Purpose

The purpose of this policy is to describe Hennepin County Library’s role and responsibility for protecting patron privacy as it relates to the creation, use, and retention of patron data.

Principles

  • We value intellectual freedom. We value a patron’s right to open inquiry without having the subject of one’s interest examined or scrutinized by others.
  • We value patron privacy and confidentiality.
  • We employ responsible and transparent data practices. We do not require or retain patron data that is not needed for the provision and management of library service.
  • We leverage our role as a national leader of library service, innovation, and excellence with third party vendors to maintain patron privacy standards in this rapidly evolving environment.
  • We recognize that networked and digitized environments have an impact on privacy. We employ current best practices and stay abreast of developments in the field.

Roles and Responsibilities

The Library Board, staff, and volunteers safeguard the privacy of library records in accordance with state and federal law, and the policies of Hennepin County.

The Library Board, staff and volunteers follow the Code of Ethics of the American Library Association and "protect each library user’s right to privacy and confidentiality with respect to information sought or received, resources consulted, borrowed, acquired, or transmitted."

Library patrons have the responsibility to safeguard their personal privacy, report lost library cards, manage their library account privacy settings, and be aware that the library cannot protect the privacy of data that is transmitted to third parties via the Internet.

Data collection and retention

The library will collect and retain data that is necessary for the provision and management of library services.

The library may collect and retain data that is needed for the provision of optional services designed for the added interest and convenience of library patrons. Library patrons may choose to opt in to these optional services.

The library will inform individual patrons of the necessity, purpose and intended use of requested data. (Minnesota Statutes §13.04, subd. 2)

The library will establish data retention practices and conduct regular data privacy audits.

The Library Director (or designee) will establish an administrative policy that details for the public what patron data the library collects, why it is collected, and how long it is retained.

Private Data and Disclosure

In accordance with Minnesota Statute §13.40, subd 2, the following data is private and may not be disclosed for other than library purposes except pursuant to a court order:

  1. Data that link a library patron's name with materials requested or borrowed by the patron or that link a patron's name with a specific subject about which the patron has requested information or materials; or
  2. Data in applications for borrower cards, other than the name of the borrower.

Exceptions may be made under the following circumstances:

  1. Private data may be disclosed to a parent or guardian of a minor or incapacitated person. In the case of a minor, the library shall, upon request by the minor, withhold data from parents or guardians if the library determines that withholding the data would be in the best interest of the minor. (Minnesota Statutes §13.02, subd. 8 & 12)
  2. Items on hold for patrons may be released to a family member or other person who resides with a library patron and who is picking up the material on behalf of the patron. A patron may request that reserved materials be released only to the patron. (Minnesota Statutes §13.40, subd. 2(b))

The Library Director (or designee) will establish an administrative policy that delineates staff roles and responsibilities for disclosing private data under these circumstances and will ensure staff and volunteer training mechanisms are in place to comply with the law and protect patron privacy.

Associated Policies and Laws

This policy is subject to all federal, state, and local laws and policies including but not limited to:

Process

This policy is reviewed by the Library Director (or designee) and the Library’s legal counsel every three (3) years and makes recommendations to the Library Board Program/Policy Committee. The Committee reviews and revises as necessary, endorses and advances to the full Library Board for approval.

Policy History

Next Review Date: 10/2014

Date Approved: 11/30/2011

Previous Policy Dated: 6/16/2004

(Replaces HCL Data Privacy of Library Records, 06/16/2004 and MPL Policy #1006, 01/07/1998)