Russell County Public Library

Privacy Policy

I. Introduction

Privacy is essential to the exercise of free speech, free thought, and free association.  In this library, the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others.  Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.

The courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution.  Many states provide guarantees of privacy in their constitutions and statute law.  Numerous decisions in case law have defined and extended rights to privacy.  This library’s privacy and confidentiality policies are in compliance with applicable federal, state, and local laws.

User rights–as well as our institution’s responsibilities–outlined here are based in part on what are known in the United States as the five “Fair Information Practice Principles.”  These five principles outline the rights of Notice, Choice, Access, Security, and Enforcement.

Our commitment to your privacy and confidentiality has deep roots not only in law but also in the ethics and practices of librarianship.  In accordance with the American Library Association’s Code of Ethics:

“We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.”

II. Russell County Public Library’s Commitment to Privacy and Confidentiality

This privacy policy explains a patron’s privacy and confidentiality rights, the steps this library takes to respect and protect your privacy when you use library resources, and how we deal with personally identifiable information that we may collect from our users.

1. Notice & Openness

We affirm that our library users have the right of “notice” — to be informed about the policies governing the amount and retention of personally identifiable information, and about why that information is necessary for the provision of library services.

We post publicly and acknowledge openly the privacy and information-gathering policies of this library.  Whenever policies change, a notice of those changes is disseminated widely to our users.

In all cases we avoid creating unnecessary records, we avoid retaining records not needed for the fulfillment of the mission of the library, and we do not engage in practices that might place information on public view.

Information we may gather and retain about current and valid library users includes the following:
• name
• address
• phone number
• SSN or driver’s license number
• email address
• for minors: DOB & parent/guardian name & address
• library material returned overdue or lost until all related fines are paid

2. Choice & Consent

This policy explains our information practices and the choices you can make about the way the library collects and uses your information.

If you wish to receive borrowing privileges, we must obtain certain information about you in order to provide you with a library account. We will not collect or retain your private and personally identifiable information without your consent. Further, if you consent to give us your personally identifiable information, we will only use it in the conduct of library operations, to inform you about the status of your library account, or to inform you of library events and concerns. We will keep your personally identified information confidential and will not sell, license or disclose personal information to any third party without your consent, except in the conduct of library operations, unless we are compelled to do so under the law or to comply with a court order.

You have the option of providing us with your email address for the purpose of notifying you about your library account in the future. You may request that we remove your email address from your record at any time.

We never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to prohibit such unrelated uses, unless we are compelled to do so under the law or to comply with a court order.

3. Access by Users

Individuals who use library services that require the function and process of personally identifiable information are entitled to view and/or update their information. You may update your personal information in person. You will be asked to provide some sort of verification such as your library card, a pin number, or identification card to ensure verification of identity.

The purpose of accessing and updating your personally identifiable information is to ensure that library operations can function properly. Such functions may include notification of overdue items, holds, recalls, reminders, etc.

4. Data Integrity & Security

Data Integrity: The data we collect and maintain at the library must be accurate and secure. We take reasonable steps to assure data integrity, including using only reputable sources of data; providing our users access to their own personally identifiable data; updating data whenever possible; destroying untimely data, or converting it to an anonymous form.

Data Retention:  We protect personally identifiable information from unauthorized disclosure once it is no longer needed to manage library services. Information that should be regularly purged or shredded includes personally identifiable information on library resource use, material circulation history, and security/surveillance tapes and logs.

Tracking Users: We remove links between patron records and materials borrowed when items are returned and we delete records as soon as the original purpose for data collection has been satisfied. We permit in-house access to information in all formats without creating a data trail. Our library has invested in appropriate technology to protect the security of any personally identifiable information while it is in the library’s custody, and we ensure that aggregate, summary data is stripped of personally identifiable information. We do not ask library visitors or Web site users to identify themselves or reveal any personal information unless they are borrowing materials, requesting special services, registering for programs or classes, or making remote use from outside the library of those portions of the Library’s Web site restricted to registered borrowers under license agreements or other special arrangements. We discourage users from choosing passwords or PINs that could reveal their identity, including social security numbers. We regularly remove cookies, Web history, cached files, or other computer and Internet use records and other software code that is placed on our computers or networks.

Third Party Security: We ensure that our library’s contracts, licenses, and offsite computer service arrangements reflect our policies and legal obligations concerning user privacy and confidentiality. Should a third party require access to our users’ personally identifiable information, our agreements address appropriate restrictions on the use, aggregation, dissemination, and sale of that information, particularly information about minors.  In circumstances in which there is a risk that personally identifiable information may be disclosed, we will warn our users. When connecting to licensed databases outside the library, we release only information that authenticates users as “members of our community.” Nevertheless, we advise users of the limits to library privacy protection when accessing remote sites.

Cookies: Users of networked computers will need to enable cookies in order to access a number of resources available through the library. A cookie is a small file sent to the browser by a Web site each time that site is visited. Cookies are stored on the user’s computer and can potentially transmit personal information. Cookies are often used to remember information about preferences and pages visited. You can refuse to accept cookies, can disable cookies, and remove cookies from your hard drive. Our Library servers use cookies solely to verify that a person is an authorized user in order to allow access to licensed library resources and to customize Web pages to that user’s specification. We will not share cookies information with external third parties.

Security Measures: Our security measures involve both managerial and technical policies and procedures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data. Our managerial measures include internal organizational procedures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Our technical security measures to prevent unauthorized access include encryption in the transmission and storage of data; limits on access through the use of passwords; and storage of data on secure servers or computers that are inaccessible from a modem or network connection.

Staff access to personal data: We permit only authorized Library staff to access personal data stored in the Library’s computer system for the purpose of performing library work. We will not disclose any personal data we collect from you to any other party except where required by law or to fulfill an individual user’s service request. The Library does not sell or lease users’ personal information to companies, universities, or individuals.

5. Enforcement & Redress

Our library will not share data on individuals with third parties unless required by law or as necessary to conduct library operations. We conduct regular privacy audits in order to ensure that all library programs and services are enforcing our privacy policy. Library users who have questions, concerns, or complaints about the library’s handling of their privacy and confidentiality rights should file written comments with the Director of the Library. We will respond in a timely manner and may conduct a privacy investigation or review of policy and procedures.

We authorize only the Library Director and our Library Privacy Officer to receive or comply with requests from law enforcement officers; we confer with our legal counsel before determining the proper response. We will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order, or other investigatory document is issued by a court of competent jurisdiction that shows good cause and is in proper form. Under the USA PATRIOT Act, the library may be compelled to relinquish data and be bound by law not to reveal that data has been released. We have trained all library staff and volunteers to refer any law enforcement inquiries to library administrators.

Approved by the Russell County Public Library Trustees March 16, 2004

Library Procedures to Ensure Data Security and Confidentiality

Security videotapes are kept for 2 weeks; then the tape is reused. Tapes are replaced annually and the previous set are erased and discarded.

Overdue, hold, or fine notices unmailed or returned are shredded when the computer record has been updated.

Borrower applications are shredded when the computer record is purged per the Circulation Policy.

Program registrations are shredded after the statistics are recorded. Circ staff register patron’s name and phone for regular programs, keeping the signup sheets behind the Circ Desk.

ILL requests are shredded annually. (Requests aid collection development and patrons may request an item be borrowed for them a second time.)

CybraryN patron database to permit access to the public access computers is comprised of valid patrons from the TLC database, obtained via a report and uploaded weekly. The TLC report of valid cardholders is stripped of all identifying data and loaded as the CybraryN patron database. Thus it is purged with the borrower applications. Staff sign-in visitors (without RCPL library cards) with a guest number. RCPL formerly used the last 4 digits of the patron SSN and randomly assigned 4 and 5 digit codes.

Search history and cookies and any patron-loaded software on public access computers are erased by a local script that runs when the machine is turned on. Machines are turned off each evening.

Server logs for the catalog server are kept for backup; they are purged annually. Backup tapes are held locally and remotely. Tapes are reused; tapes are erased and discarded annually. Mail and web servers are backed up via RAID array.

Library Use is not revealed. If phone calls are received asking for you, staff will take a message that will be given to you if you are in the library. Patrons will not be paged and are not permitted to use the phone.

Printing should be retrieved by staff for patrons to protect patron privacy.

March 16, 2004; revised December 20, 2005

  • Lebanon Library
    248 W. Main Street
    Lebanon, VA 24266
    276-889-8044
    Fax: 276-889-8045

    Mon: 10am-5:30pm
    Tues: 10am-8pm
    Wed: 10am-5:30pm
    Thurs: 10am-8pm
    Fri: 10am-5:30pm
    Sat: 10am-3pm
    Sun: CLOSED

  • Honaker Community Library
    10 Library Drive
    Honaker, VA 24260
    Phone: 276-873-6600
    Fax: 276-873-5800

    Mon: 12pm-7pm
    Tues: CLOSED
    Wed: 2pm-5:30pm
    Thur: CLOSED
    Fri: 12:00pm-5:30pm
    Sat: CLOSED
    Sun: 2pm-5pm

This site is made possible by a grant from the U.S. Institute of Museum and Library Services. It is managed by the The Library of Virginia Library Development and Networking Division.