Skip to: Content
Skip to: Section Navigation
Skip to: Site Navigation
Skip to: Search

Privacy Tool Kit

Return to the Privacy Tool Kit

III. PRIVACY PROCEDURES

| Responsibilities of Governing Bodies/Policy Makers | Responsibilities of Administrators | Responsibilities of Supervisors | Staff Responsibilities |

Responsibilities of Governing Bodies/Policy Makers

  • Keep informed about issues relating to library patron and user privacy and confidentiality
  • Be aware of applicable federal, state and local laws and regulations
  • Adopt appropriate policies
  • Provide the library administration with sufficient resources to develop procedures and provide staff training in support of policies
  • Understand and respect the library's organization and administrative hierarchy
  • Understand the library's plan for routine and crisis communication
  • Be knowledgeable about techniques for dealing with the media
  • Be aware of the library's relationship to governmental agencies and officials (elected and appointed) and to other organizations

Responsibilities of Administrators

  • Keep informed about issues relating to library patron and user privacy and confidentiality
  • Be aware of applicable federal, state and local laws and regulations
  • Inform and educate policy makers about relevant professional, ethical and legal issues
  • Recommend privacy and confidentiality policies to policy makers:
    • Ensure that knowledgeable legal counsel is consulted
    • Include ALA and other relevant documents, laws and regulations;
  • Make sure that all contracts with ILS (integrated library system) and other vendors are consistent and compliant with the library's policies
  • Conduct privacy audits
    • Review and evaluate current practices and procedures
  • Develop guidelines and procedures in support of policies:
    • Define patron privacy and confidentiality
    • Include relevant library policies
    • Identify the type and nature of all records and files that contain library patron and user personally identifiable information
    • Establish a schedule for the retention of records and files containing library patron and user personally identifiable information
    • Create a chart of the library's organizational hierarchy, indicating:
      • Chain of command
      • Staff members authorized to respond to requests for patron or user personally identifiable information
    • Define and describe the type and nature of requests for personally identifiable information:
      • Informal
        • Define the circumstances under which, the manner of and extent to which, patron and user personally identifiable information may be disclosed in person, over the phone or electronically
      • Law enforcement
        • Detail the specific steps staff should follow in responding to investigatory requests for patron and user personally identifiable information from:
          • Local and state agencies
          • Federal agencies
    • Write a ready-reference card with a clear and concise description of the library's privacy policies
      • Make available in all departments and public service areas
  • Be authorized to accept and comply with all investigatory requests
  • Designate a library staff member to serve as the Library Privacy Officer who will:
    • Keep abreast of news and information about privacy issues
    • Train all library staff on privacy and confidentiality issues, polices and procedures:
      • Specify what, how, when and which staff may respond to public, media or law enforcement requests for library patron and user personally identifiable information
      • Examine staff practices and procedures on a regular basis for compliance with policies
      • Evaluate training methods and effectiveness
  • Develop a routine and crisis communication plan:
    • Prepare an organizational chart/hierarchy of whom staff should contact
    • Maintain current contact information
  • Designate a library spokesperson
  • Provide media training for policy-makers and key staff
  • Educate the public about issues of library privacy and confidentiality and the library's policies, practices and procedures to protect library patron and user personally identifiable information
  • Maintain contact with local, regional and national affinity organizations
  • Forge alliances with community groups

Responsibilities of Supervisors

  • Reinforce training to ensure that all staff have a basic understanding of the library's policies, practices and procedures
  • Monitor staff for compliance with library practices and procedures in their daily activities
  • Report flaws or failures of training or procedures to the Privacy Officer
  • Be prepared to discuss privacy and confidentiality policies, practices and procedures with library patrons and users

Staff Responsibilities

  • Understand and follow library practices and procedures:
    • Apply equally to all library patrons and users regardless of age, origin, background or views
    • Maintain privacy and confidentiality when assisting library patrons and users
  • Discuss matters of library patron and user personally identifiable information with other staff only when necessary for operational purposes:
    • Conduct discussions in non-public areas
  • Refrain from discussing matters of library patron and user personally identifiable information with friends, family or members of the public
  • Refer requests by the public, the media or law enforcement for access to, or view of, non-public computers, files or records to a library administrator
  • Direct all requests from law enforcement or government officials for library patron and user personally identifiable information to a library administrator
  • Keep confidential the source of any request or the nature of the information requested with staff, family, friends or members of the public

 

ALA Privacy Tool Kit

Introduction revised March 5, 2004