Privacy
I. Introduction
Privacy is essential to the exercise of free speech, free thought, and
free association. In ZSR Library,
the right to privacy is the right to open inquiry without having the subject
of one’s interest examined or scrutinized by others. Confidentiality exists
when a library is in possession of personally identifiable information about
users and keeps that information private on their behalf.
The courts have upheld the right to privacy based on the Bill of Rights of
the U.S. Constitution. Many states provide guarantees of privacy in their
constitutions and statute law. Numerous decisions in case law have defined
and extended rights to privacy. This Library’s privacy and confidentiality
policies are in compliance with applicable federal, state, and local laws.
User rights – as well as our institution’s responsibilities – outlined here are
based in part on what are known in the United States as the five
"Fair Information Practice Principles."
These five principles outline the rights of Notice, Choice, Access, Security,
and Enforcement.
Our commitment to your privacy and confidentiality has deep roots not only
in law but also in the ethics and practices of librarianship. In accordance
with the American Library Association’s
Code of Ethics:
"We protect each library user’s right to privacy and confidentiality
with respect to information sought or received and resources consulted, borrowed,
acquired, or transmitted."
II. Z. Smith Reynolds Library’s Commitment to Our Users’ Rights of Privacy and Confidentiality
This privacy policy explains your privacy and confidentiality rights, the
steps this Library takes to respect and protect your privacy when you use library
resources, and how we deal with personally identifiable information that we may
collect from our users.
1. Notice & Openness
We affirm that our users have the right of "notice" – to be informed
about the policies governing the amount and retention of personally identifiable
information, and about why that information is necessary for the provision of services.
We post publicly and acknowledge openly the privacy and information-gathering
policies of this Library. Whenever policies change, notice of those changes is
disseminated widely to our users.
In all cases we avoid creating unnecessary records, we avoid retaining records
not needed for the fulfillment of the mission of the Library, and we do not engage
in practices that might place information on public view.
Collected Information – Library
The Z. Smith Reynolds Library keeps a database of patron information in order
to know who our users are and where library materials are located. This database
includes patrons’ names, addresses, telephone numbers, University ID numbers,
e-mail addresses, and other contact information. This database also includes
materials currently checked out of the library’s collection and this information
is deleted upon return. Patrons are entitled to view their library account information.
Collected Information – Academic
When enrolled in an Information Literacy class, students may be required to
use web-based technology. These technologies may include a secure course management
system or a publicly viewable website. Before course work is placed on the open
Web, permission is obtained from the student. The Library’s policy on the retention
of students’ course work follows the policies of the University.
2. Choice & Consent
This policy explains our information practices and the choices you can make about
the way the Library collects and uses your information. We will keep it confidential
and will not sell, license or disclose personal information to any third party
without your consent, unless we are compelled to do so under the law or to comply
with a court order.
If you are affiliated with our University, the Library automatically receives
personally identifiable information to create and update your library account
from the Registrar’s Office (for students) or Human Resources (for employees).
3. Access by Users
Individuals who use library services that require the function and process of
personally identifiable information are entitled to view and/or update their
information. You may either view or update your personal information online or in
person. In both instances, you may be asked to provide some sort of verification
of identity. The purpose of accessing and updating your personally identifiable
information is to ensure that library operations can function properly. Such
functions may include notification of overdue items, recalls, reminders, etc.
4. Data Integrity & Security
Data Integrity
The data we collect and maintain must be accurate and secure. We take reasonable
steps to assure data integrity, including: using only reputable sources of data;
providing our users access to their own personally identifiable data; updating
data whenever possible; utilizing authentication systems that authorize use
without requiring personally identifiable information; destroying untimely
data or converting it to anonymous form.
Data Retention
We protect personally identifiable information from unauthorized disclosure once
it is no longer needed to manage library services. Information that will be regularly
purged or shredded includes personally identifiable information on library resource
use and material circulation history.
Tracking Users
We remove links between patron records and materials borrowed from the library’s
collection when items are returned and we delete records as soon as the original
purpose for data collection has been satisfied. We permit in-house access to
information in all formats without creating a data trail. Our Library has invested
in appropriate technology to protect the security of any personally identifiable
information while it is in the Library’s custody, and we ensure that aggregate,
summary data is stripped of personally identifiable information. We do not ask
visitors or website users to identify themselves or reveal any personal information
unless they are borrowing materials, requesting printing services, using Special
Collections, registering for programs or classes, or making remote use from
outside the Library of those portions of the Library’s website restricted to
registered borrowers under license agreements. We regularly remove cookies,
Web history, cached files, or other computer and Internet use records and other
software code that is placed on our computers or networks. We adhere to a server
log retention policy to protect user privacy.
Third Party Security
The Z. Smith Reynolds Library website contains links to websites and resources
owned and operated by third parties. While the Library strives to protect user
information, it is not responsible for the privacy policies or content of these
third-party sites. The Library advises users to review the privacy statement of
any websites visited.
Cookies
Users of networked computers will need to enable cookies in order to access a number
of third party resources available through the Library. This small file is sent to the
browser by a website each time that site is visited. Cookies are stored on the user’s
computer and can potentially transmit personal information. They are often used to
remember information about preferences and pages visited. You can be prompted to accept,
refuse, disable or remove cookies from your hard drive.
Security Measures
Our security measures involve both managerial and technical policies and procedures
to protect against loss and the unauthorized access, destruction, use, or disclosure
of the data. Our managerial measures include internal organizational procedures that
limit access to data and ensure that those individuals with access do not utilize the
data for unauthorized purposes. Our technical security measures to prevent unauthorized
access include encryption in the transmission and storage of data; limits on access
through use of passwords; and storage of data on secure servers or computers that are
inaccessible from a modem or network connection.
Staff access to personal data
We permit only authorized Library staff with assigned confidential passwords to access
personal data stored in the Library’s computer system for the purpose of performing
library work. We will not disclose any personal data we collect from you to any other
party except where required by law or to fulfill an individual user’s service request.
The Library does not sell or lease users’ personal information to companies, universities,
or individuals.
5. Enforcement & Redress
Our Library will not share data on individuals with third parties unless required by law. We
conduct regular privacy audits in order to ensure that all library programs and services are
enforcing our privacy policy. Library users who have questions, concerns, or complaints about
the Library’s handling of their privacy and confidentiality rights should file written comments
with the Dean of the Library. We will respond in a timely manner and may conduct a privacy
investigation or review of policy and procedures.
We authorize only the Dean of the Library to receive or comply with requests from law enforcement
officers; we confer with our legal counsel before determining the proper response. We will not
make library records available to any agency of state, federal, or local government unless a
subpoena, warrant, court order or other investigatory document is issued by a court of competent
jurisdiction that shows good cause and is in proper form. We have trained all library staff and
volunteers to refer any law enforcement inquiries to library administrators.