LibraryLaw Blog

Congratulations and kudos to the Vermont library folks. The state governor signed a bill on May 13, 2008 that substantially strengthens library user privacy. It changes the law from permissive protection (a library MAY keep records confidential), to a mandatory protection (a library MAY NOT disclose records unless certain conditions are met. 

It seems to assume that FERPA requires disclosure of student library records to parents, though this is not known for sure.  It does allow parents of children under 16 to look at their kids' records, though IMHO it's not clear that this is always in the child's best interest.

But the best part is that it allows a private right of action. That is, a patron whose records have been wrongly disclosed may bring a civil action against the library. 

Paul Neuhaus has been busy updating his great wiki of state laws on the confidentiality of library records.  Thanks, Paul.

Some libraries still ask for social security numbers on their library applications. Others have stopped that practice, but haven't purged their patron record databases of these numbers.   

Yes, collection agencies want the numbers, and perhaps having this information can increase your success rate in tracking down scofflaw patrons.   

But consider the downside.  If someone hacks your database, or if you have a bad employee, this highly sensitive information is at risk.  Once it's gone, it's gone. Patrons have little recourse once identity thieves get their hands on these numbers.

Comments, readers?

The Wisconsin Library Association has a good explanation of the recent state attorney general opinion finding library surveillance tapes protected as library records under state law.   Unfortunately, in my estimation, the proposed amendment seems to be written more broadly than it need be.

5) Library records may be released for administrative library purposes, including establishment or maintenance of a system to manage the library records or to assist in the transfer of library records from one records management system to another, compilation of statistical data on library use, collection of fines and penalties, and the protection of library staff, library users, and library property.  Records released to third parties for administrative library purposes may not be used or disclosed for any other purpose.

Protection of staff, users, property? Who decides? Isn't that exactly the reason law enforcement generally ASKS for patron records?  The library shouldn't decide when patron records should be turned over, and neither should law enforcement.  A neutral, detached magistrate should decide, evaluating the context --  weighing both security and privacy. The magistrate will then issue court orders in some cases and deny them in others.

It seems that the problem could be better cured by defining library records more narrowly.

https://www3.oclc.org/app/ala_registration/

Friday June 22, 2007 1:30 – 4:30 pm, Grand Hyatt Washington, Independence Ballroom A
OCLC Symposium: Is the Library Open?
Join your colleagues and OCLC for an interesting afternoon discussion. Hear from three experts on the issues of information property law, copyright, digital communication, intellectual property and user privacy rights in relation to library policies. They are:

• Marc Rotenberg, Executive Director of the Electronic Privacy Information Center (EPIC) and professor of privacy law at Georgetown University Law Center
• Siva Vaidhyanathan, a cultural historian, media scholar and Associate Professor of culture and communication at New York University
• Mary Minow, Library Law Consultant with LibraryLaw.com, coauthor of The Library's Legal Answer Book and a public librarian for 10 years.

Here's a link to a paper I wrote with Paul Neuhaus on privacy and virtual reference for the American Library Association.  http://www.ala.org/ala/washoff/contactwo/oitp/MinowNeuhaus2005Sept15.pdf

As I suspected, it's much easier and more flexible.  So if any of you are looking for new posts based on categories, you may not find them. Use the technorati tags at the bottom of a post instead. If it works like I think it will, I'll probably stop using categories altogether.

Update: It looks as if users who click on a technorati tag below will get everyone in the world's posts with those tags. That's useful, but it would be nice to have an option to limit it to this blog, the way flickr does.  Well, there's always the search button in the blog...

I'm starting to hear about this trend. Is it happening to your library?  On the one hand, it sounds so far fetched that anyone would go to the trouble to get patron email addresses by making public records requests to libraries. Further, it seems so obvious that this personal information would/should be exempted, but you'd have to look at the wording of your state law to see if it is.    On the other hand, maybe its cheaper and better information than spammers could buy off other types of marketing lists.  After all, library patrons are, whatever else you can say about them, usually real people.

Library folks in Oregon recently told me that SB 950 is moving (and quite likely to pass) in their state legislature. It would exempt patrons' email addresses from public disclosure under the state public records law.

Just discovered a website on the Law of Libraries and Archives, by Bryan M. Carson. It's an adjunct to his book published in December 2006 by Scarecrow Press, which I just ordered :>