Maintaining confidentiality


Published on

Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Maintaining confidentiality

  1. 1. Maintaining Confidentiality – It’s Everyone’s Business Eileen M. Palmer President, New Jersey Library Association Executive Director Libraries of Middlesex Automation Consortium May 2014
  2. 2. Privacy vs. Confidentiality • These words are often used interchangeably but mean different things • Privacy is about people – In a library, the right to privacy is the right to open inquiry without being examined or scrutinized by others. – But libraries are public places. We can and do try to protect the privacy of inquiry. But we also have people and (sometimes) cameras. We cannot protect against all observation.
  3. 3. Privacy vs. Confidentiality • Confidentiality is about data – Extension of privacy – Identifiable data – “Privacy” notices abound -- but they are really about confidentiality (or lack of it). (ex. doctors, grocery stores, credit card companies and, yes, libraries). • The law says library users have the legal protection of confidentiality regarding identifiable data about how they use the library.
  4. 4. How Private Should Patrons Expect the Library to be? • Physical – Public building where people tend to expect to be left alone • Virtual – Visitors may come and go with an expectation that no record exists of their visit • Do we have a responsibility to set expectations for our users – both physical and virtual?
  5. 5. Elements of a Patron Disclosure Policy • What you collect, why you collect it and how long you retain it. • What is protected by law. What rules the library must follow for disclosure. • When (and under what circumstances) you will disclose data and to whom you will disclose it. • How data is protected and secured. • 3rd party vendors.
  6. 6. Confidentiality Statutes • New Jersey Library Confidentiality Law – Library records which contain the names or other personally identifying details regarding the users of libraries are confidential and shall not be disclosed except in the following circumstances: • a. The records are necessary for the proper operation of the library; • b. Disclosure is requested by the user; or • c. Disclosure is required pursuant to a subpoena issued by a court or court order. • Delaware – exception to public records law – Any records of a public library which contain the identity of a user and the books, documents, films, recordings or other property of the library which a patron has used.
  7. 7. Confidentiality Statutes • Maryland (a) In general. -- Unless otherwise provided by law, a custodian shall deny inspection of a public record, as provided in this section. < … > (e) Circulation records, or other item, collection, or grouping of information about an individual. -- (1) Subject to the provisions of paragraph (2) of this subsection, a custodian shall prohibit inspection, use, or disclosure of a circulation record of a public library or other item, collection, or grouping of information about an individual that: (i) is maintained by a library; (ii) contains an individual's name or the identifying number, symbol, or other identifying particular assigned to the individual; and (iii) identifies the use a patron makes of that library's materials, services, or facilities. (2) A custodian shall permit inspection, use, or disclosure of a circulation record of a public library only in connection with the library's ordinary business and only for the purposes for which the record was created.
  8. 8. Issues • What’s a record? • When can we disclose confidential information? • Law enforcement • Public • Media • Vendors • What is our responsibility • Board • Director • Staff
  9. 9. Responsibilities • Get legal counsel • Put policy in place • Assure that procedures are in place and that training is provided for staff • BE CONSISTENT! Follow policy when/if the need arises • Compliance with the law is about more than what you do when the police knock at your door! • How often in the last year have you discussed with staff what it means to have access to confidential data?
  10. 10. Know what records you collect • Circulation • In-house use of materials • Computer workstations • Hold requests • ILL requests • Database logins • Website use
  11. 11. How do you safeguard data? • Protecting patron confidentiality is about more than knowing what to do when the police come to the door. • Do you treat confidential data as confidential? – If you don’t no one else will • Do you have an employee policy on handling confidential data? • Policies on backups, data handling and retention? • What about 3rd party vendors?
  12. 12. What information do you keep and how long do you keep it? • Integrated Library System – Log files – Access – Borrowing history • PC Reservation System • Calendaring / Program Registration System • Paper records (Reference, holds, meeting rooms, etc.) • Website • Privacy Audit
  13. 13. 3rd Party Vendors • Patron data in the cloud? • Vendors with access to patron data? – SIP connections? – Access • Overdrive, Freading/Freegal, EventKeeper, etc. with more to come. • Amazon / Kindle
  14. 14. Vendor Negotiations • Know what your vendor’s privacy policy is. • Insert language protecting your patrons’ confidentiality as much as possible. – Vendors willingness to include such language varies. – Making this issue part of your negotiation may result in contract language that is favorable. • Have your own data handling/confidentiality agreement that vendors must sign. • Make your patrons aware of when they are creating data with a third party vendor that you do not control
  15. 15. Elements of a Data Confidentiality Agreement • What data is to be covered • Prohibition on unauthorized use or disclosure • Adherence to industry standard safeguards • Return or destruction of data • Maintenance and/or security of data • Reports of unauthorized disclosure or misuse of data • Subcontractors or agents • Terms and Termination
  16. 16. What Happens When Someone Asks for Library Records ? • Is it a record? • Is the record protected? • Do you have a policy and procedures? • Who is asking? Does one of the exceptions apply? – Staff from other libraries (ILL, Consortia) – Law Enforcement – Media – Parents
  17. 17. How Do You Handle: • Access to children’s records – Parental signature ? • Picking up holds • Providing a mailing list to the Friends • Is my daughter at the library? • Request from Board Member or Municipal Official
  18. 18. Common Questions • My library destroys records, is that OK? • What if I see someone break the law? • Can I tell another staff member what his/her child has out. • What if I see someone do something illegal on the computer?
  19. 19. What Would You Do? What Would Your Staff Do? • Police have just arrested a juvenile in town. The only ID the kid has is a library card. The police call and ask you to look up who he is. Can you? • A reporter stops by on a Saturday afternoon and wants to interview someone who attended the library-sponsored lecture on protecting civil liberties. You have a list of attendees. Do you share? • The mayor calls and wants the library to prepare a set of mailing labels so he can send his newsletter to library users (he was responsible for the new library after all!). Should you?
  20. 20. Sample Policies • San Francisco Public Library Privacy Policy – • ALA Privacy Resources – nfidentiality • Princeton Public Library Privacy Policy – • Overdrive Privacy Policy – • NC State University Policy for Staff –
  21. 21. Resources • Privacy and Confidentiality Issues: A Guide for Libraries and Their Lawyers, ALA 2009 • NJLA – records-and-e-content – – – confidentiality-library-records • NJSL Library Laws –
  22. 22. Questions?