Patron Privacy & Confidentiality
Patron Privacy & Confidentiality
In our last Info & Action paper entitled Patron Privacy and New Jersey Public Libraries, we provided trustees with historical background that influenced the creation of the New Jersey statute (N.J.S.A. 18A:73-43.2) protecting the confidentiality of records created when library patrons utilize NJ libraries. Since the creation of this statute in 1985 American public libraries have evolved to become so much more than brick and mortar repositories of information. Our library patrons now have the ability to access technology and digital resources which make issues of privacy and confidentiality far more complex than they were in the past. In today’s digital world we cannot guarantee the complete privacy of our library users but we can do our best to understand the impact that new technologies have on patron privacy and create policies and procedures appropriate for a 21st Century NJ public library.
Board Education Component:
Privacy vs. Confidentiality – When we discuss patron privacy we really are talking about two issues that go hand-in-hand – privacy and confidentiality. The distinction between the two is explained in the American Library Association (ALA) Policy concerning Confidentiality of Personally Identifiable Information about library users:
In a library (physical or virtual), the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf. (See: http://www.ala.org/advocacy/intfreedom/statementspols/otherpolicies/policyconcerning)
N.J.S.A. 18A:73-43.2 addresses the issue of confidentiality:
Library records which contain the names or other personally identifying details regarding the users of libraries are confidential and shall not be disclosed except in the following circumstances: a. The records are necessary for the proper operation of the library; b. Disclosure is requested by the user; or c. Disclosure is required pursuant to a subpoena issued by a court or court order.
L.1985, c 172, s. 2, eff. May 31, 1985
What is a Library Record? – In the past a patron’s “library records” primarily consisted of registration and circulation information. Technology has advanced the scope of what may now be considered a patron’s library record. See below the ALA statement outlining the personally identifiable information (PII) associated with an individual’s use of library resources:
Confidentiality extends to “information sought or received and resources consulted, borrowed, acquired or transmitted” (ALA Code of Ethics), including, but not limited to: database search records, reference questions and interviews, circulation records, interlibrary loan records, information about materials downloaded or placed on “hold” or “reserve,” and other personally identifiable information about uses of library materials, programs, facilities, or services.
Sample Confidentiality Policy – New Jersey Library Association (NJLA) provides direction for creating a confidentiality policy based on the New Jersey statute.
The Board of Trustees of the _____________Library believes that it is the basic right of every individual to read what he or she wishes without fear of censure or legal consequence. It also affirms the right of every person to privacy. The library will do all within its power to protect each user’s right to privacy with respect to all information required for registration and for information sought or received, and materials consulted, borrowed or acquired. Such records will not be made available to any individual, organization or government agency except pursuant to N.J.S.A. 18A:73-43.2 which reads: “Library records which contain the names or other personally identifying details regarding the users of libraries are confidential and shall not be disclosed except in the following circumstances:
a. The records are necessary for the proper operation of the library; b. Disclosure is requested by the user; or c. Disclosure is required pursuant to a subpoena issued by a court or court order. L.1985, c 172, s. 2, eff. May 31, 1985.” Adopted by the NJLA Executive Board Dec. 19, 2006
BCCLS Website and Confidentiality – BCCLS library users have access to multiple vendors who have contracted with the cooperative to provide collections and services to card holders. It may be appropriate to consider additional verbiage to your current policy to highlight the central role BCCLS plays in protecting patron privacy and confidentiality. In addition, many libraries have contracted with third-party vendors for digital services and collections. Incorporating information about your vendor’s privacy policies should also be considered to create as comprehensive a policy as possible for your library. A sample statement regarding BCCLS is provided by BCCLS Executive Director Marie Coughlin:
Along with its member libraries, BCCLS considers user privacy to be of paramount importance. For information about how BCCLS maintains user privacy and legal notices please refer to the BCCLS website – http://www.bccls.org/about_BCCLS/policies.shtml.
Privacy Policies and Illegal Activity – When discussing the role that libraries play in protecting patron privacy the question inevitably arises – “Are we also protecting criminals when they use our library’s digital resources?” Because libraries offer open access to the internet the potential for criminal activity does exist. Libraries should consider it their responsibility to make “acceptable use” policies well known to the public. The ALA has a good webpage entitled ALA Questions & Answers on Privacy and Confidentiality. You may wish to utilize the association’s recommended wording on a “splash page” (intro page) before your patrons access the internet services you provide. See below:
24. Will privacy policies create a situation that will protect illegal acts?
All libraries are advised to have in place patron behavior policies as well as Internet use policies. In both instances it should be clearly stated that engaging in any illegal act will not be permitted. A possible policy statement could be: Any activity or conduct that is in violation of federal, state, or local laws is strictly prohibited on library premises.
Clear evidence of illegal behavior is best referred to law enforcement who know the processes of investigation that protect the rights of the accused. (See: http://www.ala.org/advocacy/intfreedom/librarybill/interpretations/qa-privacy)
Surveillance Cameras & Public Libraries – Video surveillance systems have become increasingly common in all areas of public life. Cameras are now standard in schools, public buildings, parks and increasingly in public libraries. Surveillance systems may potentially pose a challenge to patron privacy and confidentiality in a library setting. The ALA provides some guidance in this area:
If the library decides surveillance is necessary, it is essential for the library to develop and enforce strong policies protecting patron privacy and confidentiality appropriate to managing the equipment, including routine destruction of the tapes in the briefest amount of time possible, or as soon as permitted by law.
Such policies should state that the cameras are to be used only for the narrow purpose of enhancing the physical security of the library, its property, staff and patrons.
Policies should also include protocols for posting signs or giving notice about the presence of surveillance cameras; storing of videotapes and other digital images in a secure location; and routine destruction of tapes or images in the briefest amount of time possible, or as soon as permitted by law. If the cameras create any records, the library must recognize its responsibility to protect their confidentiality like any other library record. In addition, some state laws indicate that libraries shall not disclose any information that identifies a person as having used a library or a library service, even if that information is not in the form of a “record.” Protecting patron confidentiality is best accomplished by purging the records or images as soon as their purpose is served.
(See: Questions and Answers on Privacy and Confidentiality
As always, consult with your library’s attorney when drafting policies involving the public’s use of your building and resources. It may be advisable to list your procedures along with the policies. The entire document can then be provided to local law enforcement and municipal officials alerting them to N.J.S.A. 18A:73-43.2 and the constraints this may place on the library when responding to law enforcement requests. Procedures can be found on the NJLA website at:
On the bottom of the main page of the BCCLS website is a link About BCCLS – Policies and Legal Notices. The page contains extensive information on third party vendors, network privacy, email and other issues that affect the (PII) of BCCLS patrons. There is also an excellent presentation by Eileen Palmer, Executive Director, Libraries of Middlesex Automation Consortium entitled “Maintaining Confidentiality – It’s Everyone’s Business” which can be found at http://www.slideshare.net/empalmer/maintaining-confidentiality-34490488
Hopefully the information provided in this paper helps your trustees understand the responsibilities and challenges libraries face in maintaining patron privacy and confidentiality.