I. Introduction
Privacy is essential to the exercise of free speech, free thought, and free association. In
this library the right to privacy is the right to open inquiry without having
the subject of one’s interest examined or scrutinized by others. Confidentiality
exists when a library is in possession of personally identifiable information
about users and keeps that information private on their behalf.
The courts have upheld the right to privacy based on the Bill of Rights of the
U.S. Constitution. Citizens of the state of Michigan are protected by Chapter
397 of the Michigan Compiled Laws, “The
Library Privacy Act.” This library's privacy and confidentiality policies
are in compliance with applicable federal, state, and local laws.
Our commitment to patron privacy and confidentiality has deep roots not only
in law, but also in the ethics and practices of librarianship. In accordance
with the American Library Association’s Code of Ethics: “We protect
each library user’s right to privacy and confidentiality with respect to
information sought or received and resources consulted, borrowed, acquired, or
transmitted.”
II.Eastern Michigan University Library’s
Commitment to Our Users Rights of Privacy and Confidentiality
This privacy policy explains patron privacy and confidentiality rights, the steps
this library takes to respect and protect patron privacy when one uses library
resources, and how we deal with personally identifiable information that we may
collect from our users.
1. Notice & Openness
Library users have the right of “notice” -- to be informed about
the policies governing the amount and retention of personally identifiable information,
and about why that information is necessary for the provision of library services.
We post publicly and acknowledge openly the privacy and information-gathering
policies of this library. Whenever policies change, notice of those changes
is disseminated widely to our users.
In all cases we avoid creating unnecessary records, we avoid retaining records
not needed for the fulfillment of the mission of the library, and we do not engage
in practices that might place information on public view.
Information we may gather and retain about current and valid library users include
the following
- User Registration Information
- Circulation Information
- Interlibrary Loan and Document Delivery contact information
- Electronic Access Information
- Information Required to Provide Library Services
2. Choice & Consent
This policy explains our information practices and the choices patrons
can make about the way the library collects and uses patron information. We
will not collect or retain library patron’s private and personally
identifiable information without the patron’s consent. Further,
if the patron consents to give us personally identifiable information,
we will keep it confidential and will not sell, license or disclose
personal information to any third party without the patron’s
consent, unless we are compelled to do so under the law or to comply
with a court order.
If the patron wishes to receive borrowing or interlibrary loan privileges,
we must obtain certain information about the patron in order to provide
the patron with a library account. If the patron is affiliated with
Eastern Michigan University, the library automatically receives personally
identifiable information to create and update the patron’s library
account from the Registrar's Office (for students) or Human Resources
(for employees).
When visiting our library’s web site and using our electronic services,
the patron may choose or be asked to provide their name, e-mail address,
library card barcode, phone number or home address.
We never use or share the personally identifiable information provided
to us online in ways unrelated to the ones described above without also
providing the patron an opportunity to prohibit such unrelated uses,
unless we are compelled to do so under the law or to comply with a court
order. The US Patriot Act dictates that personal information may
be given to Federal agents without the knowledge of our library patrons
and that Library and EMU may be forbidden by law from giving patrons
any knowledge of this disclosure.
3. Access by Users
Individuals who use library services that require the use of personally
identifiable information are entitled to view and update their information.
The patron may view their personal information online or in person and
request that it be updated if it is not correct. In both instances,
the patron may be asked to provide some sort of verification of identity.
The purpose of accessing and updating the patron’s personally identifiable
information is to ensure that library operations can function properly. Such
functions may include notification of overdue items, recalls, reminders,
etc. The library will explain the process of accessing or updating
the patron’s information so that all personally identifiable information
is accurate and up to date.
4. Data Integrity & Security
Data Integrity: The data we collect and maintain at the library must
be accurate and secure. We take reasonable steps to assure data integrity,
including: using only reputable sources of data; providing our users access
to their own personally identifiable data; updating data whenever possible;
utilizing middleware authentication systems that authorize use without requiring
personally identifiable information; destroying untimely data or converting
it to anonymous form.
Data Retention: We protect personally identifiable information
from unauthorized disclosure once it is no longer needed to manage library
services. Information that should be regularly purged or shredded includes
personally identifiable information on library resource use and material circulation
history.
Tracking Users: We remove links between patron records and materials
borrowed when items are returned and we delete records as soon as the original
purpose for data collection has been satisfied. Billing and fine information
is retained as long as necessary. We permit in-house access to information
in all formats without creating a data trail. Our library has invested
in appropriate technology to protect the security of any personally identifiable
information while it is in the library’s custody, and we ensure that
aggregate, summary data is stripped of personally identifiable information. We
do not ask library visitors or web site users to identify themselves or reveal
any personal information unless they are borrowing materials, requesting special
services, registering for programs or classes, or making remote use from outside
the library of those portions of the Library's web site restricted to registered
borrowers under license agreements or other special arrangements. We
discourage users from choosing passwords or PINs that could reveal their identity,
including social security numbers. We regularly remove cookies, web history,
cached files, or other computer and Internet use records and other software
code that is placed on our computers or networks.
Third Party Security: We ensure that our library’s contracts
and licenses reflect our policies and legal obligations concerning user privacy
and confidentiality. Should a third party require access to our users’ personally
identifiable information, our agreements address appropriate restrictions on
the use, aggregation, dissemination, and sale of that information, particularly
information about minors. In circumstances in which there is a risk that
personally identifiable information may be disclosed, we will warn our users. When
connecting to licensed databases outside the library, we release only information
that authenticates users as "members of our community." Nevertheless,
we advise users of the limits to library privacy protection when accessing
remote sites
Cookies: Users of networked computers will need to enable cookies
in order to access a number of resources available through the library. A
cookie is a small file sent to the browser by a Web site each time that site
is visited. Cookies are stored on the user's computer and can potentially
transmit personal information. Cookies are often used to remember information
about preferences and pages visited. The patron can refuse to accept cookies,
can disable cookies, and remove cookies from their hard drive. Our Library
servers use cookies solely to verify that a person is an authorized user in
order to allow access to licensed library resources and to customize Web pages
to that user's specification. Cookies sent by our Library servers will disappear
when the user's computer browser is closed. We will not share cookies
information with external third parties.
Security Measures: Our security measures involve both managerial and
technical policies and procedures to protect against loss and the unauthorized
access, destruction, use, or disclosure of the data. Our managerial measures
include internal organizational procedures that limit access to data and ensure
that those individuals with access do not utilize the data for unauthorized
purposes. Our technical security measures to prevent unauthorized access
include encryption in the transmission and storage of data; limits on access
through use of passwords; and storage of data on secure servers or computers
that are inaccessible from a modem or network connection.
Staff access to personal data: We permit only authorized Library or
ICT staff with assigned confidential passwords to access personal data stored
in the Library’s computer system for the purpose of performing library
work. We will not disclose any personal data we collect from library patrons
to any other party except where required by law or to fulfill an individual
user's service request. The Library does not sell or lease users' personal
information to companies, universities, or individuals.
5. Enforcement & Redress
Our library will not share data on individuals with third parties unless
required by law. We conduct regular privacy audits in order to
ensure that all library programs and services are enforcing our privacy
policy. Library users who have questions, concerns, or complaints
about the library’s handling of their privacy and confidentiality
rights should file written comments with the University Librarian. We
will respond in a timely manner and may conduct a privacy investigation
or review of policy and procedures.
We authorize only the University Librarian and/or her/his designee to
receive or comply with requests from law enforcement officers; we confer
with our legal counsel whenever possible before determining the proper
response. We will not make library records available to any agency
of state, federal, or local government unless: 1) a subpoena, warrant,
court order or other investigatory document is issued by a court of competent
jurisdiction; or 2) disclosure of the records is otherwise required
by law. We have trained all library staff and volunteers to refer any
law enforcement inquiries to library administrators.
March 2006 |
