Privacy is essential to the exercise of free speech, free thought, and free association. The courts have established a First Amendment right to receive information in a publicly funded library.1 Further, the courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution.2 Many states provide guarantees of privacy in their constitutions and statute law.3 Numerous decisions in case law have defined and extended rights to privacy.4
In a library (physical or virtual), the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.5
Protecting user privacy and confidentiality has long been an integral part of the mission of libraries. The ALA has affirmed a right to privacy since 1939.6 Existing ALA policies affirm that confidentiality is crucial to freedom of inquiry.7 Rights to privacy and confidentiality also are implicit in the Library Bill of Rights’8 guarantee of free access to library resources for all users.
The Library Bill of Rights affirms the ethical imperative to provide unrestricted access to information and to guard against impediments to open inquiry. Article IV states: “Libraries should cooperate with all persons and groups concerned with resisting abridgement of free expression and free access to ideas.” When users recognize or fear that their privacy or confidentiality is compromised, true freedom of inquiry no longer exists.
In all areas of librarianship, best practice leaves the user in control of as many choices as possible. These include decisions about the selection of, access to, and use of information. Lack of privacy and confidentiality has a chilling effect on users’ choices. All users have a right to be free from any unreasonable intrusion into or surveillance of their lawful library use.
Users have the right to be informed what policies and procedures govern the amount and retention of personally identifiable information, why that information is necessary for the library, and what the user can do to maintain his or her privacy. Library users expect and in many places have a legal right to have their information protected and kept private and confidential by anyone with direct or indirect access to that information. In addition, Article V of the Library Bill of Rights states: “A person’s right to use a library should not be denied or abridged because of origin, age, background, or views.” This article precludes the use of profiling as a basis for any breach of privacy rights. Users have the right to use a library without any abridgement of privacy that may result from equating the subject of their inquiry with behavior.9
The library profession has a long-standing commitment to an ethic of facilitating, not monitoring, access to information. This commitment is implemented locally through development, adoption, and adherence to privacy policies that are consistent with applicable federal, state, and local law. Everyone (paid or unpaid) who provides governance, administration, or service in libraries has a responsibility to maintain an environment respectful and protective of the privacy of all users. Users have the responsibility to respect each others’ privacy.
For administrative purposes, librarians may establish appropriate time, place, and manner restrictions on the use of library resources.10 In keeping with this principle, the collection of personally identifiable information should only be a matter of routine or policy when necessary for the fulfillment of the mission of the library. Regardless of the technology used, everyone who collects or accesses personally identifiable information in any format has a legal and ethical obligation to protect confidentiality.
The American Library Association affirms that rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship.
1Court opinions establishing a right to receive information in a public library include Board of Education. v. Pico, 457 U.S. 853 (1982); Kreimer v. Bureau Of Police For The Town Of Morristown, 958 F.2d 1242 (3d Cir. 1992); and Reno v. American Civil Liberties Union, 117 S.Ct. 2329, 138 L.Ed.2d 874 (1997).
2See in particular the Fourth Amendment’s guarantee of “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures,” the Fifth Amendment’s guarantee against self-incrimination, and the Ninth Amendment’s guarantee that “[t]he enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.” This right is explicit in Article Twelve of the Universal Declaration of Human Rights: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” See: http://www.un.org/Overview/rights.html. This right has further been explicitly codified as Article Seventeen of the “International Covenant on Civil and Political Rights,” a legally binding international human rights agreement ratified by the United States on June 8, 1992. See: http://www.unhchr.ch/html/menu3/b/a_ccpr.htm.
3Ten state constitutions guarantee a right of privacy or bar unreasonable intrusions into citizens’ privacy. Forty-eight states protect the confidentiality of library users’ records by law, and the attorneys general in the remaining two states have issued opinions recognizing the privacy of users’ library records. See: State Privacy Laws.
4Cases recognizing a right to privacy include: NAACP v. Alabama, 357 U.S. 449 (1958); Griswold v. Connecticut 381 U.S. 479 (1965); Katz v. United States, 389 U.S. 347 (1967); and Stanley v. Georgia, 394 U.S. 557 (1969). Congress recognized the right to privacy in the Privacy Act of 1974 and Amendments (5 USC Sec. 552a), which addresses the potential for government’s violation of privacy through its collection of personal information. The Privacy Act’s “Congressional Findings and Statement of Purpose” state in part: “the right to privacy is a personal and fundamental right protected by the Constitution of the United States.” See: http://caselaw.lp.findlaw.com/scripts/ts_search.pl?title=5&sec=552a.
5The phrase “Personally identifiable information” was established in ALA policy in 1991. See: Policy Concerning Confidentiality of Personally Identifiable Information about Library Users. Personally identifiable information can include many types of library records, for instance: information that the library requires an individual to provide in order to be eligible to use library services or borrow materials, information that identifies an individual as having requested or obtained specific materials or materials on a particular subject, and information that is provided by an individual to assist a library staff member to answer a specific question or provide information on a particular subject. Personally identifiable information does not include information that does not identify any individual and that is retained only for the purpose of studying or evaluating the use of a library and its materials and services. Personally identifiable information does include any data that can link choices of taste, interest, or research with a specific individual.
6Article Eleven of the Code of Ethics for Librarians (1939) asserted that “It is the librarian’s obligation to treat as confidential any private information obtained through contact with library patrons.” See: Code of Ethics for Librarians (1939). Article Three of the current Code (1995) states: “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.” See: http://www.ala.org/alaorg/oif/ethics.html.
7See these ALA Policies: Access for Children and Young People to Videotapes and Other Nonprint Formats; Free Access to Libraries for Minors; Freedom to Read (http://www.ala.org/alaorg/oif/freeread.html); Libraries: An American Value; the newly revised Library Principles for a Networked World; Policy Concerning Confidentiality of Personally Identifiable Information about Library Users; Policy on Confidentiality of Library Records; Suggested Procedures for Implementing Policy on the Confidentiality of Library Records.
8Adopted June 18, 1948; amended February 2, 1961, and January 23, 1980; inclusion of “age” reaffirmed January 23, 1996, by the ALA Council. See: http://www.ala.org/work/freedom/lbr.html.
9Existing ALA Policy asserts, in part, that: “The government’s interest in library use reflects a dangerous and fallacious equation of what a person reads with what that person believes or how that person is likely to behave. Such a presumption can and does threaten the freedom of access to information.” Policy Concerning Confidentiality of Personally Identifiable Information about Library Users
10See: Guidelines for the Development and Implementation of Policies, Regulations and Procedures Affecting Access to Library Materials, Services and Facilities.
Adopted June 19, 2002, by the ALA Council.
Links to non-ALA sites have been provided because these sites may have information of interest. Neither the American Library Association nor the Office for Intellectual Freedom necessarily endorses the views expressed or the facts presented on these sites; and furthermore, ALA and OIF do not endorse any commercial products that may be advertised or available on these sites.