The Path to a Creating a New Privacy Policy: NYPL’s story

Choose Privacy Week, Policies, Privacy

By William Marden
Director of Privacy and Compliance, New York Public Library

Every library has (or should have) one but, ironically, it is probably the least-read document in any library’s collections. I am referring to library privacy policies, which have become increasingly important in an era when the broad gathering of information and data is exponentially increasing.

The New York Public Library (NYPL) has aimed to change that in making its new privacy policy—publicly released in November 2016—more visible and inviting to read. When I became NYPL’s first full-time director of privacy and compliance just a year earlier, it was my goal to create and completely revise this document through a thorough and tightly-scheduled effort.

We began with what we already had. In its 120-year history, NYPL has evolved and its various data-collection practices, while retaining older methods such as the traditional paper call-slips used in our Research Division libraries. In the normal course of its operations, NYPL patrons check out almost 24 million books and other materials per year, access nearly 1,000 online databases spanning the globe, and take advantage of classes and programs for both adults and children in America’s largest city.

NYPL’s Board of Trustees, which has a committee devoted to reviewing the Library’s policies and programs, has consistently expressed the need for the Library’s management and staff to:

  • know what information and data we were collecting from patrons;
  • know what we were doing with that information once collected (including who could access it and where);
  • articulate how patrons can opt-in and opt-out of the data they provide in the course of using the Library; and
  • determine how we respond to legal requests for information (such as subpoenas, warrants, etc.).


Answering these questions was a whole-scale effort that involved speaking with every department in the Library to better understand the reasons for collecting the data; where it was kept and for how long; if and when it was shared (and with whom); and finally how the data was disposed of when no longer needed. These became the key elements of determining NYPL’s current state and how to move forward.

Other institutions

Just as importantly, we talked to ALA and colleagues in other libraries to learn how they had developed, or recommended developing, a privacy policy. The ALA has long been a bedrock of advocacy for library patron privacy and user rights and, for our purposes, it provided some of the most valuable tools, including the Intellectual Freedom Committee’s privacy guidelines and its Privacy Toolkit. Those guidelines outline five “Standard Privacy Principles” which we used as a core:

  • There must be no personal data record-keeping systems whose very existence is secret.
  • There must be a way for a person to find out what information about the person is in a record and how it is used.
  • There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person’s consent.
  • There must be a way for a person to correct or amend a record of identifiable information about the person.
  • Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.

In short, these can be defined as the rights of ‘Notice’, ‘Choice’, ‘Access’, ‘Security’, and ‘Enforcement’, and were at the heart of both our internal discussions as well as the drafting of our new privacy policy.

Internal discussions

During the spring and summer of 2016, we held discussions with management throughout NYPL, ensuring that representatives from Library Services, Research, Digital, Legal, Marketing/Communications, IT, Facilities and Security had regular input. Each of these groups had a stake in our privacy policy to the extent that they are engaged in at least some part of the data lifecycle (i.e., its collection, storage, use, transmission, etc.). Additionally, we worked with a subgroup of our Board of Trustees who reviewed the early stages of the drafts and gave their valuable input.

At the center of this process was NYPL’s Legal Department, in particular our Associate General Counsel, who wrote each draft as well as the final document, and NYPL’s General Counsel who was a key player in the shepherding of the new Policy from inception through completion.

After four months of solid drafting, the new policy was approved by NYPL’s Board of Trustees’ Program and Policy (P&P) Committee at its September 2016 meeting. The discussion centered around such topics as how long we retain data (minimally), how we respond to subpoenas and warrants, how to further strengthen public awareness and education about our practices, and about how patrons can opt in and opt out of information gathering.


With official approval of the policy now complete, we had the further work of ensuring that it was adequately rolled out and publicized, both internally and externally. To that end, I worked with our Human Resources department to create a short, five-minute online training video that we required all NYPL employees to view. In the video, our General Counsel and I explained what changes were represented in the new policy as well as how to answer potential questions from patrons. This was all accomplished in the three weeks before our official “go live” date.

On the morning of November 30, 2016, we launched three simultaneous events to ensure the new policy received maximum attention:

  • The new policy was uploaded to the same location as the previous policy (via a link from our home page), and labeled with a “Last updated” date of Nov. 30, 2016
  • Visitors to our website ( saw a large, yellow banner announcing the new policy at the top of all our web pages. The banner ran for two weeks.
  • Our marketing and advertising department sent a single e-mail announcing the new policy to over 1 million patrons, donors and those who had signed up for library events. The e-mail provided a link that gave further information about the reasons for the policy revision and what key elements to look for.

Shortly after the rollout, we used a professional translating service to create versions of the full privacy policy in Spanish, Chinese and Russian (the three most common, non-English languages spoken among New York City residents). These non-English language versions are prominently linked to from the main English-language privacy policy page on NYPL’s website.

Come visit NYPL’s new privacy policy today at:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.