Adapted from:
ALA Intellectual Freedom Committee. “Guidelines for Developing a Library Privacy Policy. American Library Association. August 2003. 5 May 2004
< http://www.ala.org/ Template.cfm?Section=toolkitsprivacy&Template=/ContentManagement/ ContentDisplay.cfm&ContentID=43556>
I. Introduction
Privacy is essential to the exercise of free speech, free thought, and free association. In this library the right to privacy is the right to open inquiry without having the subject of one's interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information (P.I.I.) about users and keeps that information private on their behalf. This library's privacy and confidentiality policies are in compliance with applicable federal, state, and local laws.
This privacy policy explains your privacy and confidentiality rights, the steps this library takes to respect and protect your privacy when you use library resources, and how we deal with personally identifiable information that we may collect from our users.
1. Notice & Openness
We affirm that our library users have the right of "notice"—to be informed about the policies governing the amount and retention of personally identifiable information, and about why that information is necessary for the provision of library services. We post publicly and acknowledge openly the privacy and information-gathering policies of this library. Whenever policies change, notice of those changes is disseminated to our users.
In all cases we avoid creating unnecessary records, we avoid retaining records not needed for the fulfillment of the mission of the library, and we do not engage in practices that might place information on public view.
Information we may gather and retain about current and valid library users include but is not limited to the following
User Registration Information
Circulation Information
Electronic Access Information
Information Required to Provide Library Services
2. Choice & Consent
This policy explains our information practices and the choices you can make about the way the library collects and uses your information. We will not collect or retain your private and personally identifiable information without your consent; registering for a library card or using services that require P.I.I. constitutes consent. Further, we will keep your P.I.I. confidential and will not sell, license or disclose personal information to any third party without your consent, except for information required by E.P.C.C., unless we are compelled to do so under the law or to comply with a court order.
If you wish to receive borrowing privileges, we must obtain certain information about you in order to provide you with a library account. When visiting our library's Web site and using our electronic services, you may choose to provide your name, e-mail address, library card barcode, phone number or home address.
We never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above unless we are compelled to do so under the law or to comply with a court order. If you are affiliated with our college, the library automatically receives personally identifiable information to create and update your library account from the Registrar's Office or Human Resources.
3. Access by Users
Individuals who use library services that require the function and process of personally identifiable information are entitled to view and/or update their information in person. You will be asked to provide verification such as an ID number and identification card to ensure verification of identity. The purpose of accessing and updating your personally identifiable information is to ensure that library operations can function properly. Such functions may include notification of overdue items, recalls, reminders, etc. The library can explain the process of accessing or updating your information so that all personally identifiable information is accurate and up to date.
4. Data Integrity & Security
Data Integrity: The data we collect and maintain at the library must be accurate and secure. We take reasonable steps to assure data integrity, including: using only reputable sources of data; providing our users access to their own personally identifiable data; updating data whenever possible; destroying untimely data or converting it to anonymous form.
Data Retention:We protect personally identifiable information from unauthorized disclosure once it is no longer needed to manage library services. Information that is regularly purged or shredded includes personally identifiable information on library resource use and material circulation history.
Tracking Users: We remove links between patron records and materials borrowed when items are returned, unless there is an overdue or damage fine/charge, and we delete records as soon as the original purpose for data collection has been satisfied. We permit in-house access to information in all formats without creating a data trail, with the exception of Reserves and other materials housed in the Circulation/Reserves area.
Our library has invested in appropriate technology to protect the security of any personally identifiable information while it is in the library's custody, and we ensure that aggregate, summary data is stripped of personally identifiable information. We regularly remove cookies, Web history, cached files, or other computer and Internet use records and other software code that is placed on our computers or networks.
Third Party Security: We ensure that our library's contracts, licenses, and offsite computer service arrangements reflect our policies and legal obligations concerning user privacy and confidentiality. Should a third party require access to our users' personally identifiable information, our agreements address appropriate restrictions on the use, aggregation, dissemination, and sale of that information. When connecting to licensed databases outside the library, we release only information that authenticates users as "members of our community." Nevertheless, be advised that there may be limits to library privacy protection when accessing remote sites.
Cookies: Users of networked computers will need to enable cookies in order to access a number of resources available through the library. A cookie is a small file sent to the browser by a Web site each time that site is visited. Cookies are stored on the user's computer and can potentially transmit personal information. Cookies are often used to remember information about preferences and pages visited. You can refuse to accept cookies, can disable cookies, and remove cookies from your hard drive. Our Library servers use cookies solely to verify that a person is an authorized user in order to allow remote access to licensed library databases. Cookies sent by our Library servers will disappear when the user's computer browser is closed. We will not share cookies information with external third parties.
Security Measures: Our security measures involve both managerial and technical policies and procedures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data. Our managerial measures include internal organizational procedures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Our technical security measures to prevent unauthorized access include encryption in the transmission of data; limits on access through use of passwords; and storage of data on secure servers or computers.
We permit only authorized library staff with assigned confidential passwords to access personal data stored in the Library's computer system for the purpose of performing library work. We will not disclose any personal data we collect from you to any other party except where required by law, by E.P.C.C., or to fulfill an individual user's service request. The Library does not sell or lease users' personal information to companies, universities, or individuals.
5. Enforcement & Redress
Our library will not share data on individuals with third parties unless needed by E.P.C.C. or required by law. We conduct regular privacy audits in order to ensure that library programs and services are enforcing our privacy policy. Library users who have questions, concerns, or complaints about the library's handing of their privacy and confidentiality rights should file written comments with the Head Librarian. We will respond in a timely manner and may conduct a privacy investigation or review of policy and procedures.
We authorize only the Head Librarian to receive or comply with requests from law enforcement officers for P.I.I.; we confer with our administrators and legal counsel before determining the proper response. We will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction that shows good cause and is in proper form. We have trained all library staff and volunteers to refer any law enforcement inquiries to the Head Librarian.
To El Paso Community College Libraries District Page
To El Paso Community College Home Page
Last Updated: October 13, 2006
Created and maintained by K.A. Gardner
Send Your Comments to: askalib
URL: http:/www.epcc.edu/vvlib/privacy.htm
The El Paso Community College Valle Verde Library does not control the content posted on web sites to which it provides links and, as such, does not guarantee the accuracy, integrity or quality of such content. The Valle Verde Library and the author do not endorse and are not responsible or liable for any content, advertising, services, products or other materials on or available from such sites or resources.
