By Nancy Kranich
Rutgers University School of Communication and Information

Each time I teach Intellectual Freedom online at Rutgers, I ask my students to review the privacy policies of their public or academic libraries. Once they locate these policies, which are not always easy to find, they are asked to compare them to the ALA Model Privacy Policy. Most of what the students find are confidentiality and not privacy policies, drafted to conform with state library confidentiality statutes initially passed in the 1980s and 1990s. My own random sample reinforced the students’ findings at a rate of 5 to 1.

What is the difference between a privacy and confidentiality policy? A privacy policy informs users how the library intends to collect, store, manage, share and secure their personal information. It is based on Fair Information Practice Principles (FIPPs)—the backbone of privacy law in the U.S.–and includes five sections: Notice, Choice, Access, Security, and Enforcement. In contrast, a confidentiality policy discloses how personal information is kept secret. Privacy concerns people; confidentiality concerns data and how an organization will secure it. A well-defined privacy policy communicates a library’s commitment to protecting users’ personally identifiable information (PII), telling users how their information is utilized and explaining the circumstances under which it might be disclosed. According to ALA’s Principles for the Networked World (2003), “The long-established principles of Fair Information Practices that underlie U.S. and many other national privacy laws must be at the core of privacy policies in the networked world.”

Creating a Library Privacy Policy

In 2010, the Rutgers University Libraries developed their privacy policy—a long overdue revision to its confidentiality statement adopted after the FBI visited libraries in the 1980s and the state passed a library records confidentiality law. We formed a task force with key representatives from across the organization, including the ILS administrator, the database licensing coordinator, the circulation/access manager, the University Archivist, a reference librarian, a branch librarian, and an administrator.  As the chair, I began our initiative by sharing a copy of the ALA Model Privacy Policy.  Over the next year, the group carefully considered each section, reviewing how the library’s policies and practices matched up with the model. We then modified each part to reflect our findings.

Although our integrated library system conformed to our privacy expectations, we grappled with other electronic issues, particularly 3^rd party agreements and the proxy server that linked users to licensed databases. The more we delved into individual licenses, the more we became aware of their limitations.  We discovered how reliant we are on vendors’ own privacy protection policies once our users pass through our proxy server.  Although user authentication includes no PII passed onto 3^rd party vendors, we discovered that our proxy server software does collect IP addresses that a vendor could request when one of our users exhibits questionable behavior. We also found our electronic reference chat system vulnerable to privacy breaches as were our interlibrary loan and copy/scanning transactions.  Paper record keeping systems also raised privacy and security concerns, especially those maintained by special collections that are retained indefinitely along with those used for off-site storage and intra-campus delivery services.

Our privacy policy drafting process took close to a year.  Once complete, we shared the draft with librarians and other staff members, using a forum to educate our colleagues about privacy concerns while eliciting comments about our document. Next, we conducted a privacy audit to ensure our practices conformed to our policy. We uncovered many practices that benefitted from scrutiny ranging from fundraising correspondence to public programming attendance forms, and from student payroll processing to public computer wait lists.  Our recommendations about improvements were submitted to an administrator who has assumed the role of Library Privacy Officer as recommended in the ALA Privacy Toolkit. This person now oversees library privacy practices and maintains the Library’s record retention schedule that describes records maintained, the length of retention, and a schedule for their destruction.

Protecting the Privacy of Minors and Students—Special Considerations

ALA’s Privacy Toolkit offers helpful guidance beyond how to draft a privacy policy and conduct a privacy audit.  Of particular interest is the Q&A that offers good questions to ask and sample policies. Also essential is the section that highlights the responsibility of school and youth librarians to protect the privacy of minors in conjunction with parents.  Another important consideration for these librarians is the education of children, parents, students, teachers, and school officials about privacy in general, and more specifically about the Children’s Online Privacy Protection Act (COPPA)—a law revised in 2013 requiring commercial Web sites and online services to receive parental permission before they collect information from children under 13. Furthermore, school as well as academic librarians also need to become aware of requirements of the Family Educational Rights and Privacy Act (FERPA), which ensures privacy protection of students’ educational records.

Updating Existing Privacy Policies

Once a library privacy task force completes its work, revisions and reviews are necessary as staff and processes change and best practices evolve. The ALA Intellectual Freedom Committee has recently approved several additional privacy guidelines for consideration. These include:

• Library Privacy Guidelines for E-book Lending and Digital Content Vendors
• Library Privacy Guidelines for Data Exchange Between Networked Devices and Services
• Library Privacy Guidelines for Public Access Computers and Networks
• Library Privacy Guidelines for Library Websites, OPACs, and Discovery Services
• Library Privacy Guidelines for Library Management Systems
• Library Privacy Guidelines for Students in K-12 School

These new guidelines offer a perfect opportunity for libraries to revisit their existing privacy and confidentiality policies and practices and update them to follow FIPPS principles, as well as incorporate the latest guidance that reflects ever-changing best practices. Finally, when a library reviews its privacy policies and practices, it should use the occasion not only as a “teachable moment” to update staff as well as users about revisions, but also as a way to help users understand how to protect themselves in the digital age.