Thursday 14 September 2017

Talk from Naomi Korn: Nuts and bolts of information law compliance – copyright and GDPR

This blog is from our talk from Naomi Korn on the 16th August 2017. With thanks to Fiona Watkins for writing this piece!

The event began well with savoury nibbles, cakes, biscuits, drinks and time for the early arrivals to shake off their journeys and chat if they wanted to.  Having arrived a few minutes early courtesy of train timetables I was one of the first to arrive and received a warm welcome from one of the Thames Valley committee members.  The event was advertised to begin at 7pm although the talk did not start until after half past which allowed time for late arrivals and for some networking to take place.  Shortly after 7:30 we were ushered into a small lecture theatre to discover more about copyright and GDPR. 

Naomi began with some of her background and her passion for both copyright compliance and GDPR data protection became immediately apparent.  She was keen to inspire her audience and also to reassure us that our existing processes and procedures are most likely working well so that the reform of data protection should not be a scary prospect!  After a show of hands to see whether to focus mainly on GDPR or copyright Korn gave a brief overview of copyright compliance, recapping the Naomi Korn Copyright Consultancy (NKCC) Compliance model[1] and ensuring that we all understood how the model worked.  The majority of the evening was spent looking at GDPR which will be translated into UK law in May 2018, NKCC is working in partnership with Content Clear a data protection and GDPR specialist provider and it is something Naomi believes lines up really well with the compliance model used for copyright.  Naomi is a firm believer that copyright and data protection are an organisational issue not simply a matter of legal compliance and the compliance model illustrates this really clearly.

GDPR gives greater transparency in data protection obligations and responsibility and broadly speaking if your company is compliant with existing data protection laws and has a customer focuses ethos the compliance with GDPR should not cause huge issues.  GDPR covers paper and electronic records and builds upon the 8 principles of data protection.  GDPR increased the responsibility of companies to keep data secure and also increases citizen rights in relation to data protection.  Accountability in relation to data protection is becoming stricter, for example when an organisation is collecting data and making it available then privacy must be designed into the process including considering and justifying why the data is being collected and where and how it will be being shared. Fines for breaches of GDPR are likely to be higher.  Citizen rights are also being increased in terms of what they can expect and request, e.g. deletion of data from systems.   Naomi highlighted the ICO next steps information[2] as an important document to read.  She urged us to consider if we as a data collecting organisation could deal with an individual’s right to be forgotten and have their personal data deleted?  The GDPR legislation gives better recognition to children in relation to their data protection, and the importance of consent from parents and guardians.  It is essential that compliance with GDPR needs support from all elements within the organisation.

A large part of the event revolved around Naomi’s 10 top tips, although as the observant amongst those reading this will realise we soon moved past the limit of 10 tips! 
1)     GDPR and copyright are organisational compliance issues, not individual ones.
2)      It is unlikely that GDPR compliance will be completely achieved immediately – it is a process and process equals time.
3)      Copyright is a balanced relationship between compliance, pragmatism and ethics; GDPR is similar and becomes a risk management issue whereby we aim for complete compliance focusing on areas of higher risk first.
4)      Be proportionate about what we do; do your best to comply but remember that as information organisations we are likely to already be fairly well advanced.
5)      Project management and privacy by design are essential.  E.g. plan privacy into all aspects of projects how are you mitigating risks and ensuring that GDPR is built into contracts and licences.
6)      Monitor, review and keep up-to-date as an organisation.
7)      Ensure that you have training and strategies to raise awareness of the changes in place; this needs to be embedded throughout the organisation and regular refreshment activities need to be in place – avoiding complacency!
8)      Remember that GDPR applies to paper and electronic records.
9)      The policy section of the compliance model is not simply about writing a GDPR policy – many other policies will be impacted and therefore need reviewing.
10)   Read the ICO website for further information but don’t be overwhelmed by the amount of information available.  Naomi recommended that we begin with the 12 steps diagram previously mentioned.
11)   Carry out an information audit – what have you already got, where is it stored and who can access it.  This will enable us to move forward organisationally and see what changes need to happen.
12)   Exemptions – there will be some but as yet we don’t know what they are!  Expected to be broadly similar to existing data protection exemptions, but an announcement of the exceptions is not expected until at least September.  Commercial activities and sharing data outside of the organisation are likely to be areas of higher risk.

The final aspect of the session involved, unsurprisingly, questions from the audience.  Things that were touched upon related to the “right to be forgotten” aspect in relation to things such as library fines and Naomi believes that this sort of issue will be covered via the exemptions when they are announced.  Brexit was mentioned, when is it not nowadays, but this is will have no impact on the adoption of GDPR as it will be transposed into UK law.  Finally the likelihood of prosecution was discussed with Naomi feeling that using the compliance model will reduce the risk.  If we deal with areas of higher risk first e.g. losing data or sharing data with people/companies that we shouldn’t, then the process will hold less chance of prosecution.
Naomi’s final word of advice was to breathe in the change rather than panic over it, generally the types of institutions that were represented are already data protection compliant and the move to GDPR is unlikely to pose a big challenge.  

Fiona Watkins - Digital Resources Manager, University of Northampton

Tuesday 11 July 2017

Mentor exchange event

This blog is from our Mentor exchange event, held on the 31st May 2017. Many thanks to Matthew Henry for writing this piece!

A ‘Mentor Exchange’ event took place at RISC in Reading on Wednesday 31 May, led by local mentor support officer (MSO) Linda Jones, whose professional home is the University of Portsmouth. Very much a ‘round table’ event (though without a table), attendees gathered to hear from Linda about CILIP’s move towards training and supporting mentors via the VLE (Virtual Learning Environment) as opposed to the classroom-based training of the past, and to guide prospective mentors in what to expect from the experience, of training and mentorship in general.
The event started with each attendee describing who they were and what their situation was. The group included everyone from recently Chartered librarians interested in becoming mentors, to a retired colleague who sits on the CILIP Board and has experience evaluating professional registration portfolios. A new mentor shared her first impressions of mentorship, including to “remember that the work comes from them.” She added that there is no need to talk a great deal, but when doing so, to ask questions. This nicely set the scene for an exercise from Linda for all attendees, more of which later. The attendee concluded that being a mentor was “not as scary” as she thought it would be.
The perspective of a person sitting on the CILIP Board – and effectively being a mentor of mentors – was provided next. The main lessons here were of the benefits of mentoring someone who works in a different branch of information management to the one in which the mentor gained most of his/her experience.  Not only does this make the experience more interesting for the mentor, it also encourages the mentee to consider their work objectively, which helps them to place their activities in a wider context – in the words of the attendee, “to look outside themselves.” But the evidence they provide in their portfolios must be appropriate to their fields.
The next question from Linda to go round was what are, or what would attendees imagine to be, the most positive and negative sides of mentoring? Speaking of herself Linda admitted that she thrives on working with people from different sectors, particularly because she enjoys seeing as many libraries as she can get into, believing as she does that they are vital to civilisation. On the negative side, she regrets seeing mentees “driving down the wrong road for far too long,” developing material that doesn’t fit in their portfolios. Overall, she’s had fantastic experiences as a mentor, whether they’ve stayed in touch or have happily gone on their way after the experience of professional registration.
Two attendees who attained Chartered status relatively recently and are interested in becoming mentors were concerned that, in doing so, they would be able to provide the same quality of mentorship that they had enjoyed as mentees, whether this is guidance in general about professional practices or specifically following CILIP’s procedures. The more experienced attendees reassured them that all mentors have access to an MSO (in our case, Linda), and that curiosity is enough when working with someone from a different sector. The question of the risk of mentoring someone who goes on to fail to achieve professional registration was also aired. The reply here was to remember that it is always the mentee’s portfolio and that failure is their failure, rather than that of the mentor. In these cases mentors can work with the feedback provided by the assessment board.
Another attendee was concerned about being able to convince her line manager to let her be a mentor, to which the group agreed that the best approach was to find the right words to demonstrate the benefits to her employer of doing so.
Move towards online training
Next Linda explained recent changes in CILIP’s mentor training. MSOs’ recent experiences are that it is increasingly difficult to get would-be mentors and trainers into the same room for a full day. CILIP’s answer is to virtualise the process via the VLE, which now has a separate mentoring section. What would have been communicated in one day’s worth of intensive classroom training is now to be imparted over four weeks online. To be clear, the window available is four weeks but the amount of work is the same as can be achieved in a day, i.e. seven hours. The four weeks are structured, however. There are four weekly units that must be done in four consecutive weeks. The second week consists of a practical exercise conducted with another candidate. Two MSOs also follow the course (Linda was keen to point out that this new process is also new to them).
Those worried about using the VLE should be reassured that it is much easier to use than it was a year ago and that the course is well-structured. Discussion boards replace face-to-face contact and Linda encourages everyone to chat, get to know people, and explore. She commented that she has also asked that current mentors be allowed to do the training, to bring them up-to-speed with the new interface. Sections of the course are made available as one progresses through it. Much of the information is provided in the form of video. It is possible to download course frameworks for those wanting to study them offline.
This part of the meeting ended with a discussion about Certification and how it relates to the NVQ in library and information studies, and how both might relate to the development of an apprenticeship scheme for our sector.
A fun exercise to end
To round off the meeting Linda handed out plain envelopes to everyone, who split into pairs for an exercise on closed and open questions. Each envelope contained a picture of an animal. The object was for each attendee to find out what animal their counterpart had by asking as many closed questions as they liked, followed by a single open question. Closed questions were defined as ones in which there is a binary answer, meaning one of two options – typically yes or no. An open question, by contrast, is one that might have any answer.
In practice, the exercise was good fun but it also clearly illustrated the power of open questions and the limits of closed ones. For a mentor/mentee conversation, open questions are always to be preferred because they encourage the mentee to provide information, which requires them to think about their situation objectively, in order to explain it to their mentor, and to examine their own feelings.
In conclusion
Linda brought the meeting to a close with the some useful advice. Mentoring doesn’t have to be face-to-face, but it’s worth remembering that what works for oral communication isn’t always appropriate when written, so make sure your tone is right in any written communication. Mentoring can give you skills to deal with difficult people at work. Mentors can say no to any request from mentees.

The final piece of advice came from the CILIP Board member attending, with which Linda wholeheartedly agreed: mentees must express their own professional voices in their portfolios; the test, particularly for Chartership, is that they demonstrate their own initiative.

Matthew Henry - Library Assistant, St Hugh's College, Oxford

Tuesday 2 May 2017

"Shhhh... in other languages": My experience of working in libraries in different countries

This blog is from our October event, "Shhhh... in other languages": My experience of working in libraries in different countries". Many thanks to Emily Green for writing it for us.

Our speaker for the October meeting of CILIP Thames Valley was Marina Sotiriou, Library Assistant at the Royal Berkshire NHS Foundation Trust. Speaking about her experiences of working in different countries and libraries, Marina delivered an entertaining and informative presentation entitled “Shhhh…in other languages”.

Having studied library and information management in Greece, Marina worked first for the Library of Visual and Applied Arts at the Aristotle University of Thessaloniki and the Library of the 21st Ephorate of Byzantine Antiquities in Corfu. Following these interesting posts, she made a bold move to the UK; working first at Belfast Metropolitan College before taking up her current role. By this time, Marina’s varied experience meant she had already worked with numerous library management systems, classification systems, library structures and colleagues.

Based on these experiences and some detailed research, Marina was able to summarise the key differences between Greek and UK libraries across sectors. Describing health, school, public, and academic libraries, she provided an interesting insight into the strengths and challenges present in each country.

Drawing on personal experience, she then turned to those skills that she considers particularly important when working in different countries. Perhaps most striking was her emphasis on the importance of flexibility and her enthusiasm for constantly learning and meeting new people with different approaches and ideas.

Following Marina’s presentation, an opportunity for questions developed into an informal chat amongst attendees about the current state of UK and Greek libraries across sectors. Sharing our thoughts and experiences on the issue rounded off the evening well.

Emily Green – Assistant Librarian, University College, Oxford