Policy on Privacy and Confidentiality

Policy on Privacy and Confidentiality

Policy Statement
The District of Columbia Public Library protects the privacy and confidentiality of all library users, no matter their age.
 
Legal basis for policy:  The policy is based on D.C. Official Code Sec 39-108 (2001 Ed.) Confidentiality of Circulation Records.

The library’s commitment to users’ privacy and confidentiality has deep roots not only in the law but also in the ethics and practice of librarianship.  In accordance with the American Library Association’s Code of Ethics: “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.”

This privacy statement explains the users’ privacy and confidentiality rights and responsibilities, the steps the library takes to respect and protect a user’s privacy when using library resources, and how the library deals with personally identifiable information collected from library users.  

Privacy and Confidentiality Practices
The library avoids creating unnecessary records, avoids retaining records not needed for library business purposes, and does not engage in practices that might place personally identifiable information on public view.

Information the library may gather and retain about current library users includes the following:
  • Information required to register for a library card (e.g. name, address, telephone number, e-mail address, birth date)
  • Records of material checked out, charges owed, payments made
  • Requests for interlibrary loan or reference service
  • Sign-up information for library classes and programs

Consent
The library will not collect or retain a library user’s private and personally identifiable information without the user’s consent. 

The library will keep the information confidential and will not sell, license or disclose personal information to any third party working under contract to the library, unless the library is required by law to do so.  

Data Integrity and Security
The library takes reasonable steps to assure data integrity.

The library has invested in appropriate technology to protect the security of personally identifiable information while it is in the library’s custody.

The library assures that aggregate, summary data is stripped of personally identifiable information.

The library regularly removes cookies, Web browsing history, cached files, or other computer and Internet use records and other software code that is placed on the library’s computers or networks.

Staff Access to Personal Data
Library staff may access personal data stored in the library’s computer system only for the purpose of performing their assigned library duties. Staff will not disclose any personal data collected from a user to any other party except where required by law. The library does not sell, lease or give users’ personal information to companies, governmental agencies, or individuals except as required by law or with the user’s authorization.

Third Party Security
The library ensures that its contracts, licenses, and off-site computer service arrangements reflect its policies and legal obligation concerning user privacy and confidentiality. When connecting users to licensed databases and other electronic resources outside the library, the library releases only information that authenticates the user as a library card holder of the District of Columbia Public Library.  Nevertheless, users must be aware, when accessing remote sites, that there are limits to the privacy protection the library can provide.

Some library users may choose to use electronic communication services from the library (hold and overdue notices, program and class announcements) via e-mail. These users must also be aware that the library has limited ability to protect the privacy of this information once it is outside the library’s control.

The library also offers a wireless network that allows users to connect to the Internet.  Users should be aware that data accessed and sent over the library’s wireless network is not encrypted.

Parents and Children
The library respects the privacy and confidentiality of all library users, no matter their age. Parents or guardians of a child under the age of 18 may obtain access to their child’s library records only if they provide the child’s library card or card number.  

Illegal Activity Prohibited and Not Protected
Users may conduct only legal activity while using library resources and services. Nothing in this statement prevents the library from exercising its right to enforce Rules of Conduct, protect its facilities, networks and equipment from harm, or prevent the use of library facilities and equipment for illegal purposes. The library can electronically monitor public access computers and external access to its networks and reserves the right to do so when a violation of law or library policy is suspected.

Redress
Any library user with a question, concern, or complaint about the library’s handling of privacy and confidentiality rights and practices, may file written comments with the Chief Librarian. The library will respond in a timely manner and may conduct a privacy investigation or review of practices and procedures.

Law Enforcement Requests
The Chief Librarian is custodian of library records and is the only party authorized to receive or comply with public records requests or inquiries from law enforcement officers. The Chief Librarian may delegate this authority to designated members(s) of the library’s management. The Chief Librarian has the right to confer with the Office of the Attorney General before determining the proper response to any request for records. The library will not make library records available to any agency of state, federal or District government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction, showing good cause and in proper form. The library staff will refer any law enforcement inquiries to the Office of the Chief Librarian or her designee.  

How the Library Uses Data It Collects
When library users visit the Web site, the library collects and stores only information to measure the number of visitors to different areas of the site to guide in making the site more useful. The information collected includes: 
  • The IP address of the user’s computer or Internet provider
  • The date and time of access
  • The pages accessed and how the user navigated the site
  • The Internet address of the Web site that referred the user to the library’s site
  • A record of all searches of the library catalog
Web site data is separate from individual library account information. The library cannot look up patron records to determine what areas of the Web site were visited. The data collected is not connected to any personally identifiable information.

The library may use card holders’ postal addresses or e-mail addresses to inform the community of services and programs.

E-mail to the Library
Online suggestions and other general email to the library that do not apply to borrowing or intellectual pursuits may be considered public records.

Policy on Privacy and Confidentiality – Approved
Board of Library Trustees
May 28, 2008