Privacy & Confidentiality in Libraries
Jefferson College Library is committed to protecting the privacy and confidentiality of those who use our library materials, spaces, and services. Democracies depend upon the ability of individuals to create, provide, and receive information freely; this is a peripheral right implicit in the Bill of Rights. American libraries have an articulated commitment to upholding patron privacy that dates back to 1939. State and Federal laws, as well professional librarian ethical standards, support the role that all library staff play in maintaining an institutional space dedicated to free inquiry, free thought, and free expression.
Missouri's Library Records Privacy Statutes
Privacy and Confidentiality Policy
Jefferson College Library’s privacy and confidentiality policy, and accompanying internal procedures, provide the community with assurance that library staff understand, and carry out, the legal and ethical responsibilities we have to uphold the right to read and obtain information without the chilling effect of undue scrutiny.
In this policy, we outline those areas where we are aware, or presume, that personally identifiable information is collected, either by the Library and its direct vendors, by the College, or a by third or fourth parties. This policy discusses how data is used in the day-to-day work of the library, how data is protected, and in what instances the right to privacy must be balanced with other practical and legal considerations.
I. Definitions
Privacy: “the state or condition of being free from being observed or disturbed by other people”
Confidentiality: ”the state of keeping or being kept secret or private”
Digital resource or materials: Missouri law defines these as “any E-book, digital periodical, digital thesis, digital dissertation, digital report, application, website, database, or other data available in digital format”
Library Material: Missouri law defines library materials as “any book, E-book, digital resource or material, document, film, record, art work, or other library property which a patron may use, borrow or request”
Library Record: Missouri law defines this as “any document, record, or other method of storing information retained, received or generated by a library that identifies a person or persons as having requested, used, or borrowed library material, and all other records identifying the names of library users. The term "library record" does not include non-identifying material that may be retained for the purpose of studying or evaluating the circulation of library material in general.”
Personally Identifiable Information or pii: According to the National Institute of Standards and Technology the “information which can be used to distinguish or trace the identity of an individual…alone or when combined with other personal or identifying information which is linked or linkable to a specific individual
II. Purpose
1. The purpose of this policy is to articulate clear and concise guidelines regarding library patron privacy and confidentiality that uphold state and Federal laws, as well as American Library Association best practices.
2. To help library staff and the campus community better understand state and Federal laws, as well as professional library ethics, regarding privacy and the confidentiality of library patron information.
III. Legal and Professional Ethics Framework
1. The Constitution and decades of legal precedent establish expectations about privacy in certain circumstances and places, such as libraries. The First and Fourth Amendments have been used to establish the right of library patrons to receive information free from undue scrutiny by the government or others, assuming that all laws are being obeyed.
2. Forty-eight states have explicit laws regarding the need to keep confidential the use of library materials. Three states, Missouri, California, and Nevada, have expanded library privacy and confidentiality laws in recent years to include electronic materials and searches.
3. Missouri’s law regarding the disclosure of library records is considered one of the strongest in the country. It articulates the responsibility of library staff and third-parties to keep confidential library use records.
4. In addition to the state and Federal legal requirements that require library staff to uphold the privacy and confidentiality of patrons, the American Library Association’s position on the importance of patron privacy is clear and we support it.
5. FERPA outlines library records, including fines, as a type of student record that cannot be disclosed to third parties, including parents, without written consent of student.
6. Though the General Data Protection Regulation enacted in the EU does not apply to the United States, many large corporations have decided to follow its laws globally and so some of those protections are extended to users in America and other countries with fewer protections.
7. Jefferson College Library is committed to protecting the right of free inquiry and assembly essential to a functioning democracy, and we will establish and carry out practices and procedures that help to ensure this right may be exercised.
IV. What information does Jefferson College Library collect?
1. Personal Information. As a student, staff, or faculty member, or community card holder, you have provided certain information to the college, to the library, or to third party vendors. Additionally, information associated with you has been created in the college or library systems to allow for normal operations. This type of information includes name, email, address, and phone numbers, as well as your unique ID number and barcode.
2. Residency Verification. Community card holders and community members who wish to use the study and meeting rooms are also asked for proof of residency.
3. Social Media Information: includes the option of using your social media accounts and posting content on our social media pages and such information you allow to be shared with us
4. Login Credentials: for certain electronic materials and services, your user name and password may be collected by our third party vendors. You are not required to create a user account to access materials in many of our databases, but some vendors require the creation of a profile to download, save, and share content. We collect information about your library account as a part of the ordinary operations of the library. This information is stored by III, our integrated library system provided and MOBIUS, our statewide consortium.
5. Library Records: this is the personal information related to your use of circulating and non-circulating materials, emails and requests regarding these materials, and records of lost or damaged items. In addition to the temporary collection of this information for the normal operations of the library, our service providers may store this information. Off-site access to our databases and streaming services may collect additional information such as IP address, login credentials, and other web search information.
6. Other Information: Jefferson College may collect other information if you are using the public access WIFI, the public access computers, and off-site logins. Information such as IP address, web browsers, electronic devices used, and pages visited on our website may be collected by the College during your use of library resources.
V. What does Jefferson College Library do to help protect patron privacy and maintain confidentiality?
1. Library staff receive training in the best practices and procedures that help to maintain privacy and confidentiality.
2. Library staff use procedures to verify your identity before releasing information over the phone or in person.
3. Library staff avoid keeping unnecessary records about patrons and their use of library materials, spaces, and services. Records are purged or destroyed when no longer needed.
4. Library staff avoid using personal names or other identifying information if not necessary.
5. Library staff do not disclose the use of library materials, spaces, or services unless that information has already been shared publicly by the library patron or a court order or subpoena has been presented to College officials.
VI. How does Jefferson College Library use the information it collects?
1. We use information to create and maintain accounts, record and collect fines, send email alerts regarding requests, contact patrons in other ways, and verify patron accounts.
2. We use information to allow for off-site access to our online resources.
3. We use social media information to promote library services and programs.
4. We use aggregated and anonymous information to track use of resources.
VII. What additional information is collected by third-parties?
1. If you choose to set-up accounts through our vendors, they may collect a variety of information about you. You do not need to create outside accounts with our vendors to access our resources from on campus, but you may need to do so to save, download, or share this content.
i. Library vendors include the following: MOBIUS, Innovative Integrated Interfaces, Springshare (Libcal & LibGuides), Overdrive, EBSCO, Proquest, ABC-CLIO, Britannica, Gimlet, and others.
VIII. When can my information be shared with outside parties?
There are very few instances, outside of legitimate legal requests, in which library staff would share information about your library use. However, there are a few situations you should note:
1. If there is a legitimate legal request for information about your library records, we are required to comply. Requests include search warrants, court orders, and valid subpoenas. These requests would be verified by the College’s legal counsel. Library staff are instructed to follow ALA's guidance to "inform the officer that the library director or legal counsel is the individual authorized to respond to requests for records and information, and that library policy requires you to refer the officer to the specified person under your policy."
2. If you have given a parent or guardian written permission to view your records we can share them. Library staff will verify this permission with Student Services and place a note field in your library record.
3. If you chose to use certain features of our integrated library system or digital products your information may be shared without our knowledge.
4. Information in campus emails may contain your library records. These emails are not held by the library, and may be subject to disclosure.
5. If you check-out specialized equipment or resources for certain programs, we may share information about un-returned materials in order to facilitate the timely return of items.
IX. To whom do I direct questions about this policy?
Please direct your questions to the Jefferson College Director of Library Services.
References
ALA’s Intellectual Freedom Privacy Subcommittee. “Privacy Tool Kit” Issues & Advocacy: Privacy. American Library Association. January 2014.
ALA’s Intellectual Freedom Privacy Subcommittee. “Privacy & Confidentiality Q & A”. Issues & Advocacy: Privacy. American Library Association. 29 July 2019. http://www.ala.org/advocacy/intfreedom/privacyconfidentialityqa
Caldwell-Stone, Deborah. “The law regarding privacy and confidentiality in libraries. “ Intellectual Freedom Manual, 9th. ed., by Trina Magi and Martin Garnar. Office for Intellectual Freedom. ALA.
Congressional Research Service. “Data Protection Law: An Overview.” CRS Report. Congressional Research Service. 25 March 2019 https://crsreports.congress.gov/product/pdf/R/R45631
Connolly, Matthew. “User privacy: a practical guide for librarians.” Rowman & Littlefield. 2018
Fortier, Alexandre, and Jacquelyn Burkell. “Hidden Online Surveillance: What Librarians Should Know to Protect Their Own Privacy and That of Their Patrons.” Information Technology & Libraries, vol. 34, no. 3, Sept. 2015, pp. 59–72. EBSCOhost, doi:10.6017/ital.v34i3.5495.
Heller, Margaret. “Creating a privacy policy form the ground up”. ACRL TechConnet. Association of College and Research Libraries. 12 Feb 2018. https://acrl.ala.org/techconnect/post/creating-a-privacy-policy-from-the-ground-up/
Missouri State, Legislature. “Missouri Revised Statutes § 182.815” Title XI Education and Libraries: Chapter 182. 28 Aug 2014
Missouri State, Legislature. “Missouri Revised Statutes § 182.817” Title XI Education and Libraries: Chapter 182. 28 Aug 2014
National Information Standards Organization—NISO. “NISO Consensus Principles on Users’ Digital Privacy in Library, Publisher, and Software-Provider Systems (NISO Privacy Principles)”. Standards and Publications. NISO. 10 Dec 2015 https://www.niso.org/publications/privacy-principles
New York Public Library. “The New York Public Library Privacy Policy.” New York Public Library Legal Notices. New York Public Library. 30 November 2016 https://www.nypl.org/help/about-nypl/legal-notices/privacy-policy
Newman, Bobbi & Bonnie Tijerina, eds. “Protecting Patron Privacy: A LITA Guide.” Library Information Technology Association (LITA) Guides. Rowman & Littlefield. 2017
Pekala, Shayna. “Privacy and User Experience in 21st Century Library Discovery.” Information Technology & Libraries, vol. 36, no. 2, June 2017, pp. 48–58. EBSCOhost, doi:10.6017/ital.v36i2.9817.
Solove, Daniel J. & Paul M. Schwartz. “Privacy Law Fundamentals” 4th ed. IAPP. 2017
Topelson, Dalia, Christopher Bavitz, Ritu Gupta & Irina Oberman. “Privacy and children’s data—a overview of the Children’s Online Privacy Protection Act and the Family Educational Rights and Privacy Act.” Berkman Center for Internet & Society. Harvard University. November 2013.
Revised 2019