JCL Social Media

JCL on Facebook JCL Flickr Page JCL Delicious Links JCL BlogWorld
Privacy Policy Print

PUBLIC SERVICES POLICY
PUB 06-04 Adopted: September 19, 2006 PRIVACY POLICY

I. Introduction

The Jefferson County Library (JCL) defines the right to privacy in the library as the right of individuals to lawfully use the library’s resources to pursue their inquiries without having the subject of their interest examined or scrutinized by others. Confidentiality exists when the library obtains personally identifiable information about users that is necessary for the operation of the library, and undertakes to keep that information private on their behalf.

The courts have upheld the right to privacy based on the Bill of Rights of the United States Constitution. Many states, including Missouri, provide guarantees of privacy in their constitutions and statutes.

Missouri Revised Statutes 1994 defines the responsibility of the library in safeguarding personally identifiable information:182.817. Disclosure of library records not required — exceptions. — Notwithstanding the provisions of any other law to the contrary, no library or employee or agent of a library shall be required to release or disclose a library record or portion of a library record to any person or persons except:

(1) In response to a written request of the person identified in that record, according to procedures and forms giving written consent as determined by the library; or

(2) In response to an order issued by a court of competent jurisdiction upon a finding that the disclosure of such record is necessary to protect the public safety or to prosecute a crime.

Numerous decisions in case law have defined and extended rights to privacy. The Jefferson County Library privacy policy and procedures are in compliance with applicable federal, state and local laws.

User rights --- and the library’s responsibilities --- as outlined here are based in part on five principles of fair information practice: the rights of Notice, Choice, Access, Security and Enforcement.

Jefferson County Library’s commitment to the privacy and confidentiality of our users also is rooted in the ethics and practices of librarianship. In accordance with the American Library Association’s Code of Ethics:

”We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.“

II. Jefferson County Library’s Commitment to Our Users Rights

1. Notice and Openness

Library users have the right of ”notice“ --- the right to be informed about policies governing the kind of information the library collects, why the information is necessary to provide library services, how long the library retains the information, and how the library disposes of it.

Such policies are freely available to all library users. Changes or revisions in policies are also available. JCL’s privacy policy is posted on the library website, and hard copies are available free of charge (one copy per person) upon request at the Reference Desk.

In all cases it is the practice of the Jefferson County Library to avoid creating unnecessary records of personally identifiable information, to retain such necessary records only as long as they are needed for the operation of the library, and to avoid engaging in practices that might place such information on public view.
Information the library may gather and retain is limited to current and valid library users. Such records include :

  • Borrower Registration Information
  • Circulation Information
  • Electronic Access Information
  • Information Required to Provide Library Services, such as Interlibrary Loan, Books on the Run Service, Program Registrations

2. Choice and Consent

Other than the personal information necessary to maintain a library account, the library will not collect or retain your personally identifiable information without your consent. If you consent to give the library your information, the library will keep it confidential and will not sell, license or disclose personal information to any third party without your consent, unless the library is compelled to do so under the law or to comply with a court order.

If you wish to receive borrowing privileges, the library must obtain certain information about you in order to provide you with a library account. When visiting the library web site or using our electronic services, you may choose to provide your library card barcode and personal PIN to access certain services.

You have the option of providing the library with your e-mail address for the purpose of notifying you about your library account. You may request that the library remove your e-mail address from your account at any time.

The library never uses or shares the personally identifiable information provided to the library in ways unrelated to the ones described above without also providing you an opportunity to opt out or prohibit such uses, unless the library is compelled to do so under the law or to comply with a court order.

3. Access by Users

Individuals are entitled to view the personal information in their library accounts online. Updates may be done in person at the library. You will be asked to provide some type of photo identification (such as a driver’s license) to verify your identity. Updates may be submitted online and are subject to verification. The purpose of updating the personally identifiable information in your account is to ensure that the library can function properly. Such functions may include notifications of overdue items, holds, reminders, and other announcements. The library will explain the process of accessing or updating your information so that all personally identifiable information is accurate and up to date.

4. Data Integrity and Security

Data Integrity: The information the library collects and maintains must be accurate and secure. JCL shall take reasonable steps to ensure data integrity, including: using only reputable sources of data; providing users access to their own data; updating data whenever possible; utilizing software authentication systems that authorize use without linking it to personally identifiable information; destroying untimely data or converting it to anonymous form.

Data Retention: The library protects personally identifiable information from unauthorized disclosure once it is no longer needed to manage library services. All electronic circulation records are purged from the server after 60 days. Hard copy circulation records (for example, interlibrary loan records) are shredded after materials are returned and/or fines or fees paid in full. Program registration logs are shredded at the conclusion of the program. If the library sets up mailing lists to notify patrons of future programs or events, patrons will have the option to sign up separately for such mailing lists, and lists will be deleted or shredded when they have been inactive for six months.

Tracking Users: JCL does not ask library visitors or web site visitors to identify themselves or reveal any personal information unless they are borrowing materials, using public access computers, requesting special services, registering for classes or programs, or making remote use from outside the library of those portions of the library’s website restricted to registered borrowers under license agreements or other special arrangements.

Third Party Security: The library ensures that all of JCL’s contracts, licenses, and offsite computer service arrangements reflect library policies and legal obligations concerning user privacy and confidentiality. Should a third party vendor require access to JCL users’ personally identifiable information, the library’s agreements with the vendor shall address appropriate restrictions on the use, aggregation, dissemination and sale of that information, particularly information about minors including obtaining the necessary consent of JCL users.

In circumstances where there is a risk that personally identifiable information may be disclosed, it is the library’s obligation to warn users. When connecting to licensed databases outside the library, the library releases only information that authenticates users as ”members of our community.“ Nevertheless, the library advises users of the limits to library privacy protection once they leave the library web site to access remote sites not under the library’s control.

Security Measures: The library has security measures in place to protect personally identifiable information while it is in the library’s custody, and to ensure that aggregate, summary data is stripped of personal identifiers. Library security measures include both management and technical policies and procedures to protect against loss and the unauthorized access, destruction, use or disclosure of data. Only library employees who need access to data to carry out their library functions are authorized to access that data, and only for library purposes.

5. Enforcement and Redress

The library may conduct privacy audits to ensure that all library programs, services and employees are in compliance with this policy. Library users who have questions, complaints, or concerns about the way the library handles their privacy and confidentiality rights should send their comments in writing to the Library Director. The Director will respond in a timely manner and may conduct a privacy investigation or review of policy and procedures.

III. Requests for Disclosure of Library Records

1. Definition of Library Records

For the purpose of this document, a library record is any document, record or other method of storing information retained, received, or generated by the library that identifies a person or persons as having requested, used, or borrowed library materials, and all other records identifying the names of library users. Library records include records that identify users of electronic resources such as subscription databases, computer software, and web sites accessed through the Internet. Library records also include registrations for library-sponsored programs and events.

2. Requests from Library Users

Library staff shall comply with requests by a library user for any library record that identifies that user and library staff may require such request be in writing. Library staff may require photo or other identification to verify the identity of the person making the request, before releasing the information.

The parent or legal guardian of a minor may request library records that identify the minor. Library staff may require photo or other identification to verify the identity of the person making the request, and/or legal proof of guardianship, before releasing the information.

Library staff will not release any personally identifiable information contained in any library record to any other party without the express written consent of the person identified in the library record, or the express written consent of the parent or legal guardian of the minor identified in the library record.

3. Requests from Law Enforcement Officers

The Board of Trustees of the Jefferson County Library authorizes the Library Director to receive all requests for library records from law enforcement officers. The Director will confer with the library’s legal counsel before determining the proper response to such a request. The Jefferson County Library shall not make any library record available to any agency of federal, state or local government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction that shows good cause and is in proper form.

In an instance of exigent threat, when the law enforcement officer has reasonable cause to believe that there is immediate danger of death, bodily harm, extensive property damage and/or public alarm and panic, the Board of Trustees authorizes the Library Director, upon advice of the library’s legal counsel, to waive the requirement for a subpoena, warrant, court order or other investigatory document, and respond immediately to the officer’s request, on the understanding that the appropriate documents subsequently will be provided by the officer.

No library employee except the Library Director is authorized to give out personally identifiable information from any patron record to any law enforcement officer. All such requests for information must be referred to the Library Director. It is lawful to refer an officer or agent to the Director even if the Director is not immediately available.

The passage of the USA Patriot Act has changed the ways in which the library responds to requests for information in some instances. Federal laws supersede state and local laws, and there are differences in what is required based on the kind of order involved and the issuing authority.

Library employees shall follow these procedures:

  • A local, state or federal officer or agent who requests information should be referred to the Library Director. It is lawful to refer the officer or agent to the Director even if the Director is not immediately available.
  • Any local, state or federal officer or agent who presents a subpoena should be referred to the Library Director. It is lawful to refer the officer or agent to the Director even if the Director is not immediately available.
  • If a local, state or federal agent presents a search warrant, library employees are required to stand back and allow the officer or agent to execute the warrant. Library employees should not interfere with their search or seizure. However, library employees should ask for a copy of the search warrant and contact the Library Director immediately.
  • At the request of any local, state or federal agent, the library shall preserve computer terminal logs or records for 90 days pending the issuance of a court order or other process. Any local, state or federal agent may request, and the library shall grant, up to an additional 90 days for a total time period of maintenance of the records of 180 days.
  • If a federal officer or agent (such as the FBI) arrives with a subpoena, warrant or court order issued pursuant to an investigation under the USA Patriot Act, library employees should contact the Library Director immediately. Also be aware that the USA Patriot Act includes a gag order that prohibits library employees from sharing any information about the visit, the order or the information obtained under the order, with any one other than their supervisor and the library’s legal counsel.