Working on a Privacy Policy for Your Library? Read These Inspiring Examples First

Why Your Library's Privacy Policy MattersIn the December Booklist webinar, “Why Your Library’s Privacy Policy Matters,” I addressed the reasons every library needs a privacy policy, discussed the importance of privacy training and audits, and offered advice and considerations for drafting privacy policies. The presentation sparked many good questions and there was not enough time to answer them all in the webinar.

This post addresses a question of interest to several attendees: Do you have a library privacy policy you really like and would recommend?

There are several library privacy policies that can serve as inspiration for libraries creating or updating their own privacy policies. Each library’s policy should address the library’s unique privacy issues. Individuals creating library privacy policies should examine the library’s information privacy practices and identify the privacy laws that are applicable to the library.

Information privacyThe New York Public Library provides an easy-to-understand privacy policy that could serve as a general guide for other public libraries. The “Library Records” section is particularly well done and includes the text of the New York law governing the confidentiality of library records. A thorough explanation of the types of personal data collected, the context of collection, and information about how long data is kept is explained in eleven separate paragraphs. Information is provided about the circumstances under which the library may release personal data. An exemplary feature of this policy is that it has been translated into three additional languages including Spanish for readers whose first language is not English. The translations are accessible through hyperlinks on the initial privacy policy webpage. The New York Public Library’s privacy policy also addresses the use of personal data in connection with other programs, services and activities; third-party partners; security; cookies; children’s privacy and how to update patron information and preferences.

The Toronto Public Library Access to Information and Protection of Privacy Policy serves as another good resource to consult when constructing a library privacy policy. This policy includes hyperlinks at the top of the page so that readers can go directly to sections of interest. The organization, use of prominently displayed links, citations to governing law, and definitions section make this policy worthy of review. Two aspects of this policy are particularly worthy of note and emulation. First, this policy provides contact information for those with questions or concerns. Second, it includes a statement identifying the person accountable for the documenting, implementing, enforcing, monitoring and updating of the library’s privacy policy. Including this type of information is helpful and can increase patrons’ confidence that privacy is a high priority for the library.

Each library’s policy should address
the library’s unique privacy issues.

I like the inclusion of statements concerning the use of Radio Frequency Identification (RFID) and security cameras such as those found in Appleton Public Library’s Privacy Policy. Denver Public Library’s Privacy Policy addresses the use of ebooks with Kindle and Kindle applications, explaining that when users register with Amazon to access the software and services they are not protected by the Denver Public Library’s Privacy Policy. Information is provided to readers about how to locate Amazon’s privacy policy and their option to select another format if they do not wish to consent to Amazon’s policy.

One of the best examples of a library privacy policy is Indiana University Libraries’ Privacy Policy. It is well organized with clear headings and includes links to laws and related information. This policy is a standout for many reasons including the link on the top right side of the website to print the policy or save it as a PDF, the prominently displayed contact information, and the inclusion of the dates of effectiveness and latest updating of the privacy policy. This policy clearly addresses the Fair Information Practice Principles and includes information concerning third party analytics.



About the Author:

Cherie Givens is a privacy consultant, attorney, lecturer, and the author of Information Privacy Fundamentals for Librarians and Information Professionals (Rowman & Littlefield, 2014).

Post a Comment