maintaining confidentiality

Download Maintaining confidentiality

Post on 14-Jun-2015




0 download

Embed Size (px)


  • 1. Maintaining Confidentiality Its Everyones Business Eileen M. Palmer President, New Jersey Library Association Executive Director Libraries of Middlesex Automation Consortium May 2014

2. Privacy vs. Confidentiality These words are often used interchangeably but mean different things Privacy is about people In a library, the right to privacy is the right to open inquiry without being examined or scrutinized by others. But libraries are public places. We can and do try to protect the privacy of inquiry. But we also have people and (sometimes) cameras. We cannot protect against all observation. 3. Privacy vs. Confidentiality Confidentiality is about data Extension of privacy Identifiable data Privacy notices abound -- but they are really about confidentiality (or lack of it). (ex. doctors, grocery stores, credit card companies and, yes, libraries). The law says library users have the legal protection of confidentiality regarding identifiable data about how they use the library. 4. How Private Should Patrons Expect the Library to be? Physical Public building where people tend to expect to be left alone Virtual Visitors may come and go with an expectation that no record exists of their visit Do we have a responsibility to set expectations for our users both physical and virtual? 5. Elements of a Patron Disclosure Policy What you collect, why you collect it and how long you retain it. What is protected by law. What rules the library must follow for disclosure. When (and under what circumstances) you will disclose data and to whom you will disclose it. How data is protected and secured. 3rd party vendors. 6. Confidentiality Statutes New Jersey Library Confidentiality Law Library records which contain the names or other personally identifying details regarding the users of libraries are confidential and shall not be disclosed except in the following circumstances: a. The records are necessary for the proper operation of the library; b. Disclosure is requested by the user; or c. Disclosure is required pursuant to a subpoena issued by a court or court order. Delaware exception to public records law Any records of a public library which contain the identity of a user and the books, documents, films, recordings or other property of the library which a patron has used. 7. Confidentiality Statutes Maryland (a) In general. -- Unless otherwise provided by law, a custodian shall deny inspection of a public record, as provided in this section. < > (e) Circulation records, or other item, collection, or grouping of information about an individual. -- (1) Subject to the provisions of paragraph (2) of this subsection, a custodian shall prohibit inspection, use, or disclosure of a circulation record of a public library or other item, collection, or grouping of information about an individual that: (i) is maintained by a library; (ii) contains an individual's name or the identifying number, symbol, or other identifying particular assigned to the individual; and (iii) identifies the use a patron makes of that library's materials, services, or facilities. (2) A custodian shall permit inspection, use, or disclosure of a circulation record of a public library only in connection with the library's ordinary business and only for the purposes for which the record was created. 8. Issues Whats a record? When can we disclose confidential information? Law enforcement Public Media Vendors What is our responsibility Board Director Staff 9. Responsibilities Get legal counsel Put policy in place Assure that procedures are in place and that training is provided for staff BE CONSISTENT! Follow policy when/if the need arises Compliance with the law is about more than what you do when the police knock at your door! How often in the last year have you discussed with staff what it means to have access to confidential data? 10. Know what records you collect Circulation In-house use of materials Computer workstations Hold requests ILL requests Database logins Website use 11. How do you safeguard data? Protecting patron confidentiality is about more than knowing what to do when the police come to the door. Do you treat confidential data as confidential? If you dont no one else will Do you have an employee policy on handling confidential data? Policies on backups, data handling and retention? What about 3rd party vendors? 12. What information do you keep and how long do you keep it? Integrated Library System Log files Access Borrowing history PC Reservation System Calendaring / Program Registration System Paper records (Reference, holds, meeting rooms, etc.) Website Privacy Audit 13. 3rd Party Vendors Patron data in the cloud? Vendors with access to patron data? SIP connections? Access Overdrive, Freading/Freegal, EventKeeper, etc. with more to come. Amazon / Kindle 14. Vendor Negotiations Know what your vendors privacy policy is. Insert language protecting your patrons confidentiality as much as possible. Vendors willingness to include such language varies. Making this issue part of your negotiation may result in contract language that is favorable. Have your own data handling/confidentiality agreement that vendors must sign. Make your patrons aware of when they are creating data with a third party vendor that you do not control 15. Elements of a Data Confidentiality Agreement What data is to be covered Prohibition on unauthorized use or disclosure Adherence to industry standard safeguards Return or destruction of data Maintenance and/or security of data Reports of unauthorized disclosure or misuse of data Subcontractors or agents Terms and Termination 16. What Happens When Someone Asks for Library Records ? Is it a record? Is the record protected? Do you have a policy and procedures? Who is asking? Does one of the exceptions apply? Staff from other libraries (ILL, Consortia) Law Enforcement Media Parents 17. How Do You Handle: Access to childrens records Parental signature ? Picking up holds Providing a mailing list to the Friends Is my daughter at the library? Request from Board Member or Municipal Official 18. Common Questions My library destroys records, is that OK? What if I see someone break the law? Can I tell another staff member what his/her child has out. What if I see someone do something illegal on the computer? 19. What Would You Do? What Would Your Staff Do? Police have just arrested a juvenile in town. The only ID the kid has is a library card. The police call and ask you to look up who he is. Can you? A reporter stops by on a Saturday afternoon and wants to interview someone who attended the library-sponsored lecture on protecting civil liberties. You have a list of attendees. Do you share? The mayor calls and wants the library to prepare a set of mailing labels so he can send his newsletter to library users (he was responsible for the new library after all!). Should you? 20. Sample Policies San Francisco Public Library Privacy Policy ALA Privacy Resources nfidentiality Princeton Public Library Privacy Policy Overdrive Privacy Policy NC State University Policy for Staff 21. Resources Privacy and Confidentiality Issues: A Guide for Libraries and Their Lawyers, ALA 2009 NJLA records-and-e-content confidentiality-library-records NJSL Library Laws 22. Questions?


View more >