On Strategies of Personal Information Protection in the Personalized Information Service in Big Data Times

Obtaining personalized information service of library must inevitably involve the readers’ personal information. In the Big Data times, the readers’ personal information is often leaked out, which will directly influence the readers’ satisfaction and trust for the personalized information service of the library. This article aims to discuss the sorts of potential security risks by using the descriptive method and the analytical method, and list the effective strategies for the defense of readers’ personal information. The outcome is that only by working out effective strategies of protection can we strengthen the protection of readers’ personal information, and eliminate the possible potential safety risks, and ensure the smooth development of personalized information service of the library.


Introduction
In Big Data times, library is facing the choice to tackle the Big Data challenge, such as the collecting, integrating and researching of the structural and nonstructural data, which is explicated and implicated in readers' behavior.Under this situation, in the process of the personalized information service of the library, the collecting, handling and sharing of the readers' data will tend to be opened and exposed to the outside world and it is obviously increasing that the readers' privacy be threatened and invaded.Thus, protecting the readers' privacy is an inevitably important project to solve in the personalized information service of the library in Big Data times.Therefore, only by working out effective strategies for protection can we strengthen the defense of readers' personal information, eliminate the possible potential safety risks, and ensure the smooth development of personalized information service of the library (PISL).

The meaning of the personal information in PISL
On the meaning of the personal information in PISL, it has not come to an agreement.The academia consistently holds that the personal information should have an important feature: recognition.There exists a certain objectively determined relevance between the recognized information and information subject, through which information subject can be "recognized" directly or indirectly by personal information.
[1] Therefore, personal information can be regarded as a summary of all the information of the direct/ indirect identification of individual information of a natural person.
PISL refers to the individual needs based on specific readers, which is characterized by using a variety of technical means to track and analyze readers' habit of behavior and interest of using information, and it is also a kind of service that provides readers with specific informative content and systematic functions, such as the customized information service, the information push service and the reference service.In the process of PISL, to maximally meet the individual needs, the library must collect as much personal information of the readers as possible to identify personal characteristics, and infer the potential individual demand.
PISL includes the following personal information: the active information that readers provide directly, the automatic information that records readers' information behaviors and the interactive information in the process of reference services.The active information refers to the personal data and demand when they apply for PISL, among which lots of contents that can directly recognize the readers' identity and features are involved; automatic information is the personalized service system automatically captures and records all kinds of activities of personal log files every time they enter the website, apply for the service and transfer information, etc.Such personal information can be automatically preserved by the server in a long-term and successive way and it is a basis for PISL; interactive information refers to the response-answer information when readers get involved in it, and usually it is carried out in forms of using virtual chat software or e-mails to put forward the question that they want to consult and get the information of corresponding answer.Such information is usually related to the field of scientific research, and has certain creativity, advancement and potential economic value.

Security risks of personal information in Reference Service
Reference Service is a kind of academic, knowledge-based information service that the librarian of reference puts the mutual exchange of the shared information with the readers by aid of network interactive tools, which can have a discussion on a specific issue, and help readers with the answers or solutions to the problem, or making decisions.The security risks of personal information also exist in the process of reference service: (1) in the real time reference consulting, the virtual chat software is generally used for the text or the video communication.If the tracking device is artificially installed, then, the recorded information may be exposed to the third party without readers' awareness.Typically, the conversational record will be reserved in the system for a period of time.The longer it is kept in the system, the more dangerous it is.(2) E-mailing reference service involves the personal email addresses.
If the consultant discloses personal e-mail address without permission, it may cause the network space of readers to be filled with a large number of spam emails or theft embezzlement.(3) web form reference may have readers chose whether or not to disclose personal information in the network discussing forum.If the reader lacks of the awareness of self-protection or the improper operation of the librarian, it may cause the reader's personal information to be disclosed to the public.(4) From the contents of reference, we can see that in the services of Selective Dissemination of Information (SDI) and Novelty Retrieval of Sci Tech, readers' research direction and research progress are involved.In order to ensure the originality, uniqueness and advancement of the research, readers are reluctant to disclose related information in advance.If librarian takes the information to be discussed in the public platform as common problems, it will cause certain damage to the readers, because of the lack of the protective awareness of personal information, (5) in the reference service, there are some items for fees and it requires readers to provide a bank account.If stolen, it may cause the readers certain economic losses.

Potential security risks in the personal information in Customized Information Service
Customized information service is a kind of service of specific systematic function, in which readers customize information resource and their service forms, in accordance with their wishes and needs.It usually includes ordering readers' interface, readers' navigation interface, readers' retrieval function, the system resources, and specific service functions, etc.Among personal information, basic personal information, the service demand and received content of customized information are included.[2] In the service process, the main security potential risks include the following: (1) the readers' database directly gets malicious attacks and intrusion, resulting in personal information being illegally read, tampered, downloaded, and spread.(2) Because of the imperfect network technology, readers' personal information will be illegally downloaded in the automatic transmit of system and sharing with other websites.(3)As readers input user's name and password, they are tracked and stolen by illegal software, resulting in the leakage of the readers' individual information.(4) When customers are ready to utilize the customized service functions, readers' personal or customized information may be seen by others because they do not exit their personal information interface in time, or enter a search term but do not clear it in time.(5) The leak of personal information may be caused by the analysis and research from the library, such as improper storage of the information, unawareness of the importance for keeping individual information, disclosing personal information without any permission.

Security risks of the personal information in Information Push Service
Information Push Service is the informative behavior that the librarian analyzes the readers through personal log software, such as types of resources, access mode, access frequency, access length of time that readers regularly visit, the selective latest information through the matching algorithm for readers, and the regular taking the initiative to send to readers using a certain push technique and push mode.
Most of the readers' individual information and interests are involved in the personal logs, in which individual information in the process of the Information Push Service may exist some security risks: (1) because of the use of Cookie tech, many varieties of information that the readers input is allowed to be remained, and stored in a unified way in readers' PC hard drive for the next recognition of the reader, including registering information, the credit card number, etc.If the reader's computer card number is used by others, the information in the Cookie may be seen by others.This will cause the leakage of personal information.(2) If the server with the record of personal log files is illegally invaded by the third party (such as hackers), the readers' search habits, research field, demand tendency and other important information may be deduced after the received data.This will put readers' individual information to be in the risk of the infringement.(3) Without the permission of the readers, the information in readers' log is processed, transmitted, stored, computed, and reutilized by the librarian.

Strategy for removing the security risks
been done separately on a single perspective, such as legal protection, industrial policy, technology innovation etc.Therefore, a systematic theory framework for guidance is needed.The author is attempting to set up a scientific system for the protection of the personal information, using the principles of the framework, to make an overall protection of personal information and to let the readers enjoy the PISL without fear.

Establishment of the right of personal information
At present, when we say "the protection of personal information", we often refer to the equivalence to the protection of the right of reputation in scope of the traditional right of privacy and personal right.However, due to the development of the times, the scope of personal information continues to expand, the contents continue to increase, and forms continue to update.Private contents have been unable to fully cover the privacy of personal information.The protection of personal information is not just the same privacy protection, which is a passive removal of the use by others, but, in most cases, it is a right for an autonomous control of information and for appropriate communication.In addition, the Right of Reputation in human right can not reflect the full respect for the personal control of the information.[3] So, each individual must be given the right to control its own information, that is, the right of personal information.

Speeding up the process of legislation for laws of personal information protection
The importance of the protection for personal information has been recognized by every country and many have issued special laws for the protection of personal information.At present, more than 50 countries or regions have formulated the laws for personal information protection.[4] In China, the legislation of personal information protection started late until in 2008 did the draft of Law of Personal Information Protection submit to the State Council, but when to put it into practice has not decided yet.Therefore, China should learn from the successful experience of the foreign relevant legislation, and speed up the formulation of Law of Personal Information Protection so as to protect personal information effectively from a legal point of view.

Speeding up the legislative process of Library Law
A sound legal protection system needs not only a unified Law of Personal Information Protection but some relevant laws for specific industries.Obviously, in the domain of the library, Library Law has to seriously take the historical responsibility to protect the readers' personal information.
So, the relevant departments should speed up the legislative work of the Library Law, determine the rights and obligations for both library and readers in the process of PISL, restraint, limit or ban the use of information technology with a higher rational standard of value judgment, and clearly define the scope of its application and responsibility.[5]

Industrial
self-discipline as a basic guarantee

Perfecting rules and regulations, and formulating industrial service guide
The violation of the right of readers' personal information by the library is related to the lack of perfect system and effective implementation of the industrial guide.Aiming at the problem of protecting readers' personal information, the library should formulate the specific rules and regulations to regulate the behaviors when each department of the library and the librarians deal with readers' personal information, and clearly define the responsibilities and obligations of the librarians in the aspect of protecting readers' personal information, so as to eliminate the problems of invading personal information through the internal management mechanism when the library deals with readers' information.

Declaration and conformation of protection statement of personal information
Because of the imperfect aspects of the laws, libraries with different systems have their own rules and regulations.This will make it difficult for readers to understand all the rules and regulations and the details for the protection of personal information in each library.If the library really wants to protect readers' personal information in the PISL and let readers have a sense of security, the declaration system of personal information protection must be established.The declaration bulletin board of personal information protection should be placed in a conspicuous place, with clear and detailed contents.

Improving the quality of Librarians
Now, many countries over the world have regulated the occupational moral principles of the library practitioners, which focus on the protection of the security of readers' personal information.China's Librarians' Occupational Moral Maxims issued in 2003 writes that the librarians should maintain the readers' rights and interests and protect readers' secrets.
In order to accomplish this mission, all kinds of libraries must take various measures to improve the quality of librarians: First, it should strengthen the education of librarians' legal sense and strengthen the study of related legal knowledge; Second, it should strengthen the construction of librarian's professional ethics, make the librarians respect the readers' personal information, and make the librarians protect personal information for readers; Third, it should strengthen the training of librarians for their information security technology, and make librarians have a good master of relevant skills for the protection of personal information; Fourth, regular evaluation takes the ability for protecting personal information as one of the evaluation contents for the librarians.Fifth, a full-time supervision post should be set up for the personal information safety.This will require that librarians grasp in time the new trend of the threat to personal information security.It should often assess the potential safety risks of PISL system and should improve the ability of individual information protection, using various technical means.

The self-protection as the inner motivation
The national legislation and the industrial self-discipline are a public protection device or a system to protect readers' personal information with the aid of outside forces.The readers' own protective consciousness cannot be ignored.As what Charles Fried pointed out, the protection of personal information does not seem to be limited to not let others get our personal information, but should be extended to that we ourselves control the use and flow of personal information.[6] Librarians also put forward certain demands to readers on their information quality, which is usually stressed in the PISL statement that if because of the readers' own reasons for the leakage of personal information, resulting in personal loss, the library will not bear the legal responsibility.This requires that the readers must have the ability of self-protection.The improvement of the competence of readers' self-protection can be carried out from the following three aspects: (1) to enhance readers' awareness of self-protection through the education and the study of relevant laws and regulations; (2) to improve self-protection skills, and to build up a Trinity---an overall system of self-protection, which includes self-control, self-selection, and self-defense; [7] (3) the library should take the task to educate readers' ability of self-protection, and it will be incorporated into the readers' education content.

Maintaining the security of internet environment
Network moral loss and the temptation of economic interests can make some companies or some bad behaviorists stall a certain specific network program to technologically "stalk" in the library's website in order to copy, record the readers' personal data.Therefore, we must use a variety of new and high technology of network security measures to prevent the personal information security risks because of loopholes or defect in the system.

4.4.2
Developing simple and easy-to-operate technology for the protection of the personal information protection Library readers are from all walks of life, with different ages, different educational levels.It is obviously too harsh to ask every reader to skillfully master the computer tech and it is also not realistic.So, our country should support and encourage the information tech industries to develop some simple and easy-to-operate soft ware for protection, which may allow readers to self-protect their own personal information by using this software technology.

Different technology projects of personal information protection for readers
Because every reader has different degrees of sensitivity to the personal information, the degree of the selection of service protection and the degree for their personalized information service are different.Therefore, the appropriate protective scheme for personal information should be well dynamically formulated for each reader.Because no unified policies and regulations for information protection is to be promulgated, P3P platform can be used to help readers identify the policy and regulation items for personal information protection to let the readers make the decision automatically or semi-automatically whether or not to accept them.[8]

Conclusion
At present, one of the main causes of the less quality of PISL is that the users have their worries in the use of PISL, that is, they are not willing to fill out in details or truthfully their personal information, and thus it will cause the deviation to the analysis of users' needs.Therefore, only dramatic protective strategies are worked out can the protection of readers' personal information be strengthened, and can the hidden safety risks be eliminated, can we have the chance to ensure the smooth development of PISL.