1. What personal information is processed?
Parent/guardian library account ID and borrowing history of titles. Child's name and age (where parent has provided it). No browsing behaviour outside the catalogue captured.
UC-006_library_recommender_privacy_review_signed.pdf
EV-2026-0136 ยท DPIA ยท linked to Library โ children's reading recommender
Artefact ID
EV-2026-0136
Type
DPIA
Linked use case
Uploaded by
Privacy Officer
Uploaded at
2026-05-17 10:08
Size
188 KB
SHA-256
5566โฆ77aa (truncated for display)
Hash chain
Verified ยท chained to previous entry
Summary
Privacy Impact Assessment for the children's library reading recommender. Personal information involved (parent's library account history); concludes Low residual risk with controls in place.
Chain of custody
Drafted by Library Services + Privacy Officer. Hash chained at upload.
Sections
2. Who can access outputs?
Only the account holder (parent/guardian) via authenticated session. Library staff can view aggregate (popular recommendations across all accounts) but not per-account. Vendor (SirsiDynix) cannot access tenant data.
3. PPIPA applicability
Applies (s.4 personal information). Lawful basis: necessary for the function of the library (s.10(b)). Consent confirmed at library card sign-up.
4. Risks identified
Risk: child's reading inferred by other household member with account access. Mitigation: per-child profile feature deferred to v2; parents advised in privacy notice. Risk: vendor scope creep (e.g. ML model trained on borrowing data). Mitigation: contract addendum prohibits cross-customer model training (signed 2026-05-14).
5. Sign-off
Signed
Privacy Officer
2026-05-17
Approved by Privacy Officer 2026-05-17. PPIPA breach risk: Low. Next review: 2027-05-17 or upon material change.