Protection of Personal Data in University Libraries

Abstract

Today, with the significant increase in the need for the access to reliable information and for the protection of available information stored electronically; personal data has become one of the most important information assets that must be protected. The protection of these information assets is only possible with the power of information security policies including legal, technical, and administrative dimensions. In this study, current situation of university libraries has been evaluated based on the framework of basic principles and legal regulations related to the protection of personal data; and it has been aimed to make suggestions for elimination of deficiencies in this area and to contribute to the creation of information security culture. For this purpose, a survey was conducted through interviews at 15 different university libraries located in Ankara, and the collected data relating to the information security measures was evaluated in accordance with the existing legal regulations.

The results show that the legal regulations are not adequate and preventive in nature, the universities do not have any security policies concerning the protection and the safe destruction of personal data. There is not any risk management, and the responsibility is not shared within the units of universities. Training for personal data protection awareness is not provided for the staff who is responsible for data processing, and the units responsible for the data processing have hesitation even in deciding whether data is personal or not.