Back
Security and Data Privacy
Subscribe by RSS
Share page by email
Save as PDF
Share
Q&A: Limiting Actions Related to Portfolios and E-collections According to User Role Scope Alma Local Backup
Ex Libris Security
Ex Libris is committed to providing its customers with a highly secure and reliable environment for its hosting and cloud-based applications. It has therefore developed a multi-tiered security model that covers all aspects of hosting and cloud-based Ex Libris systems. The security model and controls are based on international protocols and standards and industry best practices, such as ISO/IEC 27001, the standard for information security management systems (ISMS).
To learn more about our security policy and the additional processes and policies related to it, read our security policy
Ex Libris Data Privacy Policy
This privacy policy governs how we use personally identifiable information that we receive and store about individuals, such as visitors to the Ex Libris website, library staff, students, patrons, and other library users (referred to individually as a "User" and collectively as "Users") who use (i) the Website www.exlibrisgroup.com, and other Websites operated by Ex Libris (referred to collectively as the "Website") and/or (ii) Ex Libris products and services that Ex Libris offers ("Products and Services"). We have implemented this privacy policy because user privacy is important to us. We are committed to respecting the Users' privacy and we recognize users' need for appropriate protection and management of any personal information that we receive and store.
To learn more, see privacy policy.
Cookies
Session cookies are used to manage session lifecycles and the login flow.
Additional cookies are used to manage GuideMe session lifecycles.
Data Privacy FAQs
Are there specific anonymization jobs in Alma Analytics?
The Alma Analytics database is populated with ongoing feeds from Alma’s operational database. This process is referred to as ETL: Extract, Transfer and Load. The data in Analytics is an exact reflection of the operational data that is used in Alma. Therefore, data that is anonymized in Alma is reportable in Analytics only in an anonymized format. Alma runs anonymization jobs on the following data elements:
When any of these records is anonymized, the link between the relevant record and the borrowing patron is permanently removed from the system—that is, it is not restorable in any way. Consequently, any interface that shows information about the borrower of a loan will have no history information to display.
Does Alma support retention periods for anonymized loan records?
Retaining history information in the system is very useful for auditing purposes. At time, libraries need refer to historical actions, such as loans, requests or fees, in order to be able to analyze issues of interest, such as what happened to a lost item or how a fee has been handled. An additional need for retaining historical information may be related to being able to extract statistical information, such as how many loans of a given type have been processed in a given period of time, or how many requests have been canceled.
In order to fulfill these requirements, Alma retains history records for fulfillment actions indefinitely. Having these records remain reportable in Analytics is essential in order to be able to meet the above listed requirements. However, the retaining of full historical information may create a privacy challenge. Many libraries have to abide to strict privacy regulations that forbid storing patron information that is not essential for a patron service. The indefinite storing of fulfillment information is a breach of these regulations.
The Alma process of anonymization is aimed at fulfilling both of these conflicting requirements. It strips relevant fulfillment records of their patron personal information where that information is not required for a current patron service, while retaining enough information to be able to meet the auditing and reporting requirements of the libraries.
Which historical loan records are anonymized?
All historical loan records that meet the following criteria are anonymized:
When a loan record is anonymized, the link between the loan record and the borrowing patron is permanently removed from the system—that is, it is not restorable in any way. Consequently, any interface that shows information about the borrower of a loan has no history information to display. This includes:
The loan record includes additional statistical information about the borrower, including:
This statistical information remains on the loan record and is not lost when the anonymization process is run.
Which historical fines and fees records are anonymized?
All historical fine and fee records that meet the following criteria are anonymized:
When a fine/fee record is anonymized, the link between the loan record and the patron is permanently removed from the system—that is, it is not restorable in any way. Consequently, any interface that shows information about the patron owing the fine/fee has no history information to display. This includes:
The patron's list of fines and fees in the User Edit form
The fine/fee record includes additional statistical information about the patron, including:
This statistical information remains on the fine/fee record and is not lost when the anonymization process is run.
Which historical requests are anonymized?
All historical requests that meet the following criteria are anonymized:
When a request is anonymized, the link between the record and the patron is permanently removed from the system—that is, it is not restorable in any way. The requester ID is set to NULL therefore hiding the requester ID from the request history. This is the default behavior, as determined by the should_anonymize_requests. If existing completed requests have not yet been anonymized, they are also anonymized retroactively. For more information, see Configuring Other Settings.
The record includes statistical information about the patron, including:
This statistical information remains on the request record and is not lost when the anonymization process is run.
Which resource sharing borrowing requests are anonymized?
All historical resource sharing borrowing requests that meet the following criteria are anonymized:
Anonymizing resource sharing requests may affect:
When a resource sharing request is anonymized, the link between the record and the patron is permanently removed from the system—that is, it is not restorable in any way. Consequently, any interface that shows information about the requesting patron will have no history information to display. This includes:
The borrowing resource sharing record includes additional statistical information about the patron, including:
This statistical information remains on the borrowing resource sharing request record and is not lost when the anonymization process is run.
Which personal data, if any, is stored in Alma Analytics?
The Alma Analytics database is populated with ongoing feeds from Alma’s operational database. Therefore, Analytics can report on the user data that is stored in Alma. This includes:
When the anonymization processes are run, the data elements above are stripped from any user information. All that remains reportable is statistical information. This includes user group information and user statistical categories.
How are Alma anonymization jobs configured? What are their results?
Alma automatically anonymizes all completed hold requests. Other elements’ anonymization may be activated or deactivated. You can define this on the Fulfillment Jobs Configuration page. For more information, see Configuring Anonymization.
What is the impact of anonymization on reporting?
The anonymization process strips relevant fulfillment records of their patron personal information where that information is not required for a current patron service (that is, the record is a historical record), while retaining enough information to be able to meet the auditing and reporting requirements of the libraries. The relevant entities (loans, fees, requests and resource sharing requests) remain fully reportable, but without any information on the linked patron record other than statistical information based on the user’s user group and statistical categories.
Anonymized records have no link to any details of the patron, but remain reportable by statistical dimensions such as user statistical categories and user group.
Which (closed) transactions are anonymized?
Is it possible to activate the anonymization of closed resource sharing requests, loans, fees and overdue fees procedures separately?
Yes. Anonymization is configured on the Fulfillment Jobs Configuration page (Configuration Menu > Fulfillment > General > Fulfillment Jobs Configuration).
Fulfillment Jobs Configuration
As is evident from this screen, the library may decide which element to anonymize, independently of any other element that may be anonymized.
Is it possible to anonymize or delete sent emails? If yes, please explain.
By default, letters sent by Alma are retained indefinitely and available on the Attachments tab of the User Details. When the user record is purged from the system, all attached information is purged, including the attached emails. You may also define a letter retention policy to delete sent letters after a certain number of days. See Setting Letter Retention Periods.
How are hold requests managed in the context of anonymization?
Anonymizing of hold requests may be switched off by using the should_anonymize_requests parameter (Fulfillment > Fulfillment Configuration > Configuration Menu > General > Other Settings). If this parameter is set to true (the default option), when a request is added to the request history, the requester ID does not appear in the history details (it will be null). If this parameter is set to false, the requester ID is visible.
How is the ETL process affected by anonymization?
The Alma Analytics database is populated by ongoing feeds from Alma’s operational database. This process is referred to as ETL – Extract, Transfer and Load. The implication of this is that all data in Analytics is an exact reflection of the operational data that is used in Alma. Therefore, data that is anonymized in Alma is reportable in Analytics only in its anonymized format.
Can loans be anonymized based on rules, with sensitivity to different parameters?
You can enable anonymization rules to determine which loans, requests, and fines and fees are anonymized. See Configuring Anonymization.
Is it true that closed loans with unpaid fees cannot be anonymized?
Yes. Loans with unpaid fees are not anonymized because they still await processing (paying the fines). Keeping them linked to the patron is necessary for functional reasons—for example, for dispute handling. All Alma libraries are currently using the loans anonymization in this manner.
If data is anonyomized, is it possible to enable the user to see historical loans in Primo?
Primo allows patrons to view their historical loans using the List of Historical Loans.
List of Historical Loans
This option relies on Alma retaining the borrower information in the historical loan records. Obviously, this will only be possible if anonymization is not turned on in Alma. Activating anonymization removes all links to the borrower user record from the loan record and prevents the system from being able to link historical data with the patron.
Which type of user data is required in Alma?
Alma requires one unique ID in order to enable the linkage between the Alma user record and the institutional student information system. This may be any unique ID, not necessarily the patron barcode. Other data elements are not required, but where they are defined, they are used by the system to provide library services. For example:
What tools does Alma supply for an institution that needs to abide by duty of disclosure?
The vast majority of user information in Alma is imported from the student information system, which serves as the master system of user information in the library. All user information may therefore be retrieved from that system. That said, some users may be created in Alma unlinked to any external student information record (for example: visiting researchers, alumni).
All user records in Alma may be exported via Analytics in bulk as per required filters, such as per given user groups. Specific records may be retrieved via APIs based on known IDs. The retrieved information may include fulfillment information such as open loans, fees and requests, or even historical ones if they have not been anonymized.
In addition, Alma supports a range of RESTful APIs that may be used to retrieve that information. Please refer to the Ex Libris Developer Network for full information about Alma’s user APIs.
Who can access the audit trail report in Alma Analytics?
Any user with an Analytics designer role has access to all Analytics reports. Other users may be granted permission to view specific reports as well.
How can the library get access to logs of activities of Ex Libris employees?
This is done via the login report. The login report shows the login actions of all users for the past 90 days, including those of Ex Libris staff. Users that appear with blank dates have not logged in within the last 3 months. Below is an example of this report:
Staff Login Report
How does Alma monitor unauthorized access to data?
Access to data is limited by Alma to users with appropriate roles only. Users with improper roles cannot use the Alma UI to view restricted data.
An Analytics report shows which user's address and phone information has been viewed and when. See the example below:
Access to Data Report
How does Alma log changes in user data?
User data changes use a similar auditing method as in other areas of the system. The History tab records all changes in the record in a sorted manner, detailing the type of change. Below is an example of a user's history log:
User Detail Audit Tab
Who in Ex Libris has access to customer data?
According to contracts and procedures, the customer is in full control of the data and Ex Libris is not permitted to perform any transfers to third parties. Ex Libris is permitted to use its global affiliates to perform support services. This access by the Ex Libris affiliates is in accordance to contracts and data protection directives.
What is the retention period of history data?
History records are maintained indefinitely unless requested to be deleted/anonymized. Each institution can decide on the anonymization/retention period according to its needs.
How long are letters sent by Alma retained?
See Setting Letter Retention Periods.
Back to top
Q&A: Limiting Actions Related to Portfolios and E-collections According to User Role Scope Alma Local Backup
Was this article helpful?
Term of UsePrivacy Policy
Cookie PreferencesContact Us
2021 Ex Libris. All rights reserved
Home Alma Product Documentation Alma Online Help (English) Getting Started
Ex Libris SecurityEx Libris Data Privacy PolicyCookiesData Privacy FAQsAre there specific anonymization jobs in Alma Analytics?Does Alma support retention periods for anonymized loan records?Which historical loan records are anonymized?Which historical fines and fees records are anonymized?Which historical requests are anonymized?Which resource sharing borrowing requests are anonymized?Which personal data, if any, is stored in Alma Analytics?How are Alma anonymization jobs configured? What are their results?What is the impact of anonymization on reporting?Which (closed) transactions are anonymized?Is it possible to activate the anonymization of closed resource sharing requests, loans, fees and overdue fees procedures separately?Is it possible to anonymize or delete sent emails? If yes, please explain.How are hold requests managed in the context of anonymization?How is the ETL process affected by anonymization?Can loans be anonymized based on rules, with sensitivity to different parameters?Is it true that closed loans with unpaid fees cannot be anonymized?If data is anonyomized, is it possible to enable the user to see historical loans in Primo?Which type of user data is required in Alma?What tools does Alma supply for an institution that needs to abide by duty of disclosure?Who can access the audit trail report in Alma Analytics?How can the library get access to logs of activities of Ex Libris employees?How does Alma monitor unauthorized access to data?How does Alma log changes in user data?Who in Ex Libris has access to customer data?What is the retention period of history data?How long are letters sent by Alma retained?