Privacy is defined by the American Library Association (ALA) as “the right to open inquiry without having the subject of one’s interest examined or scrutinized by others” (ALA, 2007, "Questions and Answers," para. 7). Confidentiality arises when a library has Personally Identifiable Information (PII) about their users and keeps that information private. PII is personal information that the library obtains in their daily operations. It is information given by a user when obtaining library card privileges, information about a user's borrowing tastes and habits, interlibrary loan records, database search records, and information shared during a reference interview (ALA, 2006, "Privacy").

PII is desired to develop a profile on individuals regarding tastes and preferences. This information is used for advertising, to assess character, to determine whether the individual is a security risk or even to embarrass the individual (American Library Association Office for Intellectual Freedom [ALA OIF], 2006).

Intellectual Freedom is our right of free access to information. Our right to free speech and assembly is guaranteed under the First Amendment of the U.S. Constitution. This amendment of the Bill of Rights states: “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances” ("First Amendment," n.d., para. 2).

lock.jpgIf a library user feels that his/her privacy or confidentiality is violated then that person looses their right of free access to information. The user isn’t likely to use the library’s resources or engage in reference interviews in fear that their library use is being monitored. When a user’s confidentiality is compromised their privacy is also violated. This limits the user’s freedom of inquiry. By doing so, the user is also denied their intellectual freedom. This is both unconstitutional and unethical of the library or librarian. The ALA’s Code of Ethics, Article III states: “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted” (ALA, 2006, "Code of Ethics," para. 4).

Article V of the ALA's Library Bill of Rights states: “A person’s right to use a library should not be denied or abridged because of origin, age, background or views” (ALA, 2006, "Library Bill of Rights," para. 2). Because librarians have access to confidential information they should not violate a user’s privacy and confidentiality by acquiring that information and using it to deny access or services or in any way limit the user’s right to intellectual freedom of information. Librarians must act impartially regardless of whatever PII they have access to.

The Library Bill of Rights, Article IV states: “Libraries should cooperate with all persons and groups concerned with resisting abridgement of free expression and free access to ideas” (ALA, 2006, "Library Bill of Rights," para. 2). Library users do have the right to learn what PII is kept and used by the library and for what purposes (ALA, 2006, "Privacy"). They also have the right to learn what policies and procedures protect their PII, what they can do to maintain their privacy, and the right to acess their own PII (ALA OIF, 2006). All library users have the same right to privacy and confidentiality.

Discussion points:

  • How would a user's reading habits change if they suspected or knew that their privacy and confidentiality were violated?
  • How would the user feel about their personal information being open to scrutiny?
  • How would it change the way they use the library?
  • How would this affect the library?
  • How would this affect the relationship between librarian and user?


When and how should records be released?

Law enforcement agencies such as the FBI and state and local police departments can demand library records in the course of their investigations. The demands for records are not just the result of 9/11 and the USA PATRIOT Act but could also regard computer crimes such as email threats, obscenity and child pornography (ALA, 2007, "Law Enforcement Inquiries").

Librarians have a duty to protect the library user’s privacy and confidentiality. But in some instances it would be unlawful not to cooperate with authorities.

ALA states “confidential library records should not be released or made available in any format to a federal agent, law enforcement officer, or other person unless a court order in proper form has been entered by a court of competent jurisdiction after a showing of good cause by the law enforcement agency or person seeking the records” (ALA, 2007, "Law Enforcement Inquiries," para. 4).
All librarians should educate themselves with their state’s privacy law and be familiar with the privacy and confidentiality policy and procedures of their library to know when and how they should react to requests for patron records. ALA encourages librarians to consult with library administration and legal counsel before acting.

48 states and the District of Columbia have their own privacy laws regarding library records. Michigan’s Library Privacy Act, enacted in 1982, states:
  • Unless ordered by a court after giving the affected library notice of the request and an
  • opportunity to be heard on the request, a library or an employee or agent of a library shall not
  • release or disclose a library record or portion of a library record to a person without the written
  • consent of the person liable for payment for or return of the materials identified in that library record. (State of Michigan Legislative Council, 2009, "397.603," para. 2)

The USA PATRIOT Act, which stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism, increases the FBI’s surveillance and investigatory powers which could potentially compromise the user’s constitutional and privacy rights. Court orders and warrants issued by the Foreign Intelligence Surveillance Act (FISA) need only to require that the materials are "sought for" an ongoing investigation relating to international terrorism or clandestine intelligence agencies rather than having to show probable cause (ALA OIF, 2006). The materials can include circulation records, internet use records and electronic media. In addition the court orders contain a gag order which restricts the recipient from revealing the existence of the warrant or the exchange of the records (ALA OIF, 2006). The USA PATRIOT Act supersedes any state library privacy laws. Read more information on how the USA PATRIOT Act impacts libraries.

Michigan’s Freedom of Information Act (FOIA) of 1976 details the requirements for the disclosure of public records by “public bodies” of the state including public libraries (State of Michigan Legislative Council, 1976). Under this law the library must respond to a person's request for a public record within five business days. But what about a request for a library record with PII? Library records are protected under the Library Privacy Act so wouldn’t it be a violation of the FOIA and the Library Privacy Act if the library record was disclosed? Yes, it would (Werner, n.d.).

Find out more information about recommended procedures for law enforcement visitson the ALA website. Following the law may not always seem to be the most reasonable approach or make the most sense which is why libraries should have a privacy policy so their staff knows what is allowed and what steps to take with law enforcement. This paper details two such scenarios.

Are surveillance tapes “library records”? Are they protected under the Privacy Act? Read more about survelliance tapes.

Further reading:

ALA’s policy on confidentiality of library records

Wayne State University’s Library Privacy Policy

Obama Administration Aims To Continue USA PATRIOT Act Provisions - The administration plans to maintain current law but U.S. Senators are seeking reforms to protect rights and privacy of citizens.

In 2004, libraries in Michigan refused to hand over patron information in a FOIA request made by a law student. Doing so would have violated the Michigan Library Privacy Act.
Jordan, A. (2004, August). Michigan Libraries Refuse Law Student's Request for Patron Info. American
  • Libraries, 35(7), 18. Retrieved from Wilson Web

The director of the Library Connection, Inc in Windsor Connecticut was served a National Security Letter in 2005. The director together with three other librarians (the executive committee) decided not to comply with the FBI's request for a list of all computer users during a specific time on a specific date.
Jones, B. M. (2009). "Librarians Shushed No More": The USA PATRIOT Act, The "Connecticut Four",

When librarians allow access to records there is a potential that innocent people’s confidentiality and privacy can be compromised. In 1990 Decatur, Texas local law officials subpoenaed the records (names, addresses, phone numbers) of users of the Decatur Public Library to assist in an investigation of an abandoned child. The law officials were looking for any users who had checked out library books relating to childbirth in the last 9 months despite the lack of evidence that the person who abandoned the child had ever borrowed any books. The director refused and filed a motion to quash the subpoena which was granted by a district court judge. Many innocent people would have been subjected to interrogation and their privacy violated if the director had complied with the subpoena (ALA OIF, 2006).

In 2002, the Kent, Washington police confiscated computers without a warrant from the King County Library System as part of an investigation regarding child pornography. The court found the search violated library users right to privacy, prohibited the police from searching or tampering with the computers and required that the computers be returned (ALA OIF, 2006).

A patron of the Deming branch of the Whatcom County Library System in Washington in 2004 called the FBI after reading a quote from Osama Bin Laden written in the margin of Bin Laden: The Man Who Declared War on America by Yossef Bodansky. The quote states: "If the things I'm doing is considered a crime, then let history be a witness that I am a criminal. Hostility toward America is a religious duty and we hope to be rewarded by God". An FBI agent showed up at the library and requested a list of all patrons who checked the book out. The agent was told no but returned later with a subpoena for the records. The library went to court to quash the subpoena. Fifteen days later the FBI withdrew the subpoena.

Discussion points:
  • How would you react if an FBI agent showed up at your library demanding records? What if it was the local police?
  • Would your first instinct be to assist the agent/police?
  • Would you contact legal counsel?
  • Would you refuse?
  • Would your library be prepared to challenge the police? What about the FBI?
  • Should library users expect the library to challenge attempts to obtain records?
  • Why is our right to privacy so important?

What can librarians and the library do to protect privacy and confidentiality rights?

Limit the amount of PII collected and only when necessary for the basic operation of the library.

Train staff, volunteers, and anyone who could have access to PII with the library’s privacy and confidentiality policies and procedures (ALA, 2007, "Questions and Answers"). If such a policy is not in place, one should be created. The Office for Intellectual Freedom's (OIF) manual has guidelines for developing a library privacy policy (ALA OIF, 2006).

computer.jpgProtect digital patron records. Computerized library systems should be secure. Records must also be completely deleted and removed when no longer in use (ALA, 2007, "Questions and Answers"). Some library systems allow for user’s to post to blogs or pay fines online with credit cards. That information should also be encrypted and protected. Retain records only for as long as necessary. If records do not exist they cannot be retrieved by government agencies.

When records must be retrieved a librarian should retrieve the requested information to minimize the amount of confidential information that could potentially be seen by others.

Conduct privacy audits to ensure that the library meets privacy requirements in terms of how information is collected, stored, shared, used and destroyed (ALA, 2007, "Questions and Answers").

Be aware that when using email or RSS to receive information like due dates and circulation fines the library cannot be certain that confidentiality rights will be upheld since third parties services do not have to protect confidentiality (ALA, 2007, "Questions and Answers").

Clearing the internet cache, history and cookies on public internet computers when a user is finished protects the privacy of that user. The next user won't be able to view the previous user's browsing history.

Further reading:

A nice compiled list of things a library can do to protect patron's confidentiality.
Magi, T. J. (2007, December). Protecting Library Patron's Confidentiality: Checklist of Best Practices.
  • Illinois Library Association Reporter, 25(6), 14-16. Retrieved from Wilson Web

Seattle University's Lemieux Library and Law Library ILS evaluation experience. The authors describe the areas of the ILS that should be reviewed and why. Really interesting for anyone interested in ILS administration!
Engstrom, B.S., Hartley, J., Kezele, S., & Phillips, K. (2006, April). Evaluating Patron Privacy on
  • Your ILS: How to protect the confidentiality of your patron information. AALL Spectrum, 10(6), 4-5, 19. Retrieved from Wilson Web

A short article on conducting a privacy audit on a school library media center.
Adams, H. R. (2007, February). Conducting a Privacy Audit. School Library Media Activities Monthly,
  • 23(6), 35. Retrieved from ProQuest

Discussion points:
  • Can you think of anything else a library or librarian can do to protect privacy and confidentiality rights of users?

Ethical skits

The ALA Committee on Professional Ethics creates and performs skits each year at the ALA Annual Conference:

I Know Who You Are - user privacy on electronic reference chats
When They Come A Knockin- awareness of USA Patriot Act
The Joy of Jihad: Patriots in the Library
Yoo-Hoo! Who Are You?: Confidentiality Limits on the Internet?


American Library Association (2006). Code of Ethics. Retrieved from

American Library Association (2006). Library Bill of Rights. Retrieved from

American Library Association (2006). Privacy. Retrieved from

American Library Association (2007). Confidentiality and Coping with Law Enforcement

American Library Association (2007). Questions and Answers on Privacy and Confidentiality.

American Library Association, Office for Intellectual Freedom. (2006). Intellectual Freedom
  • Manual (7th ed.). Chicago: American Library Association.

First Amendment to the United States Constitution.(n.d.). In Wikipedia: The Free Encyclopedia.

State of Michigan Legislative Council (1976). Freedom of Information Act: Act 442 of 1976.

State of Michigan Legislative Council (2009). The Library Privacy Act: Act 455 of 1982.

Werner, L. M. (n.d.). For Your Information About the Freedom of Information Act. Retrieved