Policy UL-AD08 Confidentiality and Privacy of Patron Library Records

Main Policy Content

Contents:

  • Purpose
  • Introduction
  • University Libraries’ Policies
    • Library Records
    • E-Mail and Internet
  • Applicability and Guidelines
  • Family Educational Rights and Privacy Act (FERPA)
  • Cross References

PURPOSE:

This document codifies the policies of University Libraries regarding privacy of users’ records. 

INTRODUCTION:

It is the policy of the Pennsylvania State University Libraries that the privacy of all users, including employees, shall be respected in compliance with federal and state laws and professional standards of confidentiality.  This policy applies to all resources regardless of their format or means of delivery as well as to all services offered by the Libraries.  We maintain strict client confidentiality and will not reveal the identities of individual users or reveal what information resources they consult or services provided to them to any non-Libraries staff, individual, or entity without a court order or a valid subpoena, or under appropriate federal law.

The University Libraries comply with the American Library Association’s Code of Ethics that states:

We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

(June 28, 1995)

We also adhere to the Pennsylvania Statute covering the confidentiality of library records that states:

Library circulation records:

Records related to the circulation of library materials which contain the names or other personally identifying details regarding the users of the State Library or any local library which is established or maintained under any law of the Commonwealth or the library of any university, college or educational institution chartered by the Commonwealth or the library of any public school or branch reading room, deposit station or agency operated in connection therewith, shall be confidential and shall not be made available to anyone except by a court order in a criminal proceeding. (24 P.S. § 9375, 2012)

Many of the University Libraries' records may also be protected under the Family Educational Rights and Privacy Act (FERPA).  [See section on FERPA]

UNIVERSITY LIBRARIES POLICIES:

Library Records:

Records of the borrowing and use of library materials and equipment are considered to be confidential, as are the records of patron transactions of any type including, but not limited to, reference interactions, computer use logs, logs of Internet sites consulted, etc., as well as records of transactions regarding fees and fines.  For library purposes, this covers all records related to the circulation or use of laptop computers, camcorders, digital cameras, and any other equipment loaned by the University Libraries as well as books, periodicals, and other formats of printed or electronic information available from the Libraries, including materials that are personally owned by a faculty member that have been placed on reserve for reading in a course.  Reference or other service transactions, whether conducted in person, in writing, by telephone, via electronic mail or online interaction, are also considered confidential.  Information will be disclosed to law enforcement officials upon request by court order or valid subpoena, or in compliance with appropriate federal law without prior notice.

E-mail and Internet:

E-mail and Internet connections are provided to assist and facilitate library communications.  All user files and logs of user transactions on the University and Libraries’ systems are held to be confidential and will be kept as private as possible.  Collection and analysis of data on usage of the licensed commercial online databases and materials offered by the Libraries through its system assists both the publisher and the University Libraries to understand the impact of this technology and service.  We request that any such usage data compiled by the licensor will be collected by a method consistent with applicable privacy laws and written confidentiality requirements of the licensing agreement.  Any usage data available, such as number of searches or articles downloaded, is reported at least quarterly by the licensor to the University and is confidential under this policy.  Information will be disclosed to law enforcement officials upon request by court order or valid subpoena or under appropriate federal law without prior notice

The University and Libraries reserve the right to inspect, view and access all data files, electronic messages, and logs of Internet sites consulted by any individuals if it is suspected that the system has been used outside of acceptable use as defined by University policy AD96 Acceptable Use of University Information Resources.

[direct quote from AD96 section II. PRINCIPLES OF ACCEPTABLE USE:]

All individuals' granted access to Penn State information technology resources must agree to and accept the following:

  • Using only the information technology resources for which they are authorized by the University.
  • Utilizing appropriate authentication mechanisms to access information technology resources.
  • Not attempting to access information technology resources for which their authorization may be erroneous or inadvertent.
  • Only using accounts, passwords, and/or authentication credentialsthat have been authorized to use consistent with their role at Penn State.
  • Protecting, and not sharing, their account, password, and/or authentication credentials.
  • Only sharing data with others as defined by applicable policies and procedures, and dependent on their assigned role.
  • Not using Penn State information technology resources to represent the interests of any non-University group or organization unless authorized by an appropriate University department or office or that could be taken to representPenn State.
  • Not using any hardware or software designed to assess or weaken security strength, unless authorized by the institutional CISO or his or her designee(s).
  • Not engaging in disruptive "spamming" (i.e., sending unsolicited electronic communicationto groups of recipients at the same time), or acting in a way that will harm, damage, corrupt, or impede authorized access to information resources, systems, networks, equipment, and/or data.
  • Not forging identities or sending anonymous messages, unless the recipient has agreed to receive anonymous messages.
  • Not using Penn State information technology resources to alter, disrupt, or damage information technology resources of another person or entity.
  • Not using Penn State information technology resources to upload, download or distribute copyrighted or illegal material which results in violation of law.
  • Complying with all licenses and contracts related to information technology systems which are owned, leased, or subscribed to by Penn State, and complying with applicable local, state or federal laws, and institutional policies, rules, and guidelines as they relate to information technology resources.

In the event of suspected misuse of Libraries’ computational services, the Libraries will act in accordance with the University's Office of Information Security, and in accordance with University policies AD96 Acceptable Use of University Information Resources and AD95 – Information and Assurance and IT Security (Formerly AD20 Computer and Network Security).

APPLICABILITY AND GUIDELINES:

Any request for patron information that library staff may receive from a law enforcement official should be referred directly to the Dean’s office, 510 Paterno Library, University Park, (814) 863-4723.

All Libraries staff and faculty must follow the procedures contained in the Staff Guidelines on Protecting the Confidentiality and Privacy of Patron Library Records [UL-ADG04].  This applies to all requests for information regarding our library users as well as an individual’s library records, etc.  This applies to all University Library locations and offices during all hours of service.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT (FERPA):

The Family Educational Rights and Privacy Act (also known as FERPA) protects the privacy of students’ educational records, including student library financial records. Pursuant to University Policy AD11 on Confidentiality of Student Records, the University Libraries ensure compliance with FERPA by not disclosing information about a student’s record to any third party, including parents, personnel in an academic department, or other individuals.



Unless there is prior written approval allowing disclosure, the parent (or third party) should be referred back to the account holder (the student) for an explanation. The most frequent inquiry made by parents is about students’ library fees that appear on their Bursar Account Statements. 

Libraries personnel will annotate the note field in the student’s circulation record with a reference to the form on file and refer inquiries to the Libraries’ Business Office. Forms will be maintained for no more than three years after the student signature has been affixed.

When there is no form on file, inquiries must be referred back to the student. 

CROSS REFERENCES:

Guideline UL-ADG04 Staff Guidelines on Protecting the Confidentiality and Privacy of Patron Library Records

Effective Date: October 3, 2003

Date Approved: October 3, 2003 (Dean's Library Council; University Legal Counsel)

Revision History (and effective dates):

  • December 2017 – Revised to make the E-mail and Internet section current
  • August 31, 2015 – Editorial revisions
  • March 17, 2008 – Addition of section on FERPA
  • October 3, 2003 – Supersedes January 2002 policy
  • January 14, 2002 – New policy

Last Review Date:  September 2010