Council’s Library strategy in chaos due to poor Data Protection planning

If you go into Derby’s first Community Managed Library in Sinfin, you won’t be served by Direct Help and Advice’s (DHA) volunteer staff, but by paid, Derby City Council, library managers. One simple reason – Data Protection.

3 weeks ago, I wrote an article “Derby City Council likely to breach new Data Protection Regulations with Library strategy.” questioning how the Council was planning to overcome their own internal data protection policies, and the stricter requirements of the General Data Protection Regulations (GDPR). At the time, no advice had been given to staff, and no policy changes issued.

Since then, there has been a knee-jerk response to this issue. An issue which was raised at least, as far back as October 2017 during the public meetings.

The Council has, previously, and continues to take, a consent based approach to Data Protection in libraries. This means that each Library member explicitly confirms that they agree for their personal data to be used, and shared, in specific ways and to stated organisations. However, for existing members they only gave consent for their data to be used by Derby City Council ( and neighbouring Local Authorities) – no one else.

Since 25 May 2018, the Council has implemented the following:

  • When an existing member next visits their local library they will be asked if they consent to their personal data being shared with DHA. If they say “yes”, then that will be recognised in the Library Management System (LMS). If they say “no”, their personal data will be removed from the LMS leaving only their ticket number, and date of birth. The link between ticket number, and name, address, contact details will be in an off-line spreadsheet held by the Council.

This means that for all members who do not want to share their data ( not just users of the CMLs) the library staff will not be able to use the system to follow up late returns or other tasks which require contact with the person. Such tasks which relate to people who are using the CML will have to be performed by Derby City Council staff – a cost which has not been recognised within the business case.

If members consent to DHA using the data, this will not help Sinfin, as this library is being run by the Citizen’s Advice Bureau, and not DHA.

  • A new Library member will, as previously, sign a privacy notice form which now includes reference to the fact that data will be shared with DHA. If the person declines, then they can’t join the library.

The Information Commissioner’s Office (ICO) states that consent as a pre-condition of using a service should be avoided.

The LMS covers library members in Derbyshire, and Nottingham as well as Derby City covering several hundred thousand people. Theoretically, consent will need to be obtained from all of these people before DHA volunteers can access the system. A passive policy which waits for people to go to the Library to carry out this task could take many years. People who are ebook users, only, never need to visit the library.


The whole library strategy goes from bad to worse; it has been undermined from the outset by poor communications, poor project planning and poor leadership. This is now being exacerbated by a totally flawed approach to Data Protection with a solution which is totally unworkable for all concerned.

In amongst this are 60+ staff, most of whom will lose their jobs. The Council are giving them no visibility of the plan for transfers, what their job prospects are, what is expected of them and, to cap it all, they now have to implement a Data Protection procedure which has clearly been designed with little understanding of its practical consequences.

What to do next?

The Council has advised staff that the next library to transfer, is Spondon, on June 12th – despite there being no plan in place to achieve this. There are not enough library managers to run this library, as well as Sinfin, and to perform their management job.

A modernisation of the library service is absolutely right. Doing it without a robust, visible, resourced plan that recognises all risks and consequences is clearly not the right approach.

The Conservative leadership should pause this whole strategy with immediate effect before the Library service descends any further into disarray.

Categories: Libraries

Tagged as: ,

1 reply »

  1. Hello Russel
    Well done for keeping this issue alive in the local media.
    This data protection issue is a nightmare as if your a separated parent you need consent from both parents ,before you can actually give your consent to the new data rules.Most people in this situation will agree that this can be impossible at times.
    For the record myself and my 5 children won’t be agreeing to the new data rules and we won’t be put on the “transports” to the new shiny ,tiny / sharing library.The central library was given as a conditional gift to the city as a library by the bass family We shall become “Central Library Refugees ” and move to the last few council operated libraries .
    Our children are very upset at the closure of Central and my youngest was in tears when we made our last visit there to hand in all our standing books ,when she realised it was to close and it would be her last time in that lovely building which holds many lovely memories for her Were also so sorry for all the staff and volunteers who have been treated so badly by the council and who’s to say volunteers won’t be treated the same in time in the new libraries ,
    Russel keep up the good work and please keep this issue alive in the residents and voters minds in Derby.
    Sincerely James and family

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s