Privacy Policy
1. Policy Statement
The Worcester Public Library champions the protection of personal privacy. Protecting Library user privacy and keeping confidential information that identifies individuals or associates individuals with their use of Library books, materials, equipment, programs, facilities, and/or staff assistance is an integral principle of the Library. This policy affirms the Library’s commitment to privacy, explains the information that the Library collects, and alerts visitors to Library facilities and users of remotely accessed Library services to the privacy choices they face. The Worcester Public Library supports and adheres to the American Library Association's "Policy on Confidentiality of Library Records," and ALA Council documents CD#19.3 “Resolution on the Retention of Library Usage Records” (see attached).
The Library collects only the minimum personal information necessary to provide effective services for its users. Library records that identify Library users by name are confidential. Such records will not be made available except as permitted in the Massachusetts General Laws, Chapter 180 of the Acts of 1988 (see attached), or with the explicit permission of the user in question or pursuant to judicial process, subpoena or court order. The USA PATRIOT Act expands the federal government’s authority for access to Library records and documents to protect against international terrorism and clandestine intelligence activities. It also expands federal law enforcements’ authorization to track telephone and electronic communication, including any dialing, routing, addressing, or signaling information and the actual content of the communication. This law prohibits library workers from informing users if federal agents have obtained records about them.
If a process, subpoena or order is served on this library or its employees or Directors, the Executive Director will consult with the City of Worcester's Law Department to determine if such process, subpoena or order is in proper form and if any necessary showing has been made for its issuance. The Executive Director will notify the Board of Directors. The Library shall, subject to legal advice, comply with the process, subpoena or order.
This policy applies to all Library records, including but not limited to records related to the circulation of Library materials, computer database searches, interlibrary loan transactions, reference queries, holds, use of restricted materials, or use of audiovisual materials.
2. General Guidelines
- The Library will keep confidential all such information that it collects or maintains to the fullest extent permitted by federal, state and local law, including the Massachusetts General Laws, Chapter 180 of the Acts of 1988 and the USA PATRIOT Act. To make this policy easy to find, the Library makes it available on the Library’s Web site.
- Protection of confidentiality extends to information sought or received, and materials consulted, borrowed, and received.
- Protection of confidentiality includes database search records, circulation records, interlibrary loan records, and other personally identifiable uses of library materials or services.
- Any Library user information will be used only to provide or improve Library services.
- Library user account information is located on the CW MARS’ server and is protected under its privacy policy.
3. Library Cards and Circulation Records
- To receive a Library card Library users are required to provide identifying information such as name, birth date, mailing address, social security number (optional), and email (optional). This identifying information is retained as long as the Library user continues to use the Library card.
- Through the CW MARS network, a Library user’s own record includes current information, items currently checked out or on hold, as well as overdue materials and fines.
- When fines accrue on a user’s account, the Library does maintain record of items that have been borrowed but returned after the due date, or are still outstanding on the user’s record. When overdue materials are returned and all associated fines are paid, the information associated with the Library card number is deleted.
- The Library normally sends overdue notices via email or by postcard, but occasionally telephones. The Library notifies users via telephone, email or mail when requested items are ready for pickup.
- Museum passes are loaned through a third party hosted service, Library users are protected under its privacy policy.
- The Library does not sell, lease or otherwise distribute or disclose user name, email address, postal address, telephone number, or other personal information to outside parties. The Library occasionally conducts promotional campaigns to inform the community of services. At those times, user email or mail addresses may be used.
4. Radio Frequency Identification (RFID)
- The Library uses the Checkpoint Intelligent Library System technology to secure and circulate Library materials. The system server contains a transaction database and log file for gathering monthly reports.
- The information stored on the RFID chip/tag is limited to the item barcode that can only be read by Library equipment.
- RFID is not used for Library cards.
5. Public computer use and the Library’s Online Public Access Catalog (OPAC)
- The Library uses an online computer reservation program that utilizes Library cards or visitor cards for the public to reserve computers to access the internet and other resources. For some computers, paper sign-up sheets are employed and disposed of daily.
- The Library’s public computer stations are programmed to delete the history of a Library user’s internet session and all searches once an individual session is completed. Reservation transaction history is deleted within 48 hours.
- The Library’s OPAC offers Library user self-activated features, such as My Reading History. Information gathered and stored using this feature is only accessible to the Library user. There is no administrative interface to this information for Library staff and, therefore, it is not retrievable by anyone other than the user. The user has the option to delete his/her reading history at any time.
6. Reference Questions, Distance and In-house
- Information provided by a library user via email will be used only for purposes described at the point of collection, such as to send information or provide Library services to the Library user, or respond to a Library user’s questions or comments.
- If contact information is provided, the Library may contact the Library user to clarify a comment or question, or to learn about the level of customer satisfaction with Library services.
- The Library treats reference questions, regardless of format of transmission (in person, via telephone, fax, email or online) confidentially. Personal identifying information related to these questions is purged on an ongoing basis.
- Email is not necessarily secure against interception and may be subject to disclosure requirements of the Public Records Act or other legal disclosure requirements.
- Users may not misrepresent themselves for purposes of fraud.
7. Web Site Use
- The Library collects no personal information about a Library user when they visit our website.
- Since the Library web site is hosted through a subscribed service, library users are protected under its privacy policy.
- The Library has links to many federal, state and local organizations, as well as commercial sites. Once users link to other sites, they are subject to the privacy policies of the new sites.
Formerly Policy on Confidentiality of Library Records Revised 9 September 2003.
Approved by the Board of Directors 8 May 2007.
Policy on Confidentiality of Library Records
The Council of the American Library Association strongly recommends that the responsible officers of each Library, cooperative system, and consortium in the United States:
- Formally adopt a policy that specifically recognizes its circulation records and other records identifying the names of Library users to be confidential. (See also ALA Code of Ethics, Article III, "We protect each library user's right to privacy and confidentiality with respect to information sought or received, and resources consulted, borrowed, acquired or transmitted" and Privacy: An Interpretation of the Library Bill of Rights).
- Advise all librarians and Library employees that such records shall not be made available to any agency of state, federal, or local government except pursuant to such process, order or subpoena as may be authorized under the authority of, and pursuant to, federal, state, or local law relating to civil, criminal, or administrative discovery procedures or legislative investigative power.
- Resist the issuance of enforcement of any such process, order, or subpoena until such time as a proper showing of good cause has been made in a court of competent jurisdiction.
Note: Point 3, above, means that upon receipt of such process, order, or subpoena, the Library's officers will consult with their legal counsel to determine if such process, order, or subpoena is in proper form and if there is a showing of good cause for its issuance; if the process, order, or subpoena is not in proper form or if good cause has not been shown, they will insist that such defects be cured.
Adopted January 20, 1971, by the ALA Council; amended July 4, 1975; July 2, 1986. [ISBN 8389-6082-0]
Chapter 78, Section 7 of the Massachusetts General Laws (as amended by Chapter 180, Acts of 1988)
Section 7. A town may establish and maintain public libraries for its inhabitants under regulations prescribed by the city council or by the town, and may receive, hold and manage any gift, bequest or devise [sic] therefore. The city council of a city or the selectmen of a town may place in such library the books, reports and laws which may be received from the commonwealth.
That part of the records of a public library which reveals the identity and intellectual pursuits of a person using such library shall not be a public record as defined by clause Twenty-six of section seven of chapter four. Library authorities may disclose or exchange information relating to library users for the purposes of interlibrary cooperation and coordination, including but not limited to, the purposes of facilitating the sharing of resources among library jurisdictions as authorized by clause (1) of section nineteen E or enforcing the provisions of sections ninety-nine and one hundred of chapter two hundred and sixty-six.
2005-2006 ALA CD#19.3
2006 ALA Annual Conference
Resolution on the Retention of Library Usage Records
WHEREAS, | “Protecting user privacy and confidentiality is necessary for intellectual freedom and fundamental to the ethics and practice of librarianship” (ALA Policy Manual, 53.1.16; Privacy: An Interpretation of the Library Bill of Rights); and | ||
---|---|---|---|
WHEREAS, | Library usage records containing personally identifiable information (PII) are maintained for the sole purpose of effectively managing library resources; and | ||
WHEREAS, |
The confidentiality of library usage records is protected by law in all fifty states and in the District of Columbia, see http://www.ala.org/oif/stateprivacylaws; and |
||
WHEREAS,
|
“The government’s interest in library use represents a dangerous and fallacious equation of what a person reads with what that person believes or how that person is likely to behave” (ALA Policy Manual, 52.4.2; Confidentiality of Personally Identifiable Information About Library Users); and | ||
WHEREAS,
|
The American Library Association strongly recommends the adoption of policies recognizing “circulation records and other records identifying the names of library users with specific materials to be confidential” (ALA Policy Manual, 52.4; Confidentiality of Library Records); now, therefore, be it. |
RESOLVED, That the American Library Association urges all libraries to:
- Limit the degree to which personally identifiable information is collected, monitored, disclosed, and distributed; and
- Avoid creating unnecessary records; and
- Limit access to personally identifiable information to staff performing authorized functions; and
- Dispose of library usage records containing personally identifiable information unless they are needed for the efficient and lawful operation of the library, including, but not limited to data-related logs, digital records, vendor-collected data, and system backups; and
- Ensure that the library work with its organization’s information technology unit to ensure that library usage records processed or held by the IT unit are treated in accordance with library records policies; and
- Ensure that those records that must be retained are secure; and
- Avoid library practices and procedures that place personally identifiable information on public view; and
- Assure that vendor agreements guarantee library control of all data and records; and
- Conduct an annual privacy audit to ensure that information processing procedures meet privacy requirements by examining how information about library users and employees is collected, stored, shared, used, and destroyed; and, be it further.
RESOLVED, | That the American Library Association urges all libraries to adopt or update a privacy policy protecting users’ personally identifiable information, communicating to library users how their information is used, and explaining the limited circumstances under which personally identifiable information could be disclosed; and, be it further | ||
---|---|---|---|
RESOLVED, | That the American Library Association urges members of the library community to advocate that records retention laws and regulations limit retention of library usage records containing personally identifiable information to the time needed for efficient operation of the library. |
Adopted by the Council of the American Library Association
Wednesday, June 28, 2006
New Orleans, Louisiana;
Keith Michael Fiels
ALA Executive Director