SIP2, patron data, and SHAREit

Addressing a question recently raised on the NHAIS-L e-mail list concerning patron data shared via SIP2 with our ILL program:

"Is ShareIt considered a 3rd party vendor in this case? Would changing the SIP settings in Atriuum prevent ShareIt from auto filling patron contact information for requests?"

Yes and yes.

For libraries allowing patron-initiated ILL requesting, the ILS sends SHAREit the patron barcode, the status of the user, and whatever other information it is configured to send. If SHAREit receives data like patron first name/last name/address/phone, that will be stored in a user record created in SHAREit and is used to populate the request form whenever that login is used. If all that's received from the ILS is that the barcode is a valid user (no name, etc., attached), a user record is created in SHAREit with just the barcode. The user would then need to fill in at least the Patron's Contact Info and Patron's Last Name fields in the request form before submitting. SHAREit doesn't care what's in those fields--it could be a single letter or digit--but it needs to see something in those required fields.

The rest of this applies to all SHAREit libraries, whether allowing patron-initiated requesting or not. Any patron information submitted with the request form remains a part of the request and can be viewed by the patron or the borrowing library until the request is deleted. Lenders cannot see any patron information unless it was entered in the Borrower's Notes field. The system automatically deletes finished requests after one year but borrowers have the option to delete requests earlier. Statistical data is retained for deleted records but that does not include any patron information.

As with the ILS each individual library uses, there is a contract between the NH State Library and Auto-Graphics which includes specific clauses about protecting the confidentiality of library patron information. NHSL and A-G system administrators can see the data but we understand patron privacy requirements and keep what we see to ourselves. The contract between A-G and NHSL addresses data protection in significant detail and your ILS sharing this data with SHAREit should not be a cause for concern any more than having patron data in your own hosted ILS would be.