Privacy Tool Kit

III. PRIVACY PROCEDURES

|  Responsibilities of Governing Bodies/Policy Makers | Responsibilities of Administrators | Responsibilities of Supervisors | Staff Responsibilities |

   

Responsibilities of Governing Bodies/Policy Makers

  • Keep informed about issues relating to library patron and user privacy and confidentiality
  • Be aware of applicable federal, state and local laws and regulations
  • Adopt appropriate policies
  • Provide the library administration with sufficient resources to develop procedures and provide staff training in support of policies
  • Understand and respect the library's organization and administrative hierarchy
  • Understand the library's plan for routine and crisis communication
  • Be knowledgeable about techniques for dealing with the media
  • Be aware of the library's relationship to governmental agencies and officials (elected and appointed) and to other organizations

   

Responsibilities of Administrators

  • Keep informed about issues relating to library patron and user privacy and confidentiality
  • Be aware of applicable federal, state and local laws and regulations
  • Inform and educate policy makers about relevant professional, ethical and legal issues
  • Recommend privacy and confidentiality policies to policy makers:
    • Ensure that knowledgeable legal counsel is consulted
    • Include ALA and other relevant documents, laws and regulations;
  • Make sure that all contracts with ILS (integrated library system) and other vendors are consistent and compliant with the library's policies
  • Conduct privacy audits
    • Review and evaluate current practices and procedures
  • Develop guidelines and procedures in support of policies:
    • Define patron privacy and confidentiality
    • Include relevant library policies
    • Identify the type and nature of all records and files that contain library patron and user personally identifiable information
    • Establish a schedule for the retention of records and files containing library patron and user personally identifiable information
    • Create a chart of the library's organizational hierarchy, indicating:
      • Chain of command
      • Staff members authorized to respond to requests for patron or user personally identifiable information
    • Define and describe the type and nature of requests for personally identifiable information:
      • Informal
        • Define the circumstances under which, the manner of and extent to which, patron and user personally identifiable information may be disclosed in person, over the phone or electronically
      • Law enforcement
        • Detail the specific steps staff should follow in responding to investigatory requests for patron and user personally identifiable information from:
          • Local and state agencies
          • Federal agencies
    • Write a ready-reference card with a clear and concise description of the library's privacy policies
      • Make available in all departments and public service areas
  • Be authorized to accept and comply with all investigatory requests
  • Designate a library staff member to serve as the Library Privacy Officer who will:
    • Keep abreast of news and information about privacy issues
    • Train all library staff on privacy and confidentiality issues, polices and procedures:
      • Specify what, how, when and which staff may respond to public, media or law enforcement requests for library patron and user personally identifiable information
      • Examine staff practices and procedures on a regular basis for compliance with policies
      • Evaluate training methods and effectiveness
  • Develop a routine and crisis communication plan:
    • Prepare an organizational chart/hierarchy of whom staff should contact
    • Maintain current contact information
  • Designate a library spokesperson
  • Provide media training for policy-makers and key staff
  • Educate the public about issues of library privacy and confidentiality and the library's policies, practices and procedures to protect library patron and user personally identifiable information
  • Maintain contact with local, regional and national affinity organizations
  • Forge alliances with community groups

   

Responsibilities of Supervisors

  • Reinforce training to ensure that all staff have a basic understanding of the library's policies, practices and procedures
  • Monitor staff for compliance with library practices and procedures in their daily activities
  • Report flaws or failures of training or procedures to the Privacy Officer
  • Be prepared to discuss privacy and confidentiality policies, practices and procedures with library patrons and users

   

Staff Responsibilities

  • Understand and follow library practices and procedures:
    • Apply equally to all library patrons and users regardless of age, origin, background or views
    • Maintain privacy and confidentiality when assisting library patrons and users
  • Discuss matters of library patron and user personally identifiable information with other staff only when necessary for operational purposes:
    • Conduct discussions in non-public areas
  • Refrain from discussing matters of library patron and user personally identifiable information with friends, family or members of the public
  • Refer requests by the public, the media or law enforcement for access to, or view of, non-public computers, files or records to a library administrator
  • Direct all requests from law enforcement or government officials for library patron and user personally identifiable information to a library administrator
  • Keep confidential the source of any request or the nature of the information requested with staff, family, friends or members of the public