Patron Privacy and the Confidentiality of Patron Records: What Happens at the Library Stays at the Library

Kevin.Tomlinson's picture

Privacy   |   noun   |   pri·va·cy  
|   \ˈprī-və-sē, especially British  ‘pri-\

Definition of PRIVACY

plural privacies

1          a: the quality or state of being apart from company or observation; seclusion

b: freedom from unauthorized intrusion; one’s right to privacy

2          archaic: a place of seclusion

 

Most states have laws intended to govern and protect library patron privacy.  More than 150 national constitutions mention the right to privacy, which is essential to the exercise of free speech, free thought, and free association.  The United Nations declares intellectual freedom to be a basic human right in Article 19 of its Universal Declaration of Human Rights.

The American Library Association affirms that rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship.  ALA defines intellectual freedom as "the right of every individual both to seek redress and to receive information from all points of view without restriction.  It provides for free access to all expressions of ideas through which any and all sides of a question, cause, or movement may be explored."

ALA's Library Bill of Rights is a statement of the rights of library users to intellectual freedom and the responsibility of libraries to support those rights.  This document "serves as the library profession's interpretation of how the First Amendment to the U.S. Constitution applies to libraries."  Article II of the Library Bill of Rights speaks more specifically to the responsibility of libraries and librarians to provide access to information of all types; Article III, to the responsibility of libraries to challenge attempts at censorship when and where they exist.

In Idaho, certain public records are exempt from disclosure, including what materials library patrons have borrowed, requested, or used:

Idaho Code § 74-108(3)  The records of a library which, when examined alone, or when examined with other public records, would reveal the identity of the library patron checking out, requesting, or using an item from a library.

In addition, public libraries in Idaho are prohibited from distributing or selling mailing or telephone number lists without first securing the permission of those on the list:

I.C. §§ 74-120(1)(a)  No agency or independent public body corporate and politic may distribute or sell for use as a mailing list or a telephone number list any list of persons without first securing the permission of those on the list; and

(b) No list of persons prepared by the agency or independent public body corporate and politic may be used as a mailing list or a telephone number list except by the agency or independent public body corporate and politic or another agency without first securing the permission of those on the list.

Patron records contain a variety of confidential information, including date of birth, driver's license number, address, telephone number, e-mail address, miscellaneous notes, and what each patron currently has checked out and on hold.  For this reason, libraries need to determine who may access those records:  circulation staff, tech services staff, interns, and possibly volunteers.  In order to ensure patron privacy, the authorization to display and edit patron records is limited by passwords and by levels of access that correspond to the job duties of each of these groups.  Authorizations should be reviewed periodically and should be deleted when individuals separate from employment with the library.

In order to ensure patron privacy, most ILS software tracks each item currently checked out to a patron and automatically erases items from that patron's borrowing record as they are returned.  The exception is the "last patron" field, which tells who last checked an item out.  Once that item has been checked out to a subsequent patron, it will be erased from the previous patron's borrowing record as well as from the item record.  Libraries typically use the "last patron" field so that they can contact patrons who have returned materials that are damaged or incomplete, e.g., the obedience training book that came back full of tooth marks or the multi-disc recorded book that is missing the last disc because the patron forgot to remove it from the player.  For items that do not circulate frequently, the patron's name may remain linked to the item record for some time.  In this case, the patron's name should be manually deleted from the item record and the item should be considered for weeding.

ILS software also creates logs of various circulation activities.  For example, most ILS software maintains a circulation override file that records when a library staff member allows a patron to check out an item that is marked "reference" or "library use only" or has reached its maximum number of renewals.  Even after the item is returned to the library, the patron and item information are stored in the override file.  There may also be a fine transaction log that contains the item's title, the patron's name, and the
amount of the fine.  Once the fine has been paid, the information in the fine transaction log may not be erased automatically.  In the interest of patron privacy, libraries should consider developing a schedule for reviewing and purging these files.

Every library has patrons who like the Reading History feature of the library's ILS.  This is especially useful for patrons who read a lot and don't remember if they have already read a particular title.  Those with less-than-perfect memories like this feature as well.  Library staff may or may not be able to view this Reading History, depending on the ILS product the library has purchased.  Patrons may decide whether or not to take advantage of the Reading History service.  Choosing to participate in Reading History is voluntary and constitutes the patron's consent to the storage of information about items he or she checks out.  This information is subject to the judicial process, e.g., the USA PATRIOT Act.  Once this feature is activated, the ILS will maintain information on items the patron checks out even after they have been returned, unless the patron deletes the item from his or her Reading History list.  Once deleted, that information will no longer be available.  Patrons may cancel their participation in the library's Reading History service at any time.  Once the patron has discontinued the service, information about his or her previous Reading History will no longer be available.  In the interest of patron privacy, this feature should only be activated at the request of the patron; the default setting for this feature should be Off.

An ILS may offer patrons the chance to request that the library purchase a particular item by filling out and submitting a Web form.  This type of form may require the requester to fill in his or her name, contact information, and library card number in addition to the title and author of the requested item.  Once this request has been granted or denied by library staff, these request files might not be deleted automatically by the ILS software.  In this case, the library's staff will need to remember to delete the request files manually.  When uncertain how to delete information from these logs, the ILS vendor can explain the procedure.

Many Web OPACs can store search histories.  The browser memory cache and history on public computers may also contain patrons' search information.  Does your staff know how to clear this information?  If your library uses a product such as Deep Freeze or configures browsers to clear their cache and history at the end of each session to protect its public computers, then patrons' search histories will be wiped when the computer is restarted.  Your IT provider can tell you more about the benefits of this type of software or how to configure to clear data at the end of each session.

Libraries can add an extra measure of patron privacy by setting DuckDuckGo as the default Internet search engine on public computers.  DuckDuckGo emphasizes protecting searchers' privacy and avoiding the filter bubble of personalized search results.  Unlike other search engines, which profile users, DuckDuckGo attempts to show all users the same search results for a given search term.

Library records are fundamentally different from ordinary business records and must be protected in order to defend free speech and protect patron privacy.  ALA urges all libraries to adopt and implement patron privacy and record retention policies that affirm that "the collection of personally identifiable information should only be a matter of routine or policy when necessary for the fulfillment of the mission of the library."  For this reason, libraries should not collect patron information that they do not need, e.g., Social Security Numbers.

Every library should have a policy on the confidentiality of patron records.  It doesn't need to be long or involved, but should

  • address the confidentiality of circulation and patron records,
  • refer to ALA's Code of Ethics,
  • explain what library staff should do upon receipt of a request for release of library records, and
  • emphasize the fact that, upon receipt of a request for release of library records, library administration will consult with the library's legal counsel before acting upon the request.

A good example of a policy on confidentiality of library records is the one adopted by the board of the Hancock County Library, in Greenfield, Indiana.  Another good, but much more comprehensive, policy is the one adopted by the Multnomah County Library, which serves Portland and Multnomah County, Oregon.

And please remember:  The Idaho Commission for Libraries does not give legal advice, so don't forget to have your library's attorney check policies before they are approved by the board.  There may be language that needs to be added, altered, or deleted for legal reasons.

With good policies in place and periodic training for library staff on customer service, patron privacy, and confidentiality of library records, the library's staff and trustees can help ensure that — when appropriate — what happens at the library stays at the library.