Policy UL-AD08 Confidentiality and Privacy of Patron Library Records

Main Policy Content


  • Purpose
  • Introduction
  • University Libraries’ Policies
    • Library Records
    • E-Mail and Internet
  • Applicability and Guidelines
  • Family Educational Rights and Privacy Act (FERPA)
  • Cross References


This document codifies the policies of University Libraries regarding privacy of users’ records. 


It is the policy of the Pennsylvania State University Libraries that the privacy of all users, including employees, shall be respected in compliance with federal and state laws and professional standards of confidentiality.  This policy applies to all resources regardless of their format or means of delivery as well as to all services offered by the Libraries.  We maintain strict client confidentiality and will not reveal the identities of individual users or reveal what information resources they consult or services provided to them to any non-Libraries staff, individual, or entity without a court order or a valid subpoena, or under appropriate federal law.

The University Libraries comply with the American Library Association’s Code of Ethics that states:

We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

(June 28, 1995)

We also adhere to the Pennsylvania Statute covering the confidentiality of library records that states:

Library circulation records:

Records related to the circulation of library materials which contain the names or other personally identifying details regarding the users of the State Library or any local library which is established or maintained under any law of the Commonwealth or the library of any university, college or educational institution chartered by the Commonwealth or the library of any public school or branch reading room, deposit station or agency operated in connection therewith, shall be confidential and shall not be made available to anyone except by a court order in a criminal proceeding. (24 P.S. § 9375, 2012)

Many of the University Libraries' records may also be protected under the Family Educational Rights and Privacy Act (FERPA).  [See section on FERPA]


Library Records:

Records of the borrowing and use of library materials and equipment are considered to be confidential, as are the records of patron transactions of any type including, but not limited to, reference interactions, computer use logs, logs of Internet sites consulted, etc., as well as records of transactions regarding fees and fines.  For library purposes, this covers all records related to the circulation or use of laptop computers, camcorders, digital cameras, and any other equipment loaned by the University Libraries as well as books, periodicals, and other formats of printed or electronic information available from the Libraries, including materials that are personally owned by a faculty member that have been placed on reserve for reading in a course.  Reference or other service transactions, whether conducted in person, in writing, by telephone, via electronic mail or online interaction, are also considered confidential.  Information will be disclosed to law enforcement officials upon request by court order or valid subpoena, or in compliance with appropriate federal law without prior notice.

E-mail and Internet:

E-mail and Internet connections are provided to assist and facilitate library communications.  All user files and logs of user transactions on the University and Libraries’ systems are held to be confidential and will be kept as private as possible.  Collection and analysis of data on usage of the licensed commercial online databases and materials offered by the Libraries through its system assists both the publisher and the University Libraries to understand the impact of this technology and service.  We request that any such usage data compiled by the licensor will be collected by a method consistent with applicable privacy laws and written confidentiality requirements of the licensing agreement.  Any usage data available, such as number of searches or articles downloaded, is reported at least quarterly by the licensor to the University and is confidential under this policy.  Information will be disclosed to law enforcement officials upon request by court order or valid subpoena or under appropriate federal law without prior notice.

The University and Libraries reserve the right to inspect, view and access all data files, electronic messages, and logs of Internet sites consulted by any individuals if it is suspected that the system has been used for unauthorized purposes. Unauthorized use includes, but is not limited to:

  • the use of the network or accounts to conduct a personal commercial enterprise;
  • transmit or make accessible offensive, obscene or harassing materials;
  • unauthorized mass electronic mailings;
  • conducting or attempting to conduct security experiments or security scans;
  • intentional or negligent deletion or alteration of information or data;
  • intentional or negligent misuse of system resources;
  • intentionally or negligently spreading computer viruses; and
  • permitting the misuse of system resources by others.

In the event of suspected misuse of Libraries’ computational services, the Libraries will act in accordance with the University's Office of Information Security, and in accordance with University policy AD95 Information Assurance and IT Security (Formerly AD20 Computer and Network Security).


Any request for patron information that library staff may receive from a law enforcement official should be referred directly to the Dean’s office, 510 Paterno Library, University Park, (814) 863-4723.

All Libraries staff and faculty must follow the procedures contained in the Staff Guidelines on Protecting the Confidentiality and Privacy of Patron Library Records [UL-ADG04].  This applies to all requests for information regarding our library users as well as an individual’s library records, etc.  This applies to all University Library locations and offices during all hours of service.


The Family Educational Rights and Privacy Act (also known as FERPA) protects the privacy of students’ educational records, including student library financial records. Pursuant to University Policy AD11 on Confidentiality of Student Records, the University Libraries ensure compliance with FERPA by not disclosing information about a student’s record to any third party, including parents, personnel in an academic department, or other individuals.

Unless there is prior written approval allowing disclosure, the parent (or third party) should be referred back to the account holder (the student) for an explanation. The most frequent inquiry made by parents is about students’ library fees that appear on their Bursar Account Statements. 

Libraries personnel will annotate the note field in the student’s circulation record with a reference to the form on file and refer inquiries to the Libraries’ Business Office. Forms will be maintained for no more than three years after the student signature has been affixed.

When there is no form on file, inquiries must be referred back to the student. 


Guideline UL-ADG04 Staff Guidelines on Protecting the Confidentiality and Privacy of Patron Library Records

Effective Date: October 3, 2003
Date Approved: October 3, 2003 (Dean's Library Council; University Legal Counsel)

Revision History (and effective dates):

  • August 31, 2015 – Editorial revisions
  • March 17, 2008 – Addition of section on FERPA
  • October 3, 2003 – Supersedes January 2002 policy
  • January 14, 2002 – New policy

Last Review Date:  September 2010