Board of Trustees Policy: Confidentiality of Records and Privacy Policy
Introduction
The American Library Association’s Code of Ethics states: “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources, consulted, borrowed, acquired or transmitted.” Euclid Public Library (“EPL” or “Library”) specifically recognizes that its user records and patron information are confidential and has made a commitment to protect the privacy of its patrons and the privacy of the users of EPL’s web site. Earning and keeping the trust of patrons of the Library, including when using EPL’s web site or when visiting EPL, is important to EPL.
EPL wants its patrons to understand what types of information are gathered, how this information is used and protected, and how patrons can control its use. This Confidentiality of Records and Privacy Policy describes what EPL does with information it obtains from, and about, patrons (including users of EPL’s web site). By sharing information with EPL, whether at the Library or through EPL’s web site, users agree to be bound by the terms and conditions of this Privacy Policy.
For any and all patrons who have previously shared personally identifiable information (defined below) with EPL, this Privacy Policy informs how such information is being used and protected and how patrons can request changes or even deletions to such information.
Categories of Personally Identifiable Information EPL Collects
Patrons’ personally identifiable information may be retained by EPL whenever a patron voluntarily provides such information to EPL, including, without limitation, when such information is provided by a patron through EPL’s web site or in person at the Library. Information that may be retained by EPL includes, without limitation, patron names, addresses, telephone numbers, driver’s license numbers, or e-mail addresses, or all or any of them (jointly and severally, “personally identifiable information”).
EPL may also gather certain anonymous data from users to help EPL better understand how EPL’s web site is being used and how EPL can improve it. This automatically-gathered data may include a user’s computer’s Internet domain address and any content a user views on the web site, and the kind of browser used. However, individual users will remain anonymous unless the user voluntarily tells EPL who they are.
EPL reserves the right to use “cookies” on EPL’s web site. These are small files that may be sent to and stored on a user’s computer so that EPL may recognize the user’s computer as a unique machine the next time the user visits the web site. For example, EPL may use cookies to enable EPL to store information related to a particular patron’s preferences for hold requests, e.g., the patron’s computer’s IP address may be automatically recognized and the patron’s preferred pick-up location may be offered as a default.
In addition, EPL may compile certain statistical data concerning patrons and their use of the Library and EPL’s web site to better manage circulation, EPL’s services, and EPL’s programs (collectively, “Statistical Data”). CPL may share Statistical Data with third parties who fund CPL’s services.
CLEVNET Network – Use of Personally Identifiable Information
EPL is part of the CLEVNET Network, which is an integrated computer system consisting of, among other things, computer hardware, various computer software programs, and various database and automation services that together act as a library information management system that, in the aggregate, provides various Ohio libraries (collectively, “CLEVNET Contract Libraries”) and their patrons with a variety of benefits, including, without limitation, access to an online catalog database uniting EPL’s and other CLEVNET Contract Libraries’ books and other holdings. Personally identifiable information provided to EPL, whether provided through EPL’s web site or in person at the Library facility, is maintained by EPL; however, EPL may provide it to other CLEVNET Contract Libraries and it is accessible by all CLEVNET Contract Libraries.
CLEVNET Contract Libraries, like EPL, are obligated to keep patrons’ personally identifiable information confidential. Neither EPL nor any of the CLEVNET Contract Libraries will release personally identifiable information about patrons, including their uses of library materials and resources (whether electronic or in print, including, without limitation, circulation records) unless otherwise set forth in this Privacy Policy or unless compelled by law.
Neither EPL nor any of the CLEVNET Contract Libraries will share personally identifiable information with third parties except as provided by law; provided, however, that information may be shared with reputable third- party partners on a confidential basis so that they can assist EPL in providing certain services to patrons. Please remember that this Privacy Policy concerns the use of patron personally identifiable information that has been provided to EPL only. There are numerous hyperlinks contained on EPL’s web site. In cases where patrons or users leave EPL’s web site to visit other web sites or otherwise use other web site services, they should become familiar with the privacy policies of those web sites or web site services.
Further, this Privacy Policy describes the information-gathering practices of EPL and not those of any of the CLEVNET Contract Libraries. Each of the CLEVNET Contract Libraries has posted specific information concerning its information-gathering practices and patrons are encouraged to review those policies.
The Library designates the Director or Director’s designee to maintain the personal information in the CLEVNET Network as it pertains to EPL, including by investigating the accuracy of such information with any of the CLEVNET Contract Libraries. EPL will follow CLEVNET’s “Personal Information Rules for the CLEVNET System” and Chapter 1347 of the Ohio Revised Code; and EPL will maintain confidentiality in accordance with all CLEVNET Network rules on confidentiality and Ohio law, including Section 149.432 of the Ohio Revised Code.
NetNotice – Generally Updating Your Information
Through EPL’s “NetNotice” program, patrons may choose to receive notification of library account updates (e.g., available library holds, upcoming due dates concerning checked-out items) via e-mail. Patrons may choose to sign up for and/or to withdraw from the NetNotice program. Patrons should contact the Library if they would like to change or delete general information in EPL’s general database. To keep EPL’s records current, patrons are encouraged to update information as it becomes necessary, e.g., when a patron moves or begins using a new e-mail address.
Security
EPL has reasonable precautions in place to prevent unauthorized access to the information we collect.
Children
EPL encourages parents and guardians to be involved in the online practices of their children. Children should never share information over the Internet without first receiving permission from a parent or guardian.
Confidentiality
EPL will maintain the confidentiality of Library records and personally identifiable information consistent with this policy and the law. These records and this information will not be divulged to others outside the organization, except as described in this policy and as follows:
- Records or customer information pertaining to minor children when requested by parents, guardians or custodians, provided the parent, guardian or custodian complies with Library requirements as to showing identification and/or legal status;
- In accordance with a subpoena, search warrant, or other court order, or to a law enforcement officer who is investigating a matter involving safety in exigent circumstances;
- Upon the request or with the consent of the individual who is the subject of the record or information;
- For library administrative purposes; and
- As otherwise required by law.
Staff should not, formally or informally, release Library records or divulge personally identifiable information to any agency or individual unless specifically authorized by the Director and in compliance with applicable law.
Adult Library users may authorize specific individuals to access their Library records and personally identifiable information—and, in doing so, waive their right to confidentiality as to such individuals—by completing the applicable section of the Library card application or the Outreach Home Delivery Service Application. A minor’s Library record and personally identifiable information are available to the parent, legal guardian, custodian, or other designated person listed in the Confidentiality of Records and Privacy section of their Library card application.
Employees must read and become familiar with the tenets of the American Library Association’s “Policy Concerning Confidentiality of Personally Identifiable information about Library Users.”
Information regarding staff members who are also registered Library patrons is also confidential and protected by this policy and Ohio law. Abuse of protected information by staff members, such as disclosing confidential information on social media or social networking websites, is subject to disciplinary action.
Any Library staff member who receives an external request to examine or obtain Library records or personally identifiable information must immediately refer the person making the request to the Fiscal Officer who serves as the Library’s public records custodian. The Fiscal Officer will explain the Library’s confidentiality of records and privacy policy. Employees should give any legal process, order or subpoena to the Library Director, for the Director to handle.
Confidentiality of Records and Privacy Policy Changes
This Confidentiality of Records and Privacy Policy may be changed at any time without warning to accommodate new privacy policies and practices or to accommodate new EPL services. Patrons should review this Confidentiality of Records and Privacy Policy from time to time to stay abreast of EPL’s current confidentiality and privacy practices.
Adopted by the Board of Trustees 09-18-00. Revised 11-21-2017; Revised and Renamed 3-16-2021; Revised 06-20-23