Revised and Approved March 29, 2010
by the Gretna Library Board
The Gretna Public Library and its Board recognize our patrons’ expectations, and rights to, privacy and confidentiality as expressed by the Constitution of the United States and the State of Nebraska. Numerous decisions in case law have defined and extended rights to privacy. The library’s privacy and confidentiality policy is in compliance with applicable federal, state and local laws.
In accordance with the Privacy Act and Nebraska Statute 84-712.05, the Board recognizes that patron registration and circulation records are confidential in nature. All library employees are advised that such records are private and shall not be made available to any agency of state, federal, or local governance unless a subpoena, warrant, court order or other official investigative document is issued by a court of competent jurisdiction that shows good cause and is in proper form.
Information from these records will not be released except under the conditions outlined in this policy. Any problems or conditions relating to the privacy of a customer through the records of the Library will be referred to the Library Director, who, after study and consultation with the Board and/or legal counsel will issue a written decision as to whether to heed the request for information.
Policy & Procedure:
User rights – as well as our institution’s responsibilities – are outlined here based in part on what are known in the United States as the five “Fair Information Practice Principles.” These five principles outline the rights of notice, choice, access, security, and enforcement.
I. Notice & Openness
We affirm that our library users have the right of “notice” – to be informed about the policies governing the amount and retention of personally identifiable information, and about why that information is necessary for the provision of library services.
In all cases we avoid creating unnecessary records, we avoid retaining records not needed for the fulfillment of the mission of the library, and we do not engage in practices that might place information on public view.
Information we may gather and retain about current and valid library users include the following:
- User Information required to provide library services such as first and last name, address, telephone number, and email address.
- Circulation Information such as items currently checked out, items on hold, holds pending and current fines, along with the items on which current fines have accrued.
- Electronic Access Information such as use of the library’s public access computers.
II. Choice and Consent
This policy explains our information practices and the choices a patron can make about the way the library collects and uses patron information. We will not collect or retain private and personally identifiable information without consent. Further, if you consent to give us your personally identifiable information, we will keep it confidential and will not sell, license or disclose personal information to any third party without your consent, unless we are compelled to do so under the law or to comply with a court order.
If you wish to receive borrowing privileges, we must obtain information about you in order to provide you with a library account.
III. Access by Users
Individuals who use library services that require the function and process of personally identifiable information are entitled to view and/or update their information. You may be asked to provide some sort of verification such as an identification card to ensure verification of identity and/or current address.
In the case of a youth, seventeen or younger, information may be released to any parent or guardian. The parent or guardian must present the request in person at the library and must provide current identification.
IV. Data Integrity and Security
Data Integrity: The data we collect and maintain at the library must be accurate and secure. We take reasonable steps to assure data integrity, including: using only reputable sources of data; providing our users access to their own personally identifiable data; updating data whenever possible; utilizing middleware authentication systems that authorize use without requiring personally identifiable information; destroying untimely data or converting it to anonymous form.
Data Retention: We protect personally identifiable information from unauthorized disclosure once it is no longer needed to manage library services. Information that should be regularly purged or shredded includes personally identifiable information on library registration forms, library resource use and/or material circulation history.
Circulation staff shall take every means possible to protect the confidentiality of information on computer terminals, such as clearing cookies and deleting website history at the end of each day. Additionally, I.T. staff periodically wipes any and all saved/downloaded information from the public access computers.
V. Enforcement and Redress
Our library will not share data on individuals with third parties unless required by law. Library users who have questions, concerns, or complaints about the library’s handling of their privacy and confidentiality rights should file written comments with the Director of the Library. We will respond in a timely manner and may conduct a privacy investigation or review of policy and procedures.
We authorize only the Library Director to receive or comply with requests from law enforcement officers; we confer with our legal counsel before determining the proper response. We will not make library records available to any agency of state, federal, or local governance unless a subpoena, warrant, court order or other investigative document is issued by a court of competent jurisdiction that shows good cause and is in proper form. We have trained all library staff and volunteers to refer any law enforcement inquiries to library administration.