Final Report of the Privacy Policies Working Group
The Privacy Policies Working Group (PPWG) was charged with the review of the current Library and related policies regarding Library use and Library records. The results of the discussions of the group based upon the charge are as follows:
1. Review the Library’s current policies regarding personal privacy in Library use and Library records.
The PPWG identified the policies listed below from general to specific agency with notes on currency and accuracy of each:
- Family Educational Rights and Privacy Act – FERPA (20 U.S.C. § 1232g; 34 CFR Part 99) – http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
- Health Insurance Portability and Accountability Act – HIPAA Privacy Rule (42 U.S.C. 299b-21-b-26) – http://www.hhs.gov/ocr/privacy/index.html
- Interlibrary Loan Code for the United States – Revised 2008 ALA/RUSA – http://www.ala.org/rusa/resources/guidelines/interlibrary
- Illinois Library Records Confidentiality Act (75 ILCS 70/) – http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=1004&ChapterID=16
- Campus Policy on Appropriate Use of Computer Technologies and Network Systems – http://cam.illinois.edu/viii/VIII-1.1.htm (revised 2003)
- Vice-President for Academic Affairs/Web Privacy Notice – http://www.vpaa.uillinois.edu/policies/web_privacy.cfm (2003 – Note that they are supposed to have a list of approved privacy policies. The Library is not listed here and the HR policy which is listed has a bad link.)
- Security Camera Policy, Campus Administrative Manual (2009) – http://www.cam.illinois.edu/viii/VIII-1.5.htm
- Campus Policy on Photography/Talent Release Information – http://publicaffairs.illinois.edu/resources/release/index.html (2006 – Note that this page includes links to the Talent Release Form, the Talent Release Form for Minors and a Location Release Form, the last of which is also available through Library Facilities.)
- Permission to Film in Campus Libraries – http://www.library.illinois.edu/administration/services/policies/permission_film.html (Approved in 2006 by the Library Administrative Council)
- Circulation/Confidentiality – http://www.library.illinois.edu/circ/policies/Confidential.html (Modified 2010)
- Requests for Library Patron Information: Staff Guidelines (Reviewed by the University Librarian, 2/18/13) – http://www.library.illinois.edu/administration/services/policies/patronrequest.html
- University Archives Website Privacy Notice – http://archives.library.illinois.edu/about-us/documents-and-policies/privacy-notice/ (2012 copyright)
- Rare Books and Manuscripts Library Privacy Notice – Currently under revision
- Scholarly Commons/Policies for Social Media – http://www.library.illinois.edu/sc/about_us/socialmedia_policies.html (2013 – These are policies that should apply to all units as a basis for institutional use.
- Choose Privacy (2011 Libguide from the Undergraduate Library) – http://uiuc.libguides.com/content.php?pid=109716
- Third Party Privacy Notices– Most of our publishers and databases append their privacy policies to their websites for example:
- EBSCO – http://support.ebscohost.com/ehost/privacy.html
- ProQuest Congressional – http://congressional.proquest.com/congressional/common/privacy?accountid=14553&groupid=95978
- Scopus (Elsevier) – http://www.elsevier.com/legal/privacy-policy
2. The group will update, reconcile and consolidate these policies.
The PPWG has reviewed the policies listed above and has consolidated them in the document “Privacy Policies – Appendix 1”.
3. The group will identify gaps in current policy and practice regarding privacy and engage in the development of new policies, guidelines and best practices.
Capture, retention and disposal of personally identifying information in the course of research, even for internal use, should be and is covered by approval of the Institutional Research Board. We would remind all of our researchers who work in this area that this approval is necessary prior to engaging in user research. Information related to the IRB process is available on the RPC page, but the dissemination of this information may not get to all of our researchers in the Library. We can also include related information on this process as a link in the user-facing page.
A specific, written policy regarding the placement, use and retention of recordings related to security cameras in the Library should be developed as suggested in ALA documents in order to avoid “function creep”. We suggest the AUL for User Services and the Assistant Dean for Facilities propose language to supplement the language in the Campus Administrative Manual for review by the Administrative Council.
A determination on the retention of chat transcripts needs to be made.
A statement on the retention of Web Analytics and related cookies needs to be developed.
In addition to those items that come under the charge of this group, we would note that good training of all of those employed by the University Library is essential in this area.
- Uniform procedures relating to the disposal of call slips need to be made explicit and shredders for these items should be placed in each point of circulation to enable immediate destruction of these records. (Units should, of course, be mindful of the effect of noisy shredders on patrons.)
- Training at all levels on actions that an individual should take in the event of the appearance of security personnel requesting personal information about our patrons needs to be articulated in detail as found in Requests for Library Patron Information: Staff Guidelines (http://www.library.illinois.edu/administration/services/policies/patronrequest.html).
4. This group will consider and make recommendations on the Library’s role in educating our users about the privacy and security of their library records.
The Working Group recommends that a small implementation group be developed to shepherd the development of further policies, provide necessary updates of Library policy, and assist in the development of access to these policies. This group might consist of the AUL for User Services and two other individuals.