Sam Thielman recently wrote an article for The Guardian on a decision at least one library has arrived upon: a new policy where the library purges user data from interlibrary loan (ILL) records to help protect patron privacy.
The confidentiality of patron records is a long-standing issue, particularly since the Patriot Act spurred concerns about patrons’ reading histories, who has access to these records, and under what circumstances the records might be disclosed to authorities. These questions are still being explored, as very few cases on the exact issue of library patron records and privacy have been brought before the courts (though it is also worth considering that other recent library litigation cases have addressed related issues in the broader sense, such as computer use in libraries and censorship; both are matters that could conceivably tie into the patron record).
Obviously, the ILL record is just one aspect of the patron’s information resource accessing experience; as librarians observe, many patrons check out books from their local branch and/or use library Internet connections, electronic research resources and library software programs. Each one of these activities arguably necessitates separate discussion in the portions of a library policy that cover topics such as data use and procedures for responding to requests from law enforcement authorities.
Another notable feature of the recent article is the librarian’s observation that no specific event precipitated the decision to purge user data from ILL records; instead, the general intention to protect patron privacy apparently motivated this action. A library is also responsible for safeguarding patron information so it does not get disclosed to outside sources, both because the reading history is private and because a patron record has personal information that could make an individual susceptible to identity theft or other intrusions into their personal domains.
One reason for these protections is that a library is a place of free exploration, and if privacy is compromised, then it could have “chilling effects” on information-seeking behavior; for example, a patron might decide not to request controversial material due to fears for their privacy, which would be an unfortunate situation that a library is advised to take steps to avoid by making patrons aware of the library’s policies on data privacy and protection.
As I read this article, the conclusion I reached was this: it is a good idea to keep informed on the latest developments in library patron privacy laws and policies. Each state has its own laws on library environments, and state law libraries provide excellent resources on recent state-level legislation and court cases. In addition, it appears that patron privacy correlates with a library’s central mission of encouraging reading and library use. That said, while patron records are generally protected and confidential, there may be certain, very rare exceptions where a library does need to disclose information to authorities, but again, it is important to remember that these occasions are very much the exception and not a frequent occurrence.
Library directors may wish to seek counsel from municipal attorneys or attorneys who serve on their boards in order to prepare for these situations, educate their staff, and update policies. Here are some suggestions:
- Contact your local bar association and request a free or low-cost consultation with an attorney who has experience in library policies and data privacy.
- Seek out a law professor who researches data privacy and might be interested in speaking to the library community.
- Request that a local judge address the library so that patrons and library staff are able to learn important information on the legal process.
- Contact federal and state representatives and request listening sessions for staff and/or patrons. This representative could educate staff and the public on the latest developments in data privacy laws as they relate to public libraries.
 Sam Thielman. “You are not what you read: librarians purge user data to protect privacy,” Guardian, January 13, 2016.