Policy Checklist—Privacy and Confidentiality
- State the purpose of the policy, how often it will be reviewed, and to whom library users should address questions.
- Explain how protecting user privacy and confidentiality relates to the mission of the library.
- Refer to the principles on which the library’s commitment to protecting privacy is based (e.g., federal and state constitutions and the U.S. Bill of Rights; Library Bill of Rights and its interpretations; Code of Ethics of the American Library Association; The Freedom to Read statement).
- List the personally identifiable information that will be protected (e.g., circulation and registration records; in-person, telephone, chat, or text reference requests; hold, recall, reserve, and interlibrary loan requests; server and client computer logs).
- Include statements about the library’s commitment to do the following:
- Limit the degree to which personally identifiable information is monitored, collected, disclosed, and distributed. (For example, user information will be disclosed to third parties only in response to a properly executed court order.)
- Notify users whenever the library collects their personally identifiable information and give them the right to see information collected about them by the library.
- Avoid creating unnecessary records, including non-text records such as video recordings.
- Avoid library practices and procedures that place personally identifiable information on public view (e.g., postcard renewal notices; self-service “hold” shelves that reveal users’ identities; stating reserve requests or interlibrary loan titles on voice-mail messages that may be heard by other household members; positioning staff terminals so that the public can read the screens).
- Require that user records remain on a local server and not be exported to the cloud or a third-party server.
- Avoid retaining records that are not needed for efficient operation of the library, including data-related logs, digital records, vendor-collected data, and system backups.
- Ensure that contracts and licenses reflect library policies and legal obligations concerning privacy.
- Regularly purge personally identifiable information, including personally identifiable information associated with library resource use, material circulation history, and security/surveillance tapes and logs. (“Purging” does not imply wholesale destruction of records. Statistical information, library usage data permanently stripped of personally identifiable information, and historical documents can and should be retained to aid library administration and preservation of the historical record.)
- Employ policies addressing records management, retention, and purging throughout the institution, including information technology departments and off-site locations.
- Keep personally identifiable information secure and ensure it is accessed only by authorized library staff.
- Notify users about any data breaches that occur.
- Post the policy in a clear and conspicuous manner.
Magi, Trina J., Martin Garnar, and American Library Association. 2015. Intellectual Freedom Manual. Ninth Edition. Chicago: ALA Editions, An imprint of the American Library Association.