Üniversite Kütüphanelerinde Bilgi Güvenliği ve Kişisel Verilerin Korunması: Ankara’daki Üniversite Kütüphanelerinin Değerlendirilmesi

Abstract

In our world which has been shaped, developed and changed by Industry 4.0, it is quite important to ensure the protection and reliability of data, information, document, human and place. Protecting all living and non-living beings against all kinds of threats, dangers, damages or attacks and ensuring information security make it possible to reach this aim. Nevertheless, the fact that human phenomenon underlies the information security has incrementally increased the significance of data protection issue along with the information security problems arise from human factor.

The aim of this study is determining the current situations related with personal data protection and information security implementations of university libraries in Ankara. Within this scope, the executives' and librarians' knowledges and awareness on the information security and personal data management issue in universities' libraries in Ankara are examined with interview and survey technique. In addition to this, regulations oriented at the information security implementations (building, collection, personnel, etc.) at the universities' libraries were taken to evaluation in the scope of the research.

Results of the research have determined that regulations and policies on the personal data management which consists of obtaining, gathering, disposing and retaining the personal data were inadequate; there were no personnel in charge to manage the personal data, no permission for processing the personal data received from users, no information on the retention, disposal and transmission of the personal data were included in the content of clarification texts, and no sufficient level of approach and awareness on the management and protection of personal data observed among the libraries' executives and librarians. Moreover, it has been specified in the research findings that there were some inadequacies with information security implementations in terms of building, collection, software and hardware in universities' libraries. In this context, our hypothesis which follows as that "There are inadequacies (in issues such as policy, consciousness and awareness on the topic, risk assessment) with the enacting and implementing level regarding the information security and personal data management in universities' libraries," has been confirmed. Lastly, suggestions were made in the research, in order for the universities' libraries to develop a structured policy which includes information security and the personal data protection, and make studies of consciousness and awareness regarding the issue.