Knowledge Base

St. Thomas Library Support for Patron Privacy

One of the ethical responsibilities of library staff is to protect the privacy of library users. UST Libraries have historically supported patron privacy, however, users in the 21st century seem less concerned with privacy issues as witnessed by substantive private information shared by users in public sites such as Facebook and Myspace, etc. As the UST libraries consider this policy, we will be considering opt in or opt out of various services and products in which users are willing to share heretofore private information. For example, in order to be able to provide Netflix and Amazon types of ‘if you liked this, you’ll like this’ in the future we may provide the opportunity for users to be willing to have the libraries maintain their checkout history. In order to be able to provide services that suggest other articles like the one they just downloaded, products may ask to maintain that information. That being said, the libraries are committed to maintain patron confidentiality and privacy.

Confidentiality extends to information sought or received, materials consulted, borrowed or accessed. This includes database search records, reference interviews and consultations, circulation records, interlibrary loan records and other personally identifiable uses of library materials, facilities, personnel or services. This policy is based on the American Library Association's Policy concerning Confidentiality of Personally Identifiable Information about Library Users. Student information is protected based on Family Educational Rights and Privacy Act sections of the United States Code.

Law and Legislation

The American Library Association (ALA) recognizes that law enforcement agencies and officers may occasionally believe that library records contain information which may be helpful in the investigation of alleged criminal activity. If there is a reasonable basis to believe such records would be necessary for the progress of an investigation or prosecution, court orders should be sought. The UST Director of Libraries will respond, if the data are available, to such court orders.

According to the American Library Association (ALA) (from whose policy this policy has been adapted) in most states, the law protects the confidentiality of library records to some degree. Generally, these laws protect circulation and registration records containing personal names. Many also protect information on the "use of library materials." We will not assume that Minnesota laws are written in such a way that we can assume that they protect the privacy of patrons using online resources.

Library Systems

Staff are not authorized to reveal circulation or other information regarding patron use or questions to other patrons, university administration, any agency of state, federal or local government or subpoena as may be authorized under the authority of, and pursuant to, federal, state or local law relating to civil, criminal or administrative discovery procedures or legislative investigatory power.

Staff should direct requests to the Director of University Libraries or designee who will comply with the proper court order.

The Libraries have as a commitment the interest of our patrons’ privacy. We will protect user records, both electronic and paper, from unauthorized access, including:

• Lists of library cardholders
• Circulation records. Historical circulation information is not available because the patron ID is not maintained in the used item record.
• Patron data
• Authentication data (should not reveal patron activities)

The Libraries will determine the appropriate use of any data describing user activity logged or gathered by the Web server software or email/chat transcript logs for reference services while maintaining user anonymity.

Library and ITS purchased software

Libraries must be especially diligent in all areas where they use and control technology-based information systems. Because libraries have stronger user privacy concerns than many other institutions, our needs will often not be met by software licenses as configured "out of the box.” Consequently we will endeavor to modify standard license terms when necessary to protect user confidentiality.

Internet Access in Libraries

The libraries cannot assure patron privacy once they have left the libraries’ domain. We have limited influence over the privacy practices of websites. Any of the following are possible by external websites:

• User tracking
• Data mining for marketing information
• Users giving out personal information online. Users may voluntarily reveal personal information to take advantage of personalization features of web sites, to subscribe to services, to participate in interactive communications, and to purchase items online.
• Screen view privacy. Computer screens may be readily visible to other patrons.

Users should be aware of these features and are responsible for preserving their own online privacy.

The University periodically clears logs or caches of user activity; however, subsequent users at a library computer may be able to see some traces of activity of previous users.

Access to Remote Resources Provided by the Library

Care will be taken to include patron privacy measures in the license between the library and the vendor.  New features are being developed that allow users to personalize their use of remote information, to e-mail retrieved items to themselves, or to purchase items like article reprints. These features necessarily link the activity to the individual user, and create a record of the use.  Users will have the right to make those decisions.

May 21, 2009 Library Management Team