Resolution on the Retention of Library Usage Records

WHEREAS, "Protecting user privacy and confidentiality is necessary for intellectual freedom and fundamental to the ethics and practice of librarianship" (ALA Policy Manual, 53.1.16; Privacy: An Interpretation of the Library Bill of Rights); and

WHEREAS, Library usage records containing personally identifiable information (PII) are maintained for the sole purpose of effectively managing library resources; and

WHEREAS, The confidentiality of library usage records is protected by law in all fifty states and in the District of Columbia (see; and

WHEREAS, "The government's interest in library use represents a dangerous and fallacious equation of what a person reads with what that person believes or how that person is likely to behave" (ALA Policy Manual, 52.4.2; Confidentiality of Personally Identifiable Information About Library Users); and

WHEREAS, The American Library Association strongly recommends the adoption of policies recognizing "circulation records and other records identifying the names of library users with specific materials to be confidential" (ALA Policy Manual, 52.4; Confidentiality of Library Records); now, therefore, be it

RESOLVED, That the American Library Association urges all libraries to:

  • Limit the degree to which personally identifiable information is collected, monitored, disclosed, and distributed; and
  • Avoid creating unnecessary records; and
  • Limit access to personally identifiable information to staff performing authorized functions; and
  • Dispose of library usage records containing personally identifiable information unless they are needed for the efficient and lawful operation of the library, including, but not limited to data-related logs, digital records, vendor-collected data, and system backups; and
  • Ensure that the library work with its organization's information technology unit to ensure that library usage records processed or held by the IT unit are treated in accordance with library records policies; and
  • Ensure that those records that must be retained are secure; and
  • Avoid library practices and procedures that place personally identifiable information on public view; and
  • Assure that vendor agreements guarantee library control of all data and records; and
  • Conduct an annual privacy audit to ensure that information processing procedures meet privacy requirements by examining how information about library users and employees is collected, stored, shared, used, and destroyed; and, be it further

RESOLVED, That the American Library Association urges all libraries to adopt or update a privacy policy protecting users' personally identifiable information, communicating to library users how their information is used, and explaining the limited circumstances under which personally identifiable information could be disclosed; and, be it further

RESOLVED, That the American Library Association urges members of the library community to advocate that records retention laws and regulations limit retention of library usage records containing personally identifiable information to the time needed for efficient operation of the library.

Adopted by the Council of the American Library Association
Wednesday, June 28, 2006
New Orleans, Louisiana