[Web4lib] Library Website Privacy Policies

Robert Balliot rballiot at gmail.com
Fri Apr 1 22:49:43 EDT 2011 

This is an interesting problem.  The way that I understand the law is that
States can offer more constitutional protections than the Federal
government, but not less.  So, you have the Nevada law which reads:

 Nevada Chapter 239 Public
Records<http://www.leg.state.nv.us/Division/Legal/LawLibrary/NRS/NRS-239.html#NRS239Sec013>
:

*NRS 239.013  Confidentiality of records of library which identify user with
property used.  *Any records of a public library or other library which
contain the identity of a user and the books, documents, films, recordings
or other property of the library which were used are confidential and not
public books or records within the meaning of NRS
239.010<http://www.leg.state.nv.us/Division/Legal/LawLibrary/NRS/NRS-239.html#NRS239Sec010>.
Such records may be disclosed only in response to an order issued by a court
upon a finding that the disclosure of such records is necessary to protect
the public safety or to prosecute a crime.   (Added to NRS by 1981, 182)

That seems like a pretty strong case for privacy in Nevada. In my mind,
those confidential records would include anything being done on a library
computer.  But, the Children's Internet Protection Act (based on the power
of withholding funds) and the various iterations of the Patriot Act and FISA
end up modifying Constitutional protections by changing the historic
parameters of probable cause and somewhat redefining due process through
National Security Letters.  I imagine that there may be some case law at
this point that has tested the provisions of the Patriot Act that a
qualified attorney could definitively apply to both Nevada law and Federal
law.

The ALA code of ethics only has the power of a well-reasoned authoritative
suggestion.  But, I think your policy would need to balance what you *can
do* with liability.  If you provide a policy that is perceived as an
obligation to your public / patrons then the less you say without trying to
rewrite the law may provide the least amount of institutional liability.  On
the other hand, a well-informed public is a good thing for society and a
fundamental goal of libraries.  It seems that a general policy should be
simply stated, but the actual explicit process used to provide privacy
should be a public record that is changeable and updated and available on
demand.

I don't really think that libraries in general can guarantee protection of
the privacy of computerized records. There are too many access points
and rarely any measures in place to encrypt active records and forensically
wipe old records. Even though you may want to protect privacy and aspire to
do so, it may be a greater disservice to the public to convince them that
you can.

R. Balliot
http://oceanstatelibrarian.com



On Fri, Apr 1, 2011 at 7:59 PM, Adams, Jason <JAdams at washoecounty.us> wrote:

> Our Web Team put together a nice 2-page privacy policy -- very similar
> to what you see on most library websites.  When our Policy Review Team
> revised it, our privacy policy was reduced to two sentences sandwiched
> between a statement from the ALA Code of Ethics ("We protect each
> library user's right to privacy...") and a statement about the PATRIOT
> Act ("The Library System complies with the law as it relates to the
> U.S.A. P.A.T.R.I.O.T. Act...").
>
> It's my understanding that it is "proper" standard practice for website
> privacy policies to detail a website's information-gathering practices,
> including a description of why we collect data, what we collect, and
> what we do with it.  I've seen this mentioned by the Electronic Frontier
> Foundation, Federal Trade Commission, and the American Library
> Association (in their document "Guidelines For Developing a Library
> Privacy Policy").
>
> What are your suggestions for helping our less web-savvy library system
> decision-makers to understand the importance of a more descriptive
> privacy policy for our library website?  Any links to related articles,
> other library privacy policies, and statements by the EFF, FTC, ALA,
> library lawyers, etc. would also be helpful.
>
> Thanks in advance for your replies!
>
> Jason Adams, Library Assistant II
>
>
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
>

More information about the Web4lib mailing list