How is data protection managed in Koha LMS?

Last updated on: 18th June 2025| 14th May 2025 | Helen Symington | Koha

Webinar companion post On 14 May 2025, Helen Symington held the webinar ‘How is data protection managed? The essentials series’. A recording of the webinar is available on the Open Fifth YouTube channel and shared below. This post provides an overview of the webinar content, links and resources.

What is the difference between Data Protection and GDPR?

Data protection legislation controls how your personal information is used by organisations, including businesses and government departments.

In the UK, data protection is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

The UK’s data protection legislation

Anyone responsible for using personal data must make sure the information is:

  • used fairly, lawfully and transparently
  • used for specified, explicit purposes
  • used in a way that is adequate, relevant and limited to only what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

You may also want to look at the EU General Data Protection Regulation.

There is stronger legal protection for more sensitive information, such as:

  • race
  • ethnic background
  • political opinions
  • religious beliefs
  • trade union membership
  • genetics
  • biometrics (where used for identification)
  • health
  • sex life or orientation
  • There are separate safeguards for personal data relating to criminal convictions and offences.

 

Your rights

Under the legislation, you have rights in relation to your personal data, with some exceptions. These include the right to:

  • be informed about how your data is being used
  • access personal data
  • have incorrect data updated
  • have data erased
  • stop or restrict the processing of your data
  • data portability (allowing you to get and reuse your data for different services)
  • object to how your data is processed in certain circumstances.

 

You also have rights when an organisation is using your personal data for:

  • automated decision-making processes (without human involvement)
  • profiling, for example to predict your behaviour or interests.

 

IFLA Statement on Privacy in the Library Environment (2015)

“Freedom of access to information and freedom of expression […] are essential concepts for the library and information profession. Privacy is integral to ensuring these rights.

 

CILIP’s Ethical Framework

“As an ethical Information Professional I make a commitment to uphold, promote and defend:

[…] The confidentiality of information provided by clients or users and the right of all individuals to privacy”.

Questions to ask yourself:

Is it necessary?

How long should we keep it?

 

Gathering personal data

Staff:

 

Users:

 

Keeping personal data accurate

OPAC Usage

System preferences

  • EnableOpacSearchHistory – patron search history in the OPAC.
  • OPACHoldsHistory patrons to see the list of their past holds.
  • Track Clicks – track which links in MARC field 856 or item URI a patron clicks on; track them an anonymously or don’t track at all.

 

Anonymise old circulation data

  • AnonymousPatron – this will be used to replace the borrower data.
  • batch_anonymise.pl cronjob – anonymise circulation data whilst retaining stats

 

or

  • Manually anonymise circulation history using the Batch patron deletion and anonymization tool.
  • Tip: run a report first!

Pseudonymize patron data while keeping useful transaction information for reporting

  • Pseudonymized data is stored in database tables pseudonymized_transactions (for transactions and patron data) and pseudonymized_borrower_attributes (for patron attributes).
  • No direct identifiers for the patron are recorded; the pseudonymized_transactions table uses an encrypted version of the borrowernumber.

 

PseudonymizationPatronFields and PseudonymizationTransactionFields

  • choose the data you want to retain.
  • Tip: only select what you really need.

Data deletion

Set up Batch delete patrons and Clean up database scripts on your server to delete automatically:

  • Library members’ expired accounts
  • Deleted accounts
  • From current accounts:
    • Older reservations information
    • Older issues
    • Older notices sent
    • Older transactions
  • Reports and Batch patron modification tool

Screenshot showing 'Batch patron modification - Koha LMS' for data protection

Who should have access?

  • Staff with either superlibrarian or catalogue + borrowers permissions can login and view personal data held in the system.
  • The Patrons with Staff Permissions report identifies who currently has staff permissions. 
  • Make sure to update or delete users who do not need access anymore.

 

Passwords

  • minPasswordLength – set minimum password length.
  • RequireStrongPassword – force password to include at least one number, one lower case and one upper case letters.
  • FailedLoginAttempts – block a user after a wrong password was entered a specified number of times.
  • NotifyPasswordChange – notify a user whenever their password has been changed.

Additional security for staff logins

  • Restrict staff access by IP range
    • SessionRestrictionByIP
    • StaffLoginLibraryBasedOnIP 
    • StaffLoginRestrictLibraryByIP
    • TwoFactorAuthentication – staff will have to generate a one-time password through an authenticator app every time they need to log into the staff interface.
Previous

What’s on our mind: Prettifying your Koha OPAC with the SENUX plugin

Photograph of bookshelves
Next

What’s on our mind: Reflecting on Open Fifth’s name change, two months on

Photograph of bookshelves