International Journal of Information Science and Management (IJISM)

Digital Privacy Policies of Malaysian Public Libraries

Articles in Press

Document Type : Original Article

Authors

Mohamad Noorman Masrek 1
Qamarul Nazrin Harun 2

1 Professor, Faculty of Information Science, Universiti Teknologi MARA Shah Alam Campus, Malaysia.

2 Ph. D. Candidate, Faculty of Information Science, Universiti Teknologi MARA Shah Alam Campus, Malaysia.

10.22034/ijism.2026.2006216.1170
Abstract
This study examines the privacy practices of Malaysian public libraries by evaluating their compliance with the General Data Protection Regulation (GDPR). Using a qualitative content analysis approach, privacy statements from 15 major public libraries—including the National Library and 14 State Public Libraries—were assessed against 11 GDPR-based privacy criteria. The results reveal substantial variation in compliance. While all libraries (100%) disclosed data collection practices and policy changes, critical aspects such as privacy breach notification (0%), data aggregation (0%), protection of children’s privacy (6.7%), and privacy settings (6.7%) were largely neglected. The highest-performing library met 81.8% of the criteria, while the lowest scored just 18.2%. These findings highlight a significant gap between current practices and international standards. The study recommends that Malaysian public libraries revise their privacy policies to address deficiencies in user control, data security, data retention, and breach response, thereby aligning more closely with global best practices and safeguarding patron privacy more effectively.

Keywords

Privacy Practice
Public Library
Malaysia
General Data Protection Regulation (GDPR)
Digital Privacy Policies
Subjects
Alhomod, S. M. & Shafi, M. M. (2012). Privacy policy in e-government websites: A case study of Saudi Arabia. Computer and Information Science, 5(2), 88–94. https://doi.org/10.5539/cis.v5n2p88
Ambika, C. A. & Ganesan, P. (2021). Central university library websites in India: Web content analysis. Library Philosophy and Practice (e-journal). 5405. Retrieved from https://digitalcommons.unl.edu/libphilprac/5405
Avuglah, B. K., Owusu-Ansah, C. M., Tachie-Donkor, G. & Yeboah, E. B. (2021). Privacy practices in academic libraries in Ghana: Insight into three top universities. IFLA Journal, 47(2), 196–208. https://doi.org/10.1177/0340035220981061
Bareh, C. K. (2021). Assessment of the privacy and security practices of the Indian academic websites. Library Philosophy and Practice, 6426. Retrieved from https://digitalcommons.unl.edu/libphilprac/6426/
Breeding, M. (2019). Protecting privacy on library websites: Critical technologies and implementation trends. Library Technology, 55(7), 1-37. https://doi.org/10.5860/ltr.55n7
Chen, S., Shao, B. & Zhu, Y. (2025). The effectiveness of functional and affective recovery strategies in restoring user trust after privacy violations: The moderating role of violation type. Information Technology & People, 39(3), 1317-1340. https://doi.org/10.1108/itp-11-2024-1397
De, S. J. & Shukla, R. (2020). Privacy policies of e‐governance initiatives: Evidence from India. Journal of Public Affairs, 20(4), e2160. https://doi.org/10.1002/pa.2160
Dias, G. P., Gomes, H. & Zúquete, A. (2016). Privacy policies and practices in Portuguese local e-government. Electronic Government, an International Journal, 12(4), 301–318. https://doi.org/10.1504/EG.2016.080430
Fang, S. & Yao, M. (2018). Investigating GDPR compliance across consumer-related websites: Are businesses telling consumers the truth about data collection? (working paper). Retrieved from https://hdl.handle.net/2142/103224
Farid, G., Warraich, N. F. & Iftikhar, S. (2025). Digital information security management policy in academic libraries: A systematic review (2010–2022). Journal of Information Science, 51(4), 1000-1014. https://doi.org/10.1177/01655515231160026
Harrell, K. H. (2018). A content analysis of governmental and private enterprise website privacy policies. Master’s paper. University of North Carolina at Chapel Hill, School of Information and Library Science. https://doi.org/10.17615/3sdz-r802
Hess, A. N., LaPorte-Fiori, R. & Engwall, K. (2015). Preserving patron privacy in the 21st-century academic library. The Journal of Academic Librarianship, 41(1), 105-114. https://doi.org/10.1016/j.acalib.2014.10.010
Hintze, M. (2018). Privacy statements under the GDPR. Seattle University Law Review, 42, 1129–1152. Retrieved from https://digitalcommons.law.seattleu.edu/cgi/viewcontent.cgi?article=2603&context=sulr
Hussey, P. (2020). Why is an internet & information privacy policy necessary? World Libraries, 24(1). Retrieved from https://worldlibraries.dom.edu/index.php/worldlib/article/view/586/671
Hysa, X., D’Arco, M. & Kostaqi, J. (2023). Misuse of personal data: Exploring the privacy paradox in the age of big data analytics. In Anna Visvizi, Orlando Troisi, Mara Grimaldi (eds) Big data and decision-making: Applications and uses in the public and private sector (pp. 43–57). Emerald Publishing Limited. https://doi.org/10.1108/978-1-80382-551-920231004
International Federation of Library Associations and Institutions (IFLA). (2019). Library map of the world: Malaysia. https://librarymap.ifla.org/countries/Malaysia
Intersoft Consulting. (2018). General Data Protection Regulation (GDPR). GDPR-Info.eu. https://gdpr-info.eu/
Javed, Y. & Sajid, A. (2024). A systematic review of privacy policy literature. ACM Computing Surveys, 57(2), 1-43. https://doi.org/10.1145/3698393
Javed, Y., Al Qahtani, E. & Shehab, M. (2021). Privacy policy analysis of banks and mobile money services in the Middle East. Future Internet, 13(1), 10. https://doi.org/10.3390/fi13010010
Javed, Y., Salehin, K. M. & Shehab, M. (2020). A study of South Asian websites on privacy compliance. IEEE Access, 8, 156067-156083. https://doi.org/10.1109/ACCESS.2020.3019334
Kautto, T. & Henttonen, P. (2017). Availability and findability of FOI and privacy statements on Finnish municipalities' websites. Tidsskriftet Arkiv, 8(1). https://doi.org/10.7577/ta.1968
Krippendorff, K. (2018). Content analysis: An introduction to its methodology (4th ed.). SAGE Publications. https://doi.org/10.4135/9781071878781
Kumar, N. & Verma, S. (2018). Content analysis of library websites of NAAC-accredited ‘A’ grade university in the central zone of India: A study. Library Waves, 4(2), 68-77. Retrieved from https://www.librarywaves.com/index.php/lw/article/view/69/71
Lin, X., Liu, H., Li, Z., Xiong, G. & Gou, G. (2022). Privacy protection of China’s top websites: A multi-layer privacy measurement via network behaviors and privacy policies. Computers & Security, 114, 102606. https://doi.org/10.1016/j.cose.2022.102606
Lund, B. D. (2021). Public libraries' data privacy policies: A content and cluster analysis. The Serials Librarian, 81(1), 99-107. https://doi.org/10.1080/0361526X.2021.1875958
MAMPU. (2015). Dasar privasi dan keselamatan ialah dasar agensi dalam mengurus, melindungi dan mengedar maklumat yang sensitif. Retrieved from https://www.pnm.gov.my/pnm/resources/pdf%20file/dasar/PKPA_Bil._2_2015_-_Pengurusan_Laman_Web_Agensi_Sektor_Awam_(1)_.pdf  [in Malay]
Mohan, J., Wasserman, M. & Chidambaram, V. (2019). Analyzing GDPR compliance through the lens of privacy policy. In Heterogeneous data management, polystores, and analytics for healthcare: VLDB 2019 workshops (pp. 82–95). Springer International Publishing. https://doi.org/10.1007/978-3-030-33752-0_6
Mukherjee, S. & Gutierrez, J. (2024). An examination of industry privacy statements in top New Zealand websites. In Proceedings of the International Conference on Information Resources Management (CONF-IRM 2024). https://aisel.aisnet.org/confirm2024/18/
Narimene, A. Z. & Mehdi, K. M. A. (2024). Algerian e-commerce firms' collection and usage of customers' personal data: An exploratory study. Finance & Business Economies Review, 8(3), 43-55. https://doi.org/10.58205/fber.v8i3.1853
Ong, R. (2023). Mandatory data breach notification: Its role in protecting personal data. Journal of International and Comparative Law, 10(1), 87-111. Retrieved from https://www.jicl.org.uk/storage/journals/June2023/J1fjQwq0kHkl3Q6Yb2Fy.pdf
Panda, S. & Kaur, N. (2023). Enhancing user experience and accessibility in digital libraries through emerging technologies. In K. P. Sinhamahapatra et al. (Eds.), Digital libraries: Sustainable development in education (pp. 676–703). https://doi.org/10.5281/zenodo.10211088
 
 
Reddick, C. G. & Zheng, Y. (2018). Online privacy protection in chinese city governments: An analysis of privacy statements. In: Alcaide Muñoz, L., Rodríguez Bolívar, M. (Eds) International E-Government Development (pp. 99-120). Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-63284-1_5 
Shah, M. A. H. & Hossain, M. S. (2022). Evaluation of public university libraries' websites in Bangladesh: Features, contents, and maintenance issues. Journal of Information Management and Practices, 2(1), 18-40. https://doi.org/10.52461/jimp.v2i1.1024
Shreiner, B. (2023). The nuances of privacy policies within three types of archival institutions. Master’s paper. University of North Carolina at Chapel Hill, School of Information and Library Science. https://doi.org/10.17615/mn7c-0020
Šidlauskas, A. (2021). The role and significance of the data protection officer in the organization. Socialiniai Tyrimai, 44(1), 8-28. https://doi.org/10.15388/Soctyr.44.1.1
Solove, D. J. (2022). The limitations of privacy rights. Notre Dame Law Review, 98, 975-1020. Retrieved from https://scholarship.law.nd.edu/ndlr/vol98/iss3/1
Tesfay, W. B., Hofmann, P., Nakamura, T., Kiyomoto, S. & Serna, J. (2018). PrivacyGuide: Towards an implementation of the EU GDPR on internet privacy policy evaluation. In Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics (pp. 15–21). https://doi.org/10.1145/3180445.3180447
Valentine, G. & Barron, K. (2022). An examination of academic library privacy policy compliance with professional guidelines. Evidence-Based Library and Information Practice, 17(3), 77-96. https://doi.org/10.18438/eblip30122
Vanezi, E., Zampa, G., Mettouris, C., Yeratziotis, A. & Papadopoulos, G. A. (2021, May). Complicy: Evaluating the GDPR alignment of privacy policies-a study on web platforms. In International Conference on Research Challenges in Information Science (pp. 152-168). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-030-75018-3_10
Vaughan, J. (2020). Data security, integrity, and retention. Library Technology Reports, 56(6), 36-45. Retrieved from https://journals.ala.org/index.php/ltr/article/view/7408/10215
Vos, M., Hu, M. & Du, B. (2020). Privacy on Facebook brand pages: A content analysis study of New Zealand organizations. ACIS 2020 Proceedings, 53. Retrieved from https://aisel.aisnet.org/acis2020/53
Wang, J. (2022). Personalized information service system of smart library based on multimedia network technology. Computational Intelligence and Neuroscience, 2022, 2856574. https://doi.org/10.1155/2022/2856574
International Journal of Information Science and Management (IJISM)

Articles in Press, Accepted Manuscript
Available Online from 17 May 2026

  • Receive Date 04 July 2023
  • Accept Date 17 May 2026

Home

Guide for Authors

Submit Manuscript

Reviewers

Contact Us

Copyright Ownership