Privacy and Confidentiality: Library Core Values
Privacy is essential to the exercise of free speech, free thought, and free association. Lack of privacy and confidentiality chills people’s choices, thereby suppressing access to ideas. The possibility of surveillance, whether direct or through access to records of speech, research and exploration, undermines a democratic society. In libraries, the right to privacy is the right to open inquiry without having the subject of one's interest examined or scrutinized by others.
Confidentiality of library records is a core value of librarianship. Confidentiality exists when a library is in possession of personally identifiable information (PII) about users and keeps that information private on their behalf. This includes such library-created records as closed-stack call slips, computer sign-up sheets, registration for equipment or facilities, circulation records, Web sites visited, reserve notices, or research notes. One cannot exercise the right to read in any format if the possible consequences include damage to one's reputation, ostracism from the community or workplace, or criminal penalties. Consider patrons looking for a new job or information about rock climbing or skydiving; this is information that the current employer or insurance company would like to have. Choice requires both a varied selection and the assurance that one's choice is not monitored.
For libraries to flourish as centers for uninhibited access to information, librarians must stand behind their users' right to privacy and freedom of inquiry. Just as people who borrow murder mysteries are unlikely to be murderers, so those seeking information about terrorism are unlikely to be terrorists. Assuming a sinister motive based on library users' reading choices makes no sense and leads to fishing expeditions that both waste precious law enforcement resources and have the potential to chill Americans' inquiry into current events and public affairs.
The Code of Ethics of the American Library Association and its Library Bill of Rights acknowledge the paramount importance of library patron privacy:
ALA Code of Ethics (first passed, 1939; amended, 1981, 1995, and 2008) "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted."
Privacy: an Interpretation of the Library Bill of Rights (2002) “The American Library Association affirms that rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship.”
- American Library Association, Privacy Policies and Statements
- History of the Code of Ethics 1930 Suggested Code of Ethics
- American Library Association, Questions and Answers on Privacy and Confidentiality, 23 January 2012.
Through the Library Bill of Rights and the ALA Code of Ethics, librarians fight to protect patron privacy and preserve our democratic society by promoting a diversity of viewpoints and ideas to support an informed, literate, and educated public. This Privacy Took Kit will provide you with practical steps you can take to protect patron privacy and confidentiality.
Privacy Policies and the Law
Library privacy and confidentiality policies must be in compliance with applicable federal, state, and local laws. The courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution. Many states provide guarantees of privacy in their constitutions and statute law. Numerous decisions in case law have defined and extended rights to privacy.
The Fourth Amendment and a Supreme Court decision are crucial in current discussions of privacy in the library and the extent to which library users have an “expectation of privacy.” This is important because in order to determine the extent of Fourth Amendment protection of personally identifiable information, the courts rely heavily on the U.S. Supreme Court decision in Katz v. United States, 389 U.S. 347 (1967), which held that the Fourth amendment “protects people, not places” and what a person “seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.”
In the Katz decision the Court also reiterated that “the person’s general right to privacy – his right to be let alone by other people – is like the protection of his property and of his very life, left largely to the law of the individual states.” In all 50 states and the District of Columbia, state constitutions, attorney general opinions, or state library confidentiality statutes provide that protection.
It is, therefore, critical that librarians regularly scrutinize all their library’s policies and practices to ensure that, to the greatest extent possible, they support an environment in which the library user’s privacy is respected and preserved. It is also important that libraries make every effort to communicate to library users and the communities they serve the importance of the confidentiality of library use in order to protect their intellectual freedom. If we fail to do this the courts may come to the conclusion that individuals no longer expect that the nature of their library use will be protected and, therefore, that privacy will no longer be constitutionally protected.
Standard Privacy Principles
- United States Federal Trade Commission. "Fair Information Practice Principles.”
- Organization for Economic Cooperation and Development (OECD), Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (Sept. 1980)
- International Federation of Library Associations (IFLA), "The Glasgow Declaration on Libraries, Information Services and Intellectual Freedom," (The Hague, Netherlands: IFLA, August 20, 2002)
- International Federation of Library Associations (IFLA), "The IFLA Internet Manifesto," (The Hague, Netherlands: IFLA, August 23, 2002)
- Canadian Library Association. 2012. “CLA Position Statement on Access to Information and Communication Technology" (Amended May 29, 2012; affirmed June 1, 2012).
- Privacy Rights Clearinghouse, Fact Sheet 12. A Checklist of Responsible Information-Handling Practices (Revised July 2013)
- Computer Professionals for Social Responsibility, Electronic Privacy Principles
PII: Personally Identifiable Information
One of the key concepts to understand when developing policies and procedures is that defined as: "Personally identifiable information" (PII). ALA Council approved the “Policy Concerning Confidentiality of Personally Identifiable Information about Library Users” in 1991 and amended it in 2004. PII connects individuals to what they’ve bought with their credit cards, what they’ve checked out with their library cards, what Web sites they’ve visited, where they’ve picked up cookies and what avatars they’ve registered. PII can easily be linked to every hash tag, like, tweet, post and social media interaction a user makes. More than simple identification, PII can create a picture of tastes and interests—a dossier of sorts though crude and often inaccurate. While targeted advertising is the obvious use for PII, some people would use this information to assess an individual’s character, decide if they were a security risk, or embarrass them for opposing a particular position. Because of the chilling effect that such scrutiny can have on open inquiry and freedom of expression, libraries and bookstores have long resisted requests to release information that connects individual persons with specific books.
• Privacy Rights Clearinghouse, Privacy Survival Guide (Revised March 2014).