Search: Vega Catalog  Website    

Privacy

Policy Statement:
Privacy is essential to the exercise of free speech, free thought, and free association.  In this Library, the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others.  Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.  The courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution.  The Education Article (ED §23-107) and the General Provisions Article (GP Section 4-101) provide for the confidentiality of library records.  This Library’s privacy and confidentiality policies are in compliance with applicable Federal and State laws.  Our commitment to patron privacy and confidentiality has deep roots not only in law but also in the ethics and practices of librarianship.

This Privacy Policy explains our patron’s privacy and confidentiality rights, the steps our Library takes to respect and protect our users’ privacy when using Library resources, and how we deal with personally identifiable information that we may collect from our users.

Regulations:

Notice and Openness

We affirm that our Library users have the right to be informed about the policies governing the Library’s retention of personally identifiable information, and why that information is necessary in the provision of Library services.  Whenever polices change, notice of those changes will be provided to our users.  It is a goal of the Library to avoid creating or retaining unnecessary records, and we do not engage in practices that place private information on public view.

Information that we gather and retain about Library users includes the following:

  • User registration information, including full name, address, telephone number, age, and driver’s license number
  • Current circulation information, including materials that are currently checked out on a user’s library card
  • Patron usernames and passwords for Library databases
  • User participation in Library events
  • Account balances and fines
  • Any other information required to perform Library services
  • Note:  Patrons may opt-in to retaining their checkout history in the Library’s integrated Library software.  By default, the Library does not retain that information. 

Choices and Consent

The Library does not collect or retain private and personally identifiable information without patron consent.  If a patron consents to provide the Library with his or her personally identifiable information, we will exercise our best efforts to keep the information confidential and agree that we will not sell, license or disclose that information to any third party without consent.  We reserve the right to comply with any lawful requirement relating to such information including compliance with lawfully issued orders of a court having jurisdiction over the Library.

If a patron wishes to receive borrowing privileges, we must obtain certain information about him or her in order to provide a Library account.  When visiting our Library’s Website and using our electronic services, a patron may choose to provide his or her name, Library card barcode, PIN, phone number or home address.

Customers who request information by telephone may be asked to provide their card number and name.

Access by Users

Staff will work to safeguard personal information through compliance with Policy #107 (Staff Areas).

Individuals who use Library services that require personally identifiable information are entitled to view and/or update their information.  A user may view or update his or her personal information in person at any Ruth Enlow Library branch.  In both instances, a patron may be asked to provide some sort of documentation to verify identity.  Customers may manage accounts online for themselves, if they have obtained a PIN number.

The purpose of accessing and updating users’ personally identifiable information is to ensure that Library operations can function properly.  Such functions may include notification of overdue
items and notification of books on hold.  The Library will explain the process of accessing or updating users’ information so that all personally identifiable information is accurate and up to date.  It is the responsibility of patrons to ensure that their information remains current.

Staff can provide parents who are checking out with their child’s Library card:

  • Information on the number and types of materials charged
  • Information about fine totals on their child’s account

Information regarding titles on the child’s account may only be divulged to the patron in question.

Students must be physically present to use Student Cards.

Data Integrity and Security

Data Integrity:  The data we collect and maintain at the Library must be accurate and secure.  We take reasonable steps to assure data integrity, including:  using only reputable sources of data; providing our users access to their own personally identifiable data; updating data whenever possible; utilizing middleware authentication systems that authorize use without requiring personally identifiable information; destroying untimely data or converting it to anonymous form.

Data Retention:  We protect personally identifiable information from unauthorized disclosure once it is no longer needed to manage Library services.  Information that should be regularly purged or shredded includes personally identifiable information on Library resource use and material circulation history.

Tracking Users:  We remove links between patron records and materials borrowed when items are returned and we delete records as soon as the original purpose for data collection has been satisfied.  We permit in-house access to information in all formats without creating a data trail.  Our Library has invested in appropriate technology to protect the security of any personally identifiable information while it is in the Library’s custody, and we ensure that aggregate, summary data is stripped of personally identifiable information.  We do not ask Library visitors or Website users to identify themselves or reveal any personal information unless they are borrowing materials, requesting special services, registering for programs or classes, or making remote use from outside the Library of those portions of the Library’s Website restricted to registered borrowers under license agreements or other special arrangements.  We discourage users from choosing passwords or PINS that could reveal their identity, including social security numbers.  We remove cookies, Web history, cached files, or other computer and Internet use records and other software code on public PCs daily or upon request.

Third Party Security:  We ensure that our Library’s contracts, licenses, and offsite computer service arrangements reflect our policies and legal obligations concerning user privacy and confidentiality.  Should a third party require access to our users’ personally identifiable information, our agreements address appropriate restrictions on the use, aggregation, dissemination, and sale of that information, particularly information about minors.  In circumstances in which there is a risk that personally identifiable information may be disclosed, we will warn our users.  When connecting to licensed databases outside the Library, we release only information that authenticates users as members of the Ruth Enlow Library.  Nevertheless, we advise users of the limits to Library privacy protection when accessing remote sites.

Security Measures:  Our security measures involve both managerial and technical policies and procedures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data.  Our managerial measures include internal organizational procedures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes.  Our technical security measures to prevent unauthorized access include limits on access through use of passwords and storage of data on secure servers of computers.

Staff Access to Personal Data:  We permit only authorized Library staff with confidential passwords to access personal data stored in the Library’s computer system for the purposes of performing Library work.  We will not disclose any personal data we collect from patrons to any other party except where required by law or to fulfill an individual user’s service request.  The Library does not sell or lease users’ personal information to companies, universities, or individuals. 

Enforcement and Redress

Our Library will not share data on individuals with third parties unless required by law. Library users who have questions, concerns, or complaints about the Library’s handling of their privacy and confidentiality rights should file written comments with the Director of the Library.  We will respond in a timely manner and may conduct a privacy investigation or review of policy and procedures.  We authorize only the Library Director and the Coordinator of Public Services to receive or comply with requests from law enforcement officers.  Whenever possible, we confer with our legal counsel before determining the proper response.  We will not make Library records available to any agency of State, Federal, or Local Government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction that shows good cause and is in proper form.  We have trained all Library staff and volunteers to refer any law enforcement inquiries to the Library Director.

Library Records

Maryland’s Open Records Law covers public information of all kinds, including staff email, internal memos and recorded telephone messages.  For our Library system, the Library Director is considered the custodian of Library records.  The Assistant Director may also serve as the custodian of Library records if the Director is unavailable.  If an employee, who is not the custodian of Library records, receives a request for records, the employee must refer the person making the request to the custodian of records within ten (10) days.  Information custodians are required to respond within thirty (30) days.  If the request is vague, the employee must ask the person making the request to clarify the request.  Certain records, including personnel files and information about property purchase negotiations, are exempt except for persons in interest.  The Library Director, in consultation with an attorney, should determine if specific records are exempt from the Open Records Law.

Circulation records and other records, such as computer signup sheets, are covered by State laws that prohibit the disclosure of Library records.  Library records can only be disclosed when a subpoena is presented to the Library Director, or her designee, and then only for good reason.

The following sections of the Annotated Code of Maryland apply to Library records:
23-107. Circulation records.

  • (a)Inspection, use, or disclosure prohibited.- Subject to the provisions of subsection (b) of this section, a free association, school, college or university library in this State shall prohibit inspection, use, or disclosure of any circulation record or other item, collection, or grouping of information about an individual that:
    • (1)Is maintained by a library;
    • (2)Contains an individual’s name or the identifying number, symbol, or other identifying particular assigned to the individual; and
    • (3)Identifies the use a patron makes of that library’s materials, services, or facilities.
    • (b)Exceptions. - A free association, school, college, or university library in the State shall permit inspection, use, or disclosure of the circulation record of an individual only in connection with the library’s ordinary business and only for the purposes for which the record was created.
      [1988, ch. 233; 1990, ch. 635.]