DRAFT FOR BOARD CONSIDERATION

District of Columbia Public Library

Policy on Privacy and Confidentiality

Policy Statement

The District of Columbia Public Library protects the privacy and confidentiality of all
library users, no matter their age.

Legal basis for policy: The policy is based on DC Official Code Sec 39-108 (2001 Ed.)
Confidentiality of Circulation Records.

The Library’s commitment to users’ privacy and confidentiality has deep roots not only
in the law but also in the ethics and practice of librarianship. In accordance with the
American Library Association’s code of Ethics: “We protect each library user’s right to
privacy and confidentiality with respect to information sought or received and resources
consulted, borrowed, acquired, or transmitted.”

This privacy statement explains the users’ privacy and confidentiality rights and
responsibilities, the steps the Library takes to respect and protect a user’s privacy when
using library resources, and how the Library deals with personally identifiable
information collected from library users.

Privacy and Confidentiality Practices

The Library avoids creating unnecessary records, avoids retaining records not needed for
Library business purposes, and does not engage in practices that might place personally
identifiable information on public view.

Information the Library may gather and retain about current library users includes the
following:

Information required to register for a library card (e.g. name, address, telephone number,
e-mail address, birth date)
Records of material checked out, charges owed, payments made
Requests for interlibrary loan or reference service
Sign-up information for library classes and programs

Consent

The Library will not collect or retain a library user’s private and personally identifiable
information without the user’s consent.
Document #8D.1
Board of Library Trustees Meeting
May 28, 2008
1
The Library will keep the information confidential and will not sell, license or disclose
personal information to any third party, except an agent working under contract to the
Library, unless the Library is required by law to do so.

Data Integrity and Security

The Library takes reasonable steps to assure data integrity.

The Library has invested in appropriate technology to protect the security of personally
identifiable information while it is in the library’s custody.

The Library assures that aggregate, summary data is stripped of personally identifiable
information.

The Library regularly removes cookies, web browsing history, cached files, or other
computer and Internet use records and other software code that is placed on the Library’s
computers or networks.

Staff Access to Personal Data

Library staff may access personal data stored in the library’s computer system only for
the purpose of performing their assigned library duties. Staff will not disclose any
personal data collected from a user to any other party except where required by law. The
Library does not sell, lease or give users’ personal information to companies,
governmental agencies, or individuals except as required by law or with the user’s
authorization.

Third Party Security

The Library ensures that its contracts, licenses, and offsite computer service
arrangements reflect its policies and legal obligation concerning user privacy and
confidentiality. When connecting users to licensed databases and other electronic
resources outside the Library, the Library releases only information that authenticates the
user as library card holder of the District of Columbia Public Library. Nevertheless,
users must be aware, when accessing remote sites, that there are limits to the privacy
protection the Library can provide.

Some library users may choose to use electronic communication services from the library
(hold and overdue notices, program and class announcements) via e-mail. These users
must also be aware that the Library has limited ability to protect the privacy of this
information once it is outside the Library’s control.

The Library also offers a wireless network that allows users to connect to the Internet.
Users should be aware that data accessed and sent over the Library’s wireless network is
not encrypted.
Document #8D.1
Board of Library Trustees Meeting
May 28, 2008
2
Parents and Children

The Library respects the privacy and confidentiality of all library users, no matter their
age. Parents or guardians of a child under the age of 18 may obtain access to their child’s
library records only if they provide the child’s library card or card number.

Illegal Activity Prohibited and Not Protected

Users may conduct only legal activity while using library resources and services.
Nothing in this statement prevents the Library from exercising its right to enforce Rules
of Conduct, protect its facilities, networks and equipment from harm, or prevent the use
of library facilities and equipment for illegal purposes. The Library can electronically
monitor public access computers and external access to its networks and reserves the
right to do so when a violation of law or library policy is suspected.

Redress

Any library user with a question, concern, or complaint about the Library’s handling of
privacy and confidentiality rights and practices, may file written comments with the
Chief Librarian. The Library will respond in a timely manner and may conduct a privacy
investigation or review of practices and procedures.

Law Enforcement Requests

The Chief Librarian is custodian of library records and is the only party authorized to
receive or comply with public records requests or inquiries from law enforcement
officers. The Chief Librarian may delegate this authority to designated members(s) of the
Library’s management. The Chief Librarian has the right to confer with the Office of the
Attorney General before determining the proper response to any request for records. The
Library will not make library records available to any agency of state, Federal or District
government unless a subpoena, warrant, court order or other investigatory document is
issued by a court of competent jurisdiction, showing good cause and in proper form. The
Library staff will refer any law enforcement inquiries to the Office of the Chief Librarian
or her designee.

How the Library Uses Data it Collects

The Library’s Website – When library users visit the DCPL website, the Library collects
and stores only information to measure the number of visitors to different areas of the site
to guide in making the site more useful. The information collected includes:

the IP address of the user’s computer or Internet provider

the date and time of access
Document #8D.1
Board of Library Trustees Meeting
May 28, 2008
3
the pages accessed and how the user navigated the site
the Internet address of the web site that referred the user to the Library’s site
A record of all searches of the library catalog

Web site data is separate from individual library account information. The Library
cannot look up patron records to determine what areas of the web site were visited. The
data collected is not connected to any personally identifiable information.

The Library may use card holders’ postal addresses or email addresses to inform the
community of services and programs.

Email to the Library

Online suggestions and other general email to the Library which do not apply to
borrowing or intellectual pursuits may be considered public records.

Adopted by the Board of Library Trustees ____________________________ (date)

Document #8D.1
Board of Library Trustees Meeting
May 28, 2008
4