Purpose

The purpose of this policy is to define the responsibilities for appropriate handling and disclosure of patron data in accordance with the Library Board Patron Data Privacy Policy.

Responsibilities

The following responsibilities apply to all Hennepin County Library staff and other persons authorized to handle patron data (e.g. volunteers, interns, and security staff):

Conduct
  1. Follow the American Library Association’s Code of Ethics and protect each library patron’s right to privacy and confidentiality with respect to information sought or received, resources consulted, borrowed, acquired, or transmitted.
  2. Use and disclose patron data only to conduct the library business for which it was collected.
  3. Refrain from sharing information about patrons or patron activities that is unnecessary for the provision of library service. This includes, but is not limited to, postings about patrons on social media sites, and informal conversations.
Data Protection
  1. Understand the difference between public and private data as defined by the Minnesota Government Data Practices Act.
  2. Safeguard private patron data in accordance with state and federal law, and the policies of Hennepin County.
  3. Complete data security training and confidentiality and use agreement as required by Hennepin County.
  4. Report any potential data breach in accordance with the Hennepin County Data Breach Policy and Procedures.
Data Disclosure
  1. Disclose public data as it relates to routine job duties and assignments.
  2. Forward written requests for patron data to the Library’s Data Practices Contact.
  3. Immediately inform supervisor or person in charge when a request to disclose private data is made by law enforcement officials.

Supervisors and managers have the following additional responsibilities:

  1. Ensure patron data is used appropriately and take disciplinary measures if direct reports are in violation of this policy.
  2. Work with library and security staff and law enforcement officials to respond to initial requests to disclose private data. Notify the Operations Division Manager and Library Data Practices Contact.

The name, roles and responsibilities of the Library’s Data Practices Contact is defined on the Hennepin County Data Governance site for County employees.

The Library Director is the Library’s Responsible Authority Designee and as such ensures the Library is in compliance with state and federal laws and county policies associated with data governance.

Associated Laws, Policies and Procedures

Process

This administrative policy is reviewed at least every three (3) years by the Library Director (or designee) in conjunction with the Hennepin County Library Board’s review of the Patron Data Privacy Policy. Upon completion of the review, this policy is revised or reaffirmed.

Policy History

Next review: 01/25/2019
Last reviewed/revised: 01/25/2016
Adopted: 01/25/2016