Privacy Toolkit

Home | Previous: Introduction | Next: Developing or Revising a Privacy Policy

Privacy and Confidentiality: Library Core Values

Privacy and the Law | Standard Privacy Principles PII: Personally Identifiable Information

Privacy is essential to the exercise of free speech, free thought, and free association. Lack of privacy and confidentiality chills people’s choices, thereby suppressing access to ideas. The possibility of surveillance, whether direct or through access to records of speech, research and exploration, undermines a democratic society.  In libraries, the right to privacy is the right to open inquiry without having the subject of one's interest examined or scrutinized by others. 

Confidentiality of library records is a core value of librarianship. Confidentiality exists when a library is in possession of personally identifiable information (PII) about users and keeps that information private on their behalf.  This includes such library-created records as closed-stack call slips, computer sign-up sheets, registration for equipment or facilities, circulation records, Web sites visited, reserve notices, or research notes.  One cannot exercise the right to read in any format if the possible consequences include damage to one's reputation, ostracism from the community or workplace, or criminal penalties. Consider patrons looking for a new job or information about rock climbing or skydiving; this is information that the current employer or insurance company would like to have. Choice requires both a varied selection and the assurance that one's choice is not monitored.

For libraries to flourish as centers for uninhibited access to information, librarians must stand behind their users' right to privacy and freedom of inquiry. Just as people who borrow murder mysteries are unlikely to be murderers, so those seeking information about terrorism are unlikely to be terrorists. Assuming a sinister motive based on library users' reading choices makes no sense and leads to fishing expeditions that both waste precious law enforcement resources and have the potential to chill Americans' inquiry into current events and public affairs.

The Code of Ethics of the American Library Association and its Library Bill of Rights acknowledge the paramount importance of library patron privacy:

ALA Code of Ethics (first passed, 1939; amended, 1981, 1995, and 2008)  "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted."

Privacy:  an Interpretation of the Library Bill of Rights (2002)  “The American Library Association affirms that rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship.”

Selected Links:

Through the Library Bill of Rights and the ALA Code of Ethics, librarians fight to protect patron privacy and preserve our democratic society by promoting a diversity of viewpoints and ideas to support an informed, literate, and educated public.  This Privacy Took Kit will provide you with practical steps you can take to protect patron privacy and confidentiality.

Privacy Policies and the Law

Library privacy and confidentiality policies must be in compliance with applicable federal, state, and local laws. The courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution. Many states provide guarantees of privacy in their constitutions and statute law. Numerous decisions in case law have defined and extended rights to privacy.

The Fourth Amendment and a Supreme Court decision are crucial in current discussions of privacy in the library and the extent to which library users have an “expectation of privacy.” This is important because in order to determine the extent of Fourth Amendment protection of personally identifiable information, the courts rely heavily on the U.S. Supreme Court decision in  Katz v. United States, 389 U.S. 347 (1967), which held that the Fourth amendment “protects people, not places” and what a person “seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.”  

In the Katz decision the Court also reiterated that “the person’s general right to privacy – his right to be let alone by other people – is like the protection of his property and of his very life, left largely to the law of the individual states.”   In all 50 states and the District of Columbia, state constitutions, attorney general opinions, or state library confidentiality statutes provide that protection. 

It is, therefore, critical that librarians regularly scrutinize all their library’s policies and practices to ensure that, to the greatest extent possible, they support an environment in which the library user’s privacy is respected and preserved. It is also important that libraries make every effort to communicate to library users and the communities they serve the importance of the confidentiality of library use in order to protect their intellectual freedom.  If we fail to do this the courts may come to the conclusion that individuals no longer expect that the nature of their library use will be protected and, therefore, that privacy will no longer be constitutionally protected.

Selected Links:

First, Fourth, Fifth, Ninth, Tenth, and Fourteenth Amendments to the Constitution of the United States 

Article Twelve of the Universal Declaration of Human Rights

Your Privacy Protection Under the Law

History of the Privacy Act of 1974

Privacy and the Courts

State Privacy Laws Regarding Library Records

Standard Privacy Principles

In addition to ALA policies, there are many very good frameworks for establishing privacy policies. The privacy policy guidelines outlined here are based in part on what are known as the five “Fair Information Practice Principles.” These five principles outline the rights of Notice, Choice, Access, Security, and Enforcement. Another widely accepted European legal framework establishing rights of data privacy and confidentiality calls for ensuring Collection limitation, Data quality, Purpose specification, Use limitation, Security safeguards, Openness, Individual participation, and Accountability. These frameworks provide the basis for recommendations from other consumer and privacy advocacy groups, whose checklists are well worth reviewing.

Selected Links:

PII: Personally Identifiable Information

One of the key concepts to understand when developing policies and procedures is that defined as: "Personally identifiable information" (PII). ALA Council approved the “Policy Concerning Confidentiality of Personally Identifiable Information about Library Users” in 1991 and amended it in 2004.  PII connects individuals to what they’ve bought with their credit cards, what they’ve checked out with their library cards, what Web sites they’ve visited, where they’ve picked up cookies and what avatars they’ve registered.  PII can easily be linked to every hash tag, like, tweet, post and social media interaction a user makes. More than simple identification, PII can create a picture of tastes and interests—a dossier of sorts though crude and often inaccurate. While targeted advertising is the obvious use for PII, some people would use this information to assess an individual’s character, decide if they were a security risk, or embarrass them for opposing a particular position. Because of the chilling effect that such scrutiny can have on open inquiry and freedom of expression, libraries and bookstores have long resisted requests to release information that connects individual persons with specific books. 

Selected Links:

American Library Association, Policy Concerning Confidentiality of Personally Identifiable Information about Library Users (Amended June 30, 2004). 

Privacy Rights Clearinghouse, Privacy Survival Guide (Revised March 2014). 

Home | Previous: Introduction | Next: Developing or Revising a Privacy Policy