Privacy and Confidentiality Policy

A WELL-DEFINED PRIVACY policy communicates the library’s commitment to protecting users’ personally identifiable information, tells library users how their information is used, and explains under what circumstances personally identifiable information might be disclosed to third parties. In addition to the privacy policy, the library should consider developing a records management plan that identifies the types of records kept by the library, sets forth retention schedules for those records, and establishes procedures for the purging or destruction of the records when mandated by the schedule. The library also should develop procedures for employees and volunteers to follow in responding to outside inquiries concerning user records, including inquiries coming from law enforcement agents. Such procedures should explain how records are preserved when the library is given notice that the records are subject to legal process or evidence of a crime.

Policy Checklist—Privacy and Confidentiality

  • State the purpose of the policy, how often it will be reviewed, and to whom library users should address questions.

  • Explain how protecting user privacy and confidentiality relates to the mission of the library.

  • Refer to the principles on which the library’s commitment to protecting privacy is based (e.g., federal and state constitutions and the U.S. Bill of Rights; Library Bill of Rights and its interpretations; Code of Ethics of the American Library Association; The Freedom to Read statement).

  • Refer to any federal, state, and local laws that impact library privacy policy. State library confidentiality statutes may impose special or additional duties on libraries and their employees. State laws and local ordinances addressing open records and records management and the state Freedom of Information Act also must be considered when drafting policies concerning records retention and access to records. 

  • List the personally identifiable information that will be protected (e.g., circulation and registration records; in-person, telephone, chat, or text reference requests; hold, recall, reserve, and interlibrary loan requests; server and client computer logs).

  • Include statements about the library’s commitment to do the following:
    • Limit the degree to which personally identifiable information is monitored, collected, disclosed, and distributed. (For example, user information will be disclosed to third parties only in response to a properly executed court order.)
    • Notify users whenever the library collects their personally identifiable information and give them the right to see information collected about them by the library.
    • Avoid creating unnecessary records, including non-text records such as video recordings.
    • Avoid library practices and procedures that place personally identifiable information on public view (e.g., postcard renewal notices; self-service “hold” shelves that reveal users’ identities; stating reserve requests or interlibrary loan titles on voice-mail messages that may be heard by other household members; positioning staff terminals so that the public can read the screens).
    • Require that user records remain on a local server and not be exported to the cloud or a third-party server.
    • Avoid retaining records that are not needed for efficient operation of the library, including data-related logs, digital records, vendor-collected data, and system backups.
    • Ensure that contracts and licenses reflect library policies and legal obligations concerning privacy.
    • Regularly purge personally identifiable information, including personally identifiable information associated with library resource use, material circulation history, and security/surveillance tapes and logs. (“Purging” does not imply wholesale destruction of records. Statistical information, library usage data permanently stripped of personally identifiable information, and historical documents can and should be retained to aid library administration and preservation of the historical record.)
    • Employ policies addressing records management, retention, and purging throughout the institution, including information technology departments and off-site locations. 
    • Keep personally identifiable information secure and ensure it is accessed only by authorized library staff.
    • Notify users about any data breaches that occur.
  • Post the policy in a clear and conspicuous manner.

Magi, Trina J., Martin Garnar, and American Library Association. 2015. Intellectual Freedom Manual. Ninth Edition. Chicago: ALA Editions, An imprint of the American Library Association.

PDF of page 38-40 | Purchase the complete ninth edition of the manual at the ALA store

Updated 2017