismayed to have it shared or aggregated in contexts outside of the one in which it was originally shared (1998). While such violations of contextual integrity are inherent to the archival process, they may be exacerbated in some aspects of archival work that bring records further from their original private or quasi-private sphere into much more public ones, such as when analog collections are digitized for online access.

The ethics of care framework, as well as other ethical lenses, tend to put the greatest emphasis on the potential for harm when making decisions about ethics-based restrictions. Heather MacNeil concludes that “[r]espect for the humanity and dignity of all persons, and the self-containing sense of responsibility arising from it, are the forces that will guide archivists through the ethical dilemmas that present themselves when competing values of individual autonomy and freedom of inquiry confront each other” (1992).

Choices and Constraints

Traditionally, before archival collections are made fully available to the public, they are processed, an endeavor that includes arrangement, description, and preservation, and typically results in a finding aid, or a research guide. New strategies as some repositories try to increase access while lacking the staff time to fully process their collection backlogs mean that traditional processing may not always occur, and regardless, it will not always occur at the same level of detail for each collection. However, processing is typically when the most attention is paid by archival staff to a collection, and when the most thorough review for potential privacy issues will occur. It is thus a crucial point of assessment and intervention. A key guiding framework for privacy considerations will be any restrictions laid out in the deed of gift form. If there are none, the processing archivist’s job will be that much easier. Figure 11.1 maps out a possible decision-making workflow, demonstrating some of the considerations an archivist may take into account.

Fig. 11.1
A decision tree. The archivist processes materials to identify possible privacy issues. It includes 5 decision boxes. If the results are yes, the materials are restricted under legal and ethical considerations. If no, no restriction is imposed.

Sample decision tree for evaluating archival collection privacy issues

Full size image

Options for implementing privacy protections, when a processing archivist has determined they are merited, can vary. Approaches include:

  • Restricting materials for a set period

  • Requiring that redacted access copies be created for any research request

  • Proactively creating redacted access copies

  • Implementing access limitations and basic screening procedures, such as a researcher application process, or limiting researchers to those affiliated with an institution

  • Requiring researchers to gain approval from a third-party review board, such as an institutional review board (IRB)

  • Requiring researchers to sign a non-disclosure agreement, an indemnification form, or some other form of waiver

  • Returning materials to the donor

  • “Sanitizing” materials by redacting originals

  • Destroying materials.

Not all institutional staffing levels or policies may allow for all these approaches to be options; in particular, the idea of “sanitizing” records may be viewed as unethical by some. In addition to being irreversible, and removing context, such an approach may take away the possibility of someone being able to retrieve their own records (a key aspect of GDPR and of the principle of information self-determination), and potentially deny attribution.

Writing of a San Diego State University digital project that redacted correspondent names to protect the personal privacy of vulnerable individuals, Culbertson and Lanthorne acknowledge the downside—"redaction effectively turned the letters into orphan works so that anyone could potentially publish the content of a letter without the correspondent’s consent. Whether intentional or not, this gave no control or agency to the very population the Library was trying to advocate for and protect” (2021). Humanities scholar Samuel Edquist, borrowing from the scholarship of Swedish archivists, has written on what he calls “ethical destruction,” and notes an inherent tension in that “there are two aspects of power in documentation, where the same record can be regarded as oppressive and emancipatory. Advocates for ethical destruction argue that archival silence is for the benefit of the persons involved in records. On the contrary, archival existence is often described as a prerequisite for history writing, identity, and justice” (2021).

Privacy considerations and protections are not lump-sum. A use restriction does not necessitate a corresponding access restriction, and a decision not to digitize materials does not preclude allowing physical access or even allowing researchers to create digital copies.

While there are, as discussed, numerous meliorating options for archivists to pursue, a commonality among them is that they take time—a commodity always in short supply for archivists, who are often at under-staffed repositories and working with backlogs of unprocessed collections that may have accumulated over decades. The substantial time investment required for item-level review, redaction, and other methods is not feasible for many repositories. Even for born-digital collections, where PII-screening tools may help automate some of the process, manual review is required to weed out false positives, and many privacy issues will never be caught by systems that look for patterns (such as digits in the format of a social security number), not for nuance. The time-intensive nature of the most comprehensive approaches toward considering thoughtful, reasoned privacy protections has led some archivists to advocate for largely abdicating responsibility in this area.

One of the more notable proponents of this was Mark Greene, who warned archivists against trying to apply their own judgment beyond what donor stipulations and legal frameworks required: “If we do respond by preventing access to all collections which might contain private information until all parties represented in the papers are dead, how will we explain to our publics and our resource allocators this retrogression to the role of stingy custodians and arbiters of privacy and ‘legitimate’ research? If on the other hand we decide to shoulder the responsibility for screening collections for material which invades the privacy of third parties, then we also invite the legal consequences if despite our efforts material later deemed to be an invasion of privacy is made accessible to a researcher. Surely we need not martyr ourselves on the altar of privacy rights” (1993).

Aside from the questions of time and expertise, there is also a risk of being overly protective, to the point that measures intended to be protective may be harmful. Archivist Bill Landis warned that “when archivists talk about privacy and confidentiality issues, I think it collectively brings out our most conservative streak. I typically see what I'd characterize as downward-spiraling scenarios of privacy-violation horror into which we talk ourselves” (2009). Similarly, Hodson cautioned about “an over-active sense of ethics that may afflict some archivists” (2004). An overly conservative proactive approach to protecting personal privacy can act as a form of censorship, impeding research and undermining an archives’ mission. It may also contribute to an overly paternalistic or prescriptive approach about what is considered sensitive or shameful, potentially perpetuating prejudicial attitudes in the name of protection. Moreover, Behrnd-Klodt warns, “[a]rchivists who seek such affirmative restriction voluntarily set a high standard of conduct that may be difficult to execute,” setting themselves to a standard they cannot live up to but for which they may be accountable (2005).

Archival Privacy: A Research Perspective

Privacy is a key concern for research services and teaching as well as acquisition, accessioning, and processing. Although the restrictions and procedures research archives follow in order to service records for access are dependent upon the determinations made by acquisitions and processing archivists, the staff responsible for interfacing with the public, guiding researchers through access policies, and providing reference assistance—archivists who we will refer to here as research and reference archivists—also play an integral role. Most archivists believe that everyone should have access to records for research. They promote the democratic ideal that historical evidence should be available to anyone. In keeping with that ideal, professional best practices encourage archivists to provide equitable access to anyone with interest. However, that access must be in keeping with institutional policies in place to protect the archives or the larger organization in which it resides from legal liability, as well as mitigate the burden on infrastructure, staffing, and other resources.

Like all areas of professional archival practice, ethical standards guide how institutions should assist researchers and ensure that their collections are both accessible and responsibly managed, including how public servicing of materials is conducted. “Ethics apply to all aspects of access, including providing physical and virtual access, producing reproductions, granting uses and permission, and adhering to restriction and legal regulations,” as archivist Cheryl Oestreicher makes clear (Oestreicher, 2020). Establishing appropriate policies with consistent and equitable service, provided by well-trained staff members is a responsibility of research archives, and privacy for patrons at every stage of their research journey is inseparable from that responsibility.

Professional Standards

As an area of concern, patron privacy is addressed in the SAA Code of Ethics. “Archivists respect all users’ rights to privacy by maintaining the confidentiality of their research and protecting any personal information collected about the users in accordance with their institutions’ policies” (Society of American Archivists, 2020). Archival ethics prioritize sustainable practices and policies that serve all of an institution’s stakeholders. Caring for collections and serving communities must necessarily involve an ongoing awareness of the impact of archival work.

As noted above, archivists must be mindful of the ways in which their professional work can function both as harmful force and reparative resource. As a potentially harmful force, archives can negatively impact the personal liberty and privacy of individuals and communities by granting access to creative works, information, or stories that were never intended by the subjects or creators to be publicly available. As a reparative resource, archives can also make political, social, and cultural information accessible for those seeking to advocate for greater rights and freedom for themselves and others and empower individuals to rewrite history by creating their own narratives (Caswell, 2021).

Archivists are always seeking to balance priorities, and in terms of privacy that means accommodating protections for donors and researchers while providing as much ease of access to and use of materials as possible. For practitioners in areas of institutional archives and research libraries that interface with the public—research services, outreach, and instruction—it can sometimes be challenging to balance excitement and desire to promote collections with a duty to protect privacy (Oestreicher, 2020). Archival professional standards tend to emphasize the need to achieve the broadest possible access. While some restrictions or limitations on access because of privacy concerns may be necessary, professional practice in recent decades has sought to make available all aspects of information possible (including repository-created metadata), along with means of duplication and possible publication, within the constraints of donor agreements and the law.

The Rare Books and Manuscripts Section (RBMS) of the Association of College and Research Libraries identifies transparency about user privacy limitations as an essential duty of special collections librarians and archivists. Staff in academic archives often collaborate with classes and teaching faculty or other programs on campus. These core services to the university community complicate the goals of shielding researchers and their interests from observation or interference while facilitating learning and training less-experienced researchers in how to utilize archival records most effectively. Archivist Elizabeth Yakel noted the transformation in archivists’ role in teaching at the turn of the twentieth century: “College librarians have seen their role evolve from that of passive participant in the learning process to a more active teaching role….The content of that teaching has transformed from bibliographic instruction for resources, indexes, catalogs, and materials in physical libraries to a focus on information literacy for information sources internal or external to the library” (Yakel, 2002). Yakel’s “Listening to Users,” along with a wide array of literature over the ensuing two decades, addresses archivists’ roles in primary source learning (2002). However, the area of student privacy within those teaching environments remains understudied.

Every archive that supports research should ensure the security of its materials and users. Methods to do this, whether in the reading room or through email or other virtual channels, include registration of users and presentation of proof of identity; having protocols in place to track usage of materials; and researcher agreements to abide by policies and procedures.

Do researchers and patrons in special collections libraries desire privacy about their research topics and work? Some may as a personal preference, while others may require privacy to protect themselves from unwanted scrutiny. The desire to preserve a scoop may be another factor—while many researchers have interests in promoting their work in archives, they would typically prefer to be able to control that promotion and its timing.

Archival research can attract scrutiny that inhibits the ability of researchers to seek truth, both in places with fewer protections for individual liberty and in places with well-established legal or constitutional protections where research may still arouse political or otherwise official suspicion or retaliation. The use of archives by researchers seeking to reveal or investigate social conditions and address social, cultural, or political issues—such as in journalism, activism, and socially-relevant scholarship—needs the shield provided by professional archival practice’s commitment to patron privacy.

Privacy During Research

Privacy during research entails a balance of security measures in place for the material as well as for the patrons themselves. Reference archivists, as a specialized subset within the profession, are integral in fulfilling the mission of the archival institution and are essential to the management of privacy issues in the archives, whether regarding the origin of the research material or the privacy of researchers. Reference archivists are the intermediaries between collections and patrons, ensuring that established policies are followed (Cohen, 1997; Pugh, 2005; Oestreicher, 2020). Research archivists and others serving patrons in reading rooms will, through the course of their duties and engagement with researchers in order to better guide their requests or facilitate the use of additional services such as duplication, gain some degree of familiarity with the details of the researcher’s activities. For security purposes, they will also likely track the materials used by the researcher, either in a database or via paper call slips. This type of documentation is typically disclosed to researchers as part of a researcher agreement or orientation, as documenting researchers without their consent could be considered a violation of their personal privacy. Forms used for registration sometimes provide an option for researchers to consent to be photographed for the promotional purposes of the institution. Many patrons are eager to contribute, but their willingness should not be assumed. Unless consent is explicitly given, the collation or distribution of individual researcher activity represents a potential invasion of privacy.

Personally Identifiable Information (PII) During Research

There are several times within an institution’s interaction with researchers when PII might be collected. Archives often require the presentation of, and sometimes a copy of, government-issued identification as a security measure. In addition, archives that require patron registration might require a patron to provide a work or home address, other contact information, or institutional affiliation. If an institution charges fees for reproductions, then researchers requesting copies or digital scans may also need to submit financial PII.

Research services staff in publicly accessible archives have increasingly sought ways to protect PII for research and to create safeguards against accidental or intentional accessing of information for unauthorized purposes. Automated patron registration systems, as well as patron-directed duplication requests, can allow for greater protection of the records of materials being accessed or duplicated by individual researchers.

Documenting Researcher Activity

A central aspect of privacy for patrons is protecting the outcomes of research and further work. Archives should ask for consent before any publication about or photographing of researcher visits. Some archives and research facilities may attract news media, whether because of a noteworthy collection or donation, a special event, or perhaps because of a politician or celebrity visiting; these news crews should not be permitted to film researchers without permission. Management of security footage is also a concern, as well as the perception by users that they are under surveillance in the archival reading room, a circumstance Eric Ketelaar once identified as “archival temples/archival prisons” (Ketelaar, 2002). Strongly encouraging the development of a careful and transparent policy by special collections and archives staff regarding the use of security cameras, the ACRL/RBMS security guidelines make clear that as the “use of cameras involves legitimate privacy concerns for both staff and visitors,” and that this “decision should not be undertaken lightly” (2009). The guidelines suggest that institutions “create clear internal policies outlining who can access security footage, how they would view it, and under what circumstances it would be permissible” (ACRL/RBMS, 2009).

Given that researcher access and privacy are a priority, archives should reject requests from outside authorities for information on research. This is not always possible, as laws related to freedom of information requests or issues of national security may supersede institutional policies or procedures. For this reason, archives should be cautious in both their creation of researcher documentation or surveillance footage and their retention policies of such documentation, ensuring that they collect no more than is necessary for their operations and security.

Legal Protections for Researcher Activity

Federal law provides some protections for the research process, but laws can also open up avenues for the inspection of research activity. Regulatory frameworks evolve, and changes in the United States and Europe have both restricted access to some records in favor of greater privacy for third parties and, on the other hand, allowed for intrusions upon personal privacy under the auspices of national security or fighting criminal activity. Following the beginning of the War on Terror in 2001 in the United States, the USA PATRIOT Act can be used by the federal government to obtain patron records. This development proved frustrating for many research institutions, from non-profits and public libraries to private and public universities, as it nullified well-established institutional practices and policies. As a result, efforts to further anonymize patron data, such as through new forms or automated registration systems, increased. (Oestreicher, 2020).

The University of Arkansas Special Collections as a Case Study

We can examine an established research archives division at a public university to see both how care is taken to accommodate competing needs and requirements, as well as how ongoing refinement of policies is needed to remain compliant with relevant regulations and legal frameworks. For instance, the Special Collections at the University of Arkansas Libraries has, evident on its website and in posted user research guides, detailed and evolving policies and procedures.

As a repository within a land-grant, public university serving tens of thousands of undergraduate students, Special Collections seeks to balance the university’s “student first” mission with demands from researchers in the community and around the world, many of whom are drawn to its high-profile collections related to international education, civil rights, architecture, and music. Although there is a substantial university archives, most archives available to researchers originate from non-university-affiliated sources, including governmental agencies, non-profit organizations, corporations, families, and creators from fine arts, literature, and scholarly research fields.

Before a researcher ever accesses any collection material, Special Collections is already collecting data from them through online registration forms. However, they also employ disclaimers and data usage statements addressing how data is collected and stored in order to make both the reasons for collection and the limitations of protections transparent. The current forms and systems represent an evolution of policies based on experience, lessons learned, and a growing understanding about how collecting essential information in hard copy could put researcher privacy and material security at risk. The previous paper’s form-based system was vulnerable to loss of data and unauthorized access.

Like other institutions that have transitioned to digital patron management systems, the University of Arkansas now uses disclaimer language related to vendor management of data. Disclaimers also make explicit that Special Collections may need to comply with legal requirements and requests, while certain requests from outside parties, such as FOIA requests for user information, are referred to legal counsel.

Granting access to unprocessed collections is a particular challenge for protecting potential PII and other information donors may not want to be disclosed. Collections with politically relevant material, as well as archives from literary, music, or other creative fields with great public interest, can attract immediate researcher demand well ahead of an institution’s processing schedule. Special Collections’ Access to Unprocessed Collections policy (Fig. 11.2) thus specifies an amount of screening that Research Services staff will conduct for a given research request, as a compromise between access needs, staffing resources, and privacy protections.

Fig. 11.2
An excerpt includes the information on access to unprocessed collections policy and procedures and policy concerning personally identifiable information.

Updated PII and Access to Unprocessed Collections Policy, University of Arkansas Special Collections (Image source https://libraries.uark.edu/specialcollections/research/unprocessed.php)

Full size image

An updated framework now in place at many research archives is to inform users of their responsibilities very clearly and in multiple places on websites, registration, and forms in order to establish protection for the institution and avoid overstating its role in the research, discovery, or publication processes. While the responsibility to provide access remains with the institution, the responsibility is on the user to avoid further disseminating PII once it is encountered and to act responsibly within copyright and other guidelines. Some collections may include sensitive or confidential information that has not yet been identified, so Special Collections’ researcher agreement form requires that researchers notify a staff member and agree not to copy or disclose such information, should they encounter it. In this framework, the researcher assumes all responsibility for infringement, allowing the repository to be more permissive in its access policies.

Conclusion

Archivists are still navigating the evolving and changing relationship between communities and archives, museums, special collections libraries, and other repositories open to the public for research. Considering possible sensitive information or material communities represented in historical collections might object to having shared publicly, a mechanism to remove content (take-down notices) or respond to requests for repatriation or deaccessioning can be implemented. Archivists must remain informed regarding evolving professional practice and applicable laws and regulations, especially as the availability of archival material digitally increases along with the public demand for digital access.

In her 2022 dissertation, Allison Rae Tyler looks at the impact of recent European Union privacy regulations on social sciences data archives and suggests new conceptualizations of privacy (2022). Her title provocatively asks the question, “Can We Still Archive?” The answer is yes—but not everything, and not without applying a legal and ethical framework to decisions about acquisition, processing, and access. Archivists can rely on donors and researchers as partners and collaborators in identifying and remediating privacy issues within our collections, but we cannot offload the responsibilities we have to those donors and researchers, as well as to other record creators and third parties. Protecting privacy within archival practice is time-consuming, contextual, and a constant balancing act between competing ethical and professional demands. Yet, a greater attention to privacy considerations does not compromise the central access mission of archives—it just makes things a bit more complicated.