This checklist is intended to help all libraries take practical steps to improve privacy practices. It can help all libraries implement the principles laid out in the Library Privacy Guidelines for Students in K-12 Schools.
Priority 1 actions are steps all libraries can take to improve privacy practices. Priority 2 and Priority 3 actions are as important as Priority 1 actions. They help protect user privacy, but may be more difficult for libraries to implement. This is because each library may or may not have the capacity to do Priority 2 or 3, depending on:
- differing technical expertise
- available resources
- organizational structure
Regardless of these factors, libraries can use Priority 2 and Priority 3 actions as talking points with third parties and vendors. These third parties and vendors may have the resources and expertise to help the library implement these actions.
Priority 1 Actions
1. Create internal library procedures to protect student privacy based on:
a. School policies related to privacy and confidentiality of student data, especially student circulation records and the use of library resources in all formats.
b. Federal laws such as the Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Act (COPPA), and state privacy laws regarding library records.
c. ALA policy statements and resources.
d. Resources provided by national education and state library associations.
2. Collect the minimum amount of information necessary about students to manage their use of library resources.
3. Configure circulation software to delete students’ borrowing history and retain only necessary records.
4. Ensure any paper with personally identifiable information is stored securely and shredded at the end of its use.
5. Train library staff and volunteers to respect students’ privacy and the confidentiality of their library records.
Priority 2 Actions
1. Educate administrators, faculty, and support staff about students’ library privacy and the confidentiality of student data using a variety of communication methods such as in-service training, newsletters, email, etc.
2. Add privacy-related resources to the library collection including items related to personal privacy, minors’ privacy rights, and privacy as a national and international issue.
a. Create a privacy information section on the school library web page or a privacy-themed pathfinder with student- and faculty-focused privacy resources.
3. Integrate online privacy into library instruction and programming. For example:
a. Introduce students to online privacy information such as secure passwords and web tracking during library orientations and other brief presentations.
b. Celebrate Choose Privacy Week and other privacy-related observances (Data Privacy Day, Teen Tech Week, etc.) with the school community.
c. Create privacy-related displays and set up videos in the library to educate parents and caregivers during parent-teacher conferences and other evening school and community events.
d. Offer presentations to parents and caregivers about students’ privacy online and other privacy-related topics (e.g. phishing, passwords, basic cybersecurity).
4. Advocate within the school or district for protecting students’ privacy rights in learning management systems, internet filtering software, or other technologies that enable educators to monitor student reading and research habits. Assessment should not include monitoring how students use specific library materials and online resources as part of free inquiry and research.
5. Volunteer to serve on the school’s data governance committee. If one does not exist, advocate for its creation.
Priority 3 Actions
b. Post the policy in the library and on the library’s section of the school website.
2. Work through school lines of authority to write or adapt a K-12 privacy curriculum and have it formally approved and taught. Collaboratively teach privacy units with teachers using well developed, age-appropriate privacy curricula.
3. Work with school officials to incorporate privacy protections into RFP’s and resulting contracts. Discuss privacy concerns with digital resource and technology vendors when negotiating contracts.
4. Ensure that all online transactions between client applications and server applications are encrypted.
5. Ensure that storage of personally identifiable student information is housed using encrypted storage.
This checklist details the practical steps libraries can take to implement the Library Privacy Guidelines for Students in K-12 Schools.
Approved January 21, 2017 by the Intellectual Freedom Committee; revised January 14, 2021.