Rochester Public Library
Privacy and Confidentiality Policy
Approved by the Rochester Public Library Board on June 17, 2015
The Rochester Public Library’s commitment to privacy and confidentiality has deep roots not only in law, but also in the ethics and practices of the library profession. In accordance with the American Library Association’s Code of Ethics:
“We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.”
General Guidelines regarding data privacy:
- “All data collected, created, received, maintained or disseminated by any state agency, political subdivision or statewide system regardless of its physical form, storage media or conditions of use.” Minn. Stat. §13.02, subd. 7.
- Public records also cover not only the “typical” records in a government agency’s possession, but also includes handwritten notes, drafts, photocopies, fax documents, microfilm, computer data and email data.
- All government documents are public and must be disclosed to the public for inspection and copying unless there is a state or federal law that says a specific document is not public.
At the state level, Section 13.40 of the Minnesota Statutes governs library data privacy as follows:
- Records that link a borrower with materials borrowed are private.
- Other than the name of the borrower, which is public, information in the library card application is private.
The privacy and confidentiality policies of the Rochester Public Library shall comply with the applicable federal, state and local laws. Records will be made available in the event that a duly authorized request is received from a law enforcement agency.
Outlined below are the rights of library patrons, as well as the responsibilities of this institution, which are based in part on what are known in the United States as the five "Fair Information Practice Principles." These five principles outline the rights of Notice, Choice, Access, Security, and Enforcement:
ROCHESTER PUBLIC LIBRARY'S COMMITMENT TO PATRONS' RIGHTS OF PRIVACY AND CONFIDENTIALITY
This policy describes patron privacy and confidentiality rights, the steps this Library takes to respect and protect patron privacy when using library resources, and how the Library deals with personally identifiable information that may be collected from library users.
- Notice & Openness The Library does not create unnecessary records, only retains records required to fulfill the mission of the Library, and does not engage in practices that would place information on public view. Radio Frequency Identification (RFID) technology is used to circulate library materials, maintain an inventory of the library collection and secure the collection from theft. RFID tags affixed to items contain only the barcode number of the item; no personal patron information or transaction information is included on the RFID tag. While the Library must maintain records of information such as overdue and lost items, outstanding fines, and payments to patron accounts, these records are kept secure and are purged from the Library’s computer system when no longer needed for library business purposes.
- Choice & Consent The Library will not collect or retain any private or personally identifiable information other than that information required to open an account. If library users wish to receive borrowing and other privileges, the Library must obtain certain information about them in order to establish an account (e.g., name, phone number, and address). When visiting the Library’s Web site, patrons may be required to provide library card barcode number in order to access some subscription databases or their own account information.
As a rule, the Library does not retain check-out histories. Individuals may choose to turn on this feature.
Personally identifiable information provided will be kept confidential and will not be disclosed to any third party unless the Library is compelled to do so under the law.
- Access by Users Individuals wishing to update or verify the accuracy of personal information may do so at the Library’s Public Services Desk. To ensure security of personal data, verification of identity will be required in the form of a photo I.D. (e.g., driver’s license, passport, etc.). The purpose of accessing and updating personally identifiable information is to ensure that library operations function properly. Such functions may include: notification of the availability of reserved or Interlibrary Loan items, reminders of overdue materials, etc.
Parents may access their child’s record. Adults may not access information about other adults including family members and spouses without written consent.
- Data Integrity & Security The data collected and maintained by the Library must be accurate and secure. Reasonable steps are taken to assure data integrity and security. Personally identifiable information is protected from unauthorized disclosure. Tracking Users Library visitors or Web site users are not asked to identify themselves or reveal any personal information unless they are:
- borrowing materials
- requesting services
- accessing the Internet in the Library
- registering for programs or classes, or
- making remote use from outside the Library of those portions of the Library's Web site restricted to registered borrowers under license agreements or other special arrangements.
Third Party Security
When connecting to resources outside the Library’s direct control, the only information released is that which authenticates users as valid card holders of the Rochester Public Library. The Library is not responsible for protecting personal information gathered by outside websites.
Staff access to personal data
Only authorized library staff with assigned, confidential passwords shall have access to personal data stored in the Library’s computer system for the sole purpose of performing library work. Except when required by law or to fulfill an individual user's service request, the Library will not disclose any personal data collected from patrons. The Library does not sell or lease patrons' personal information to any individual or entity.
- Compliance The Rochester Public Library will not share data on individuals with third parties unless required by law. Patrons who have questions, concerns, or complaints regarding the Library’s handling of their privacy and confidentiality rights should file written comments with the Library Director. Only the Library Director or designee is authorized to receive or comply with requests from law enforcement officers. Library records will not be made available to any agency of the state, federal, or local government unless the Library is served with a subpoena, warrant, court order, or other authorized request that legally requires compliance. All library staff and volunteers have been trained to refer any law enforcement inquiries to library administrators.
Questions related to this policy should be directed to the Library Director or designee,
Monday – Friday during regular business hours.