msgbartop
msgbarbottom

18 Jun 18 EU-GDPR Frequently Asked Questions

What does EU-GDPR (or GDPR) stand for?

European Union – General Data Protection Regulation

What is GDPR?

The General Data Protection Regulation (GDPR, also referred to as ‘the regulation’) is a legal framework that sets guidelines for the collection and processing of personal information of individuals whose self-selected primary residence is within the European Union (EU).

When did regulation go into effect?

The Regulation went into effect on the 25th May 2018

What kind of information does the regulation apply to?

The GDPR defines personal data in Article 4 as: “… any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity…”

What companies does the regulation apply to?

Any organization which processes and holds the personal data of data subjects (Individuals) with self-selected primary residence in the EU will be obliged to abide by the regulations set out by GDPR. This applies to every organization, regardless of whether they themselves reside in one of the EU Countries.

Are all types of personal data classified the same in the regulation?

GDPR identifies a special class of sensitive personal data, which includes things such as genetic, biometric, religious or philosophical beliefs, sexual preferences or details, health, and Ethnic information.

Is there an exception for Associations like the ALA?

The regulation in Article 4(18) specifically includes associations.

How many ALA members are in the EU?

As of 6/13/2018 there were 147 identifiable members in the EU or 3 tenths of a percent of ALA’s members. Additionally, ALA collects personal data on non-members.

What is the ALA doing?

Based on legal counsels advice we have updated ALA’s Privacy Policy on the website and have created a Personal Data Notification statement that is being added to forms.  ALA is forming a staff steering committee that will be working on the following:

  • Create FAQs and procedures regarding implementing policies for staff.
  • Review and understand the GDPR’s key components that relate to the ALA with assistance from our legal counsel.
  • Draft language for a notification of a data breach and articulate process for implementing the notification.
  • Formulate and document the Data Processing Agreement (DPA) process that all units in ALA should follow. This will include anyone who manages/keeps the master list of ALA vendors and DPAs completed (either sent or received). Send DPA’s out to current vendors to amend to their contract.
  • Identify and document all areas within ALA (includes data stored outside of ALA on its behalf) where personal data is entering, leaving, and being stored (Data Flow Mapping).
  • Draft policies for senior management review that comply with GDPR regulations on data usage, data sharing, and privacy.
  • Create a Gap Analysis against current known practices vs approved GDPR requirements and ALA policies.
  • Advise senior management on GDPR issues.

More information on the staff steering committee and its work will be shared with staff when it is available.

What about information specifically on GDPR for libraries/librarians?

https://americanlibrariesmagazine.org/blogs/the-scoop/future-data-privacy/

https://www.oif.ala.org/oif/?p=12363

https://acrl.ala.org/techconnect/post/introducing-our-new-best-friend-gdpr/

Where should I go for more additional information?

https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en

Who should I ask ALA questions about GDPR to?

Questions about GDPR should be directed to Brian K. Willard

 

 

04 Jun 18 ITTS Update Report to the Information Technology Advisory Committee (ITAC) for Annual 2018

1.0 ALA Technology Investment Plan Summary

The ITTS funding for fiscal 2019 includes a significant increase for software licensing costs. Microsoft has redefined its software donation program, moving us from a Charity to a Professional Society. We are anticipating a significant increase. We have budgeted for increases for the ALA Connect Workspace module for document versioning and polling, an increase for Informz marketing automation software and, a customer relationship management (CRM) system to support advocacy nation-wide. It also includes enhancements to our eCommerce implementations, upgrades to our virtual server platforms, and positions for a Project Manager and a Drupal Developer.

The 2018 ALA Technology Investment Plan contains both background on ALA’s “technology debt” and a proposed pathway forward to the implementation of a stable, flexible platform that will support ALA’s membership and programs into the future.  The plan calls for a multi-year, phased approach.  In addition to the baseline systems addressed in the plan, the increased capacity allows ALA ITTS, working with program units, to realistically explore the implementation of targeted products to address specific volunteer and staff productivity needs.

2.0 ALA Web-Related

2.1 eCommerce for Join/Renew/Rejoin/Donate

Between January and May, the site processed 912 donations, 2270 joins, 9088 renewals, 1788 rejoins, and 663 additional joins that had to be converted by ALA Membership to the correct category (either renewal or rejoin). We’re using an agile approach to versioning that includes complete regression testing while working with our vendor to wrap up the last of the Phase 1 issues. Changes to web services and PayPal processing have required ongoing re-factoring of the flows. Security updates interrupted release cycles and caused delays in improvements to accessibility, which are ready to be upgraded in an upcoming version expected before the end of the August 2018.

2.2 eStore & eLearning

Since the December 2017 eStore rollout, ITTS has been working with our vendor to deliver Phase 2: all ALA eLearning in the eStore while continuing to improve and update the eStore. Development is underway on the

  • integration of eLearning event products with iMIS;
  • the addition of activity records, transaction and user data into iMIS; and
  • integrating attendee registration functionality with multiple services.

The development team is currently tackling an improved design for an eLearning landing page, a robust events calendar, and an enhanced workflow and publishing process.

Data migration, design iteration, and comprehensive testing are planned for June and July with an anticipated completion of Phase 2 in August 2018.

2.3 ALA Connect

The new ALA Connect soft launched on May 3, 2018. Members were notified of the launch on May 10, 2018. In the three weeks from May 10 to May 31:

  • Total logins: 10,100
  • Unique logins: 3 ,367
  • Active Communities: 3,449
  • Connections made: 282
  • Profiles created: 9,396
  • Profiles with pictures: 8,961

We are continuing to work out the kinks and train staff on the use of the new platform.

In response to privacy concerns, ITTS has made the following adjustments to ALA Connect:

  • Since Geo-tagging displayed a Google map of any user’s location that was found in search in the directory, the geo-tagging features in Higher Logic have been adjusted and will no longer display address, phone or email in the directory search.
  • Since Discussion signatures make it possible to easily identify message senders when users are working with the email interface of Connect, we changed the default signature to only include the name, designation, organization and job title fields instead of eliminating the discussion signatures completely. We modified the default discussion signature so that users will no longer see the city, state, country, email address, and phone fields.

2.4 ALA Connect Training

Fifty (50) staff have completed in-person or live online staff training on ALA Connect. Recorded training sessions are available for staff and group administrators. Access to the ALA Connect community, Help in ALA Connect is in the site footer. It contains an FAQ, a help forum, and links to documentation.

Training demos at Annual can be found on the Conference Scheduler and live training opportunities after conference and be found on the support site at: http://www.ala.org/support/alaconnect/howto/schedule-training

2.5 Hyper Text Transfer Protocol Secure (HTTPS) Implementation

Join/Renew/Donate ecommerce, the ALA Store, ALA Connect and eCourses (our Moodle site) are all HTTPS. All blogs and wikis hosted in house at ALA are now encrypted with HTTPS, and all traffic is forced to HTTPS by default.

Our use of multiple systems to serve www.ala.org limits our ability to use HTTPS. When we have replaced the current integrated registration system (Active Matter) with a stand-alone product we will be able to serve HTTPS for www.ala.org.

2.6 General Data Protection Regulation (GDPR) Compliance

We began preparing for GDPR in August 2017 so that we would be ready for the May 25, 2018 deadline. We made recommendations to Senior Management, worked with our attorney to update our Privacy Policy. Senior Management is appointing a steering committee to address privacy issues going forward. Mary Ghikas is serving as ALA’s Data Protection Officer.

We have been communicating with staff about their responsibilities and expect to rollout mandatory training sessions.

ITTS has also been corresponding with staff and member-volunteer web editors about the steps required to bring all ALA websites, webforms, and any paper forms still in use into compliance with the European Union’s General Data Protection Regulation. We updated our Privacy Policy on ala.org and reminded units that all other sites should include a link to the Privacy Policy in their site’s footer. We also published the text required to be used on all webforms that collects any personal data and the text and acceptance to be used for event registrations and set a June 30 deadline for all forms to be upated. ITTS has offered to assist units that don’t create their own webforms with the update. The webform URLS should be added to a Trackit ticket or sent to help@ala.org.

2.7 Moodle

ALA eLearning has seen an average of 500 unique visitors every month (Jan.- Apr.)  The 599 courses currently listed and available by ALA eLearning or in the ALA Store see an average of 1683 (450 unique) logins per week.

The site was upgraded to Moodle 3.3 in December 2017 and an upgrade to a newer version is being planned for this summer.

2.8 Responsive Theme for ALA.ORG and Division Websites

We’re working on a visual update to the ALA global and regional navigation. We’ll have two prototypes available for review by stakeholders by Annual. The Awards & Grants application could not be implemented in the retheme without breaking, so ITTS’ Sean Bires has been building a new approach and meeting with staff stakeholders. The new application will eventually require data migration and a custom CSS.

3.0 Hardware & Software

3.1 New Telephone System

The implementation of the new telephone system is on hold while we look at the possibility of moving to a new facility. Regardless of the real estate outcome, we will review phone options again in the 2020 budget.

3.2 Laptop Rollout

We plan to roll out new laptops to approximately one-third of our staff this summer. This is the first time we are purchasing laptops exclusively. This cycle repeats annually.

3.3 Citrix Farm

We have our new Citrix farm up and running, mostly for remote staff. This will improve external access to some of our applications and stabilize our internal financial system.

We have run into some issues with our financial software, which is scheduled for an upgrade later this summer. Until we complete the upgrade we won’t know whether that resolves the Citrix issues we’re having with it.

3.4 Virtual Servers

We rolled out virtual servers (development, quality assurance, and production) for the new ALA eLearning eCommerce system for webinars and small face-to-face meetings.

3.5 Primary Storage

We are in the process of implementing the planned lifecycle replacement of our main internal storage system. We have experienced problems with that implementation and are working closely with the hardware vendor to resolve the issues and complete the replacement.

3.6 iMIS Membership System Upgrade

We are scheduled to upgrade our iMIS Membership system in mid-July 2018.  This will provide a web-based portal for staff to use. It also includes some basic dashboards.

3.7 Financial System Upgrade

We are scheduled to upgrade our Microsoft GP Financial Software in late July.  We are in the process of signing a contract with an outside vendor for this work.

3.8 Remote Access Software

We will investigate and install remote access software to provide staff with the ability to access software.

3.9 PCI Audit

We had our security consultants run vulnerability scans for PCI compliance. We were able to address all exploitable issues, and are continuing to work to eliminate vulnerabilities of all severities. We are currently working on the GAP analysis report to become PCI compliant.  We have a list of known gaps that will take time to implement.

3.10 Disaster Recovery Plan

We need to refresh the plan based on additions and changes made to our infrastructure.

3.11 Computer Policies

We need to update our computer polices for PCI and GDPR compliance, and for organizational and operational changes, and for changes to the technology landscape.

4.0 ITTS Organizational Changes

4.1 Staffing

We have extended the contract for our Quality Assurance Specialist. This temporary part-time position is responsible for creating test plans, writing and executing manual and automated tests, and clearly documenting defects. This work will help ensure that both new software and fixes meet business requirements. The Quality Assurance Specialist will work closely with existing team members to create a sustainable plan for ensuring our stakeholders are all served well by the technology we provide.

25 Apr 18 ALA Connect Launch Delayed

The launch of the new ALA Connect, scheduled for today, has been delayed due to technical issues. During final testing some critical issues related to navigation, tagging, and the structure of parent-child relationships were discovered.

The vendor is working to resolve these issues. We apologize for the delay and thank you for your patience.

While we’re waiting to get started, check out the resources and training on the support site at http://www.ala.org/support/alaconnect.

We’ll keep you updated, in particular, we will communicate when we have a firm launch date.

If you have questions, please feel free to contact Pam Akins at alaconnectmigration@ala.org.

 

05 Mar 18 Service Interruption

One of our main database servers had an I/O issue this morning. iMIS, Informz, and other service were down when we arrived.  All services have been restored. All scheduled Informz email will be sent out soon.

Thanks to all who reported the issues.

 

02 Feb 18 ITTS Report to the ALA Information Technology Committee (ITAC)

The ITTS report to the ALA Information Technology Committee contains an update of what we’ve been working on since Annual 2017, along with information about upcoming projects. We’ll be discussing the contents of the report at the ITAC meeting at Midwinter on Sunday, February 11, 2018 from 3:00 PM-5:00 PM in CCC Room 204. (a pdf version).

01 Feb 18 New ALA Connect Updates

The pilot launch of LLAMA is now LIVE!

  • New ALA Connect pilot launch of LLAMA went live yesterday, (January 31, 2018 at 5:36 PM CST)
  • Users can visit the pilot launch site at https://betaconnect.ala.org
  • We will continue to work with LLAMA as we collect feedback for any needed tweaks.
  • ALA, Divisions and Round Tables are on task for full launch in late April, as per the Project Plan.

Information Sessions for the New ALA Connect will be held at Midwinter 2018.  Session titles include:

  • Overview/Demo
  • Search: Finding Groups, Content and People
  • Uploading Files and Related Topics
  • Profile & Account Management

All four sessions will be offered multiple times at the Grand Hyatt during Midwinter. Dates, times and session details are included in this pdf and can also be found in the Conference Scheduler.

Members and staff can also register for remote sessions held post Midwinter at http://www.ala.org/support/schedule-training .

30 Jan 18 2018 ALA Technology Investment Plan

The 2018 ALA Technology Investment Plan contains both background on ALA’s “technology debt” and a proposed pathway forward to implementation of a stable, flexible platform that will support ALA’s membership and programs into the future.  The plan calls for a multi-year, phased approach.  In addition to the baseline systems addressed in the plan, the increased capacity allows ALA ITTS, working with program units, to realistically explore implementation of targeted products to address specific volunteer and staff productivity needs.  These include a CRM system to support advocacy nation-wide and a data dashboard to enable staff to serve members more efficiently and effectively.

FY2019 budget discussions have focused strongly on reinvestment in the Association’s future.  These discussions continue to explore these parallel strategies:  (1) improve core resources and baseline systems and (2) make spot investments in carefully targeted productivity products.  Planning assumes a multiyear strategy.  It should also be noted that the plan aligns with other major ongoing activities, notably the Board-led conversation about simplifying and reinvigorating ALA.  The plan document repeatedly notes the negative impact of excessive complexity, combined with siloed structure.  To the extent these issues can be addressed in both ALA’s member-facing structure and internal organization, it is reasonable to expect corresponding gains in ALA IT effectiveness.

24 Jan 18 Public facing Web Servers – Slowness

On Thursday, January 18, the fiber optic interconnect module in our firewall began to malfunction, causing our public facing web servers to be very slow, sometimes unresponsive. We have disabled that module and routed around the problem. We have contacted our firewall vendor to get the module replaced.

 

11 Jan 18 New ALA Connect Pilot Launch: Sessions At Midwinter

ITTS is planning to launch LLAMA, as a pilot in the New ALA Connect!

  • We will gather feedback while giving the New Connect a test run.
  • ALA, remaining Divisions and Round Tables will be launched in Spring 2018.
  • The integration of the Work-Space module, (featuring native polls, collaborative documents, and more) will be released after the launch, as part of Phase II.
  • Training and demos will be offered during Midwinter.  Session times/dates can be found at http://www.ala.org/support/alaconnect.
  • Registration for training after Midwinter is currently available, and can be found at http://www.ala.org/support/schedule-training. More dates may be added, if needed.
  • Check out the link to the live, cloud-based Project Plan for latest up-to-date details on the launch progress.

This decision will help us avoid serious security vulnerabilities as well as save the cost of having to maintain, support and upgrade two systems. Feel free to reach out to me with any questions.

Pam

Pamela Akins
Community Engagement Specialist, ITTS, x4210
American Library Association
50 E. Huron St., Chicago, IL 60611, 6th floor
pakins@ala.org  312-280-4210

29 Nov 17 ALA Connect Project Update

We’ve been working hard to launch the new ALA Connect on January 2, 2018, but we’ve run into enough issues with the Higher Logic implementation that we need to postpone the launch until March. As a result, we will keep the current ALA Connect available until after the 2018 Midwinter Meeting.

We’re now working with Higher Logic on a revised project plan that will take the following points into account.

  • Higher Logic missed the deadline for our 2nd test migration by nearly 3 weeks. In our 2nd test migration our vendor (Higher Logic) encountered a number of items that needed to be addressed so that we have a smooth real-time migration in March.  These were important discovery items in our quality assurance processes, and affected our timeline.
  • There was a 3rd test migration process that began on November 17, 2017 (which did not affect how you use the current ALA Connect). We are currently verifying the groups, users, and content migration.
  • Higher Logic fixed a launch-stopping bug related to functionality with our nested hierarchies.
  • We will use the time between January and March 2018 to implement new features that were previously unavailable: native polls and collaborative documents.
  • The Division Membership Working Group has made remarkable progress in recommending a plan for implementing Automation Rules, as well as design enhancements to leverage the use of Higher Logic’s engagement tools for the division home pages.

Please feel free to reach out to Pam Akins with any questions or issues.