What can librarians and the library do to protect privacy and confidentiality rights?

Limit the amount of PII collected and only when necessary for the basic operation of the library.

Train staff, volunteers, and anyone who could have access to PII with the library’s privacy and confidentiality policies and procedures (ALA, 2007, "Questions and Answers"). If such a policy is not in place, one should be created. The Office for Intellectual Freedom's (OIF) manual has guidelines for developing a library privacy policy (ALA OIF, 2006).

computer.jpgProtect digital patron records. Computerized library systems should be secure. Records must also be completely deleted and removed when no longer in use (ALA, 2007, "Questions and Answers"). Some library systems allow for user’s to post to blogs or pay fines online with credit cards. That information should also be encrypted and protected. Retain records only for as long as necessary. If records do not exist they cannot be retrieved by government agencies.

When records must be retrieved a librarian should retrieve the requested information to minimize the amount of confidential information that could potentially be seen by others.

Conduct privacy audits to ensure that the library meets privacy requirements in terms of how information is collected, stored, shared, used and destroyed (ALA, 2007, "Questions and Answers").

Be aware that when using email or RSS to receive information like due dates and circulation fines the library cannot be certain that confidentiality rights will be upheld since third parties services do not have to protect confidentiality (ALA, 2007, "Questions and Answers").

Clearing the internet cache, history and cookies on public internet computers when a user is finished protects the privacy of that user. The next user won't be able to view the previous user's browsing history.

Further reading:

A nice compiled list of things a library can do to protect patron's confidentiality.
Magi, T. J. (2007, December). Protecting Library Patron's Confidentiality: Checklist of Best Practices.
  • Illinois Library Association Reporter, 25(6), 14-16. Retrieved from Wilson Web

Seattle University's Lemieux Library and Law Library ILS evaluation experience. The authors describe the areas of the ILS that should be reviewed and why. Really interesting for anyone interested in ILS administration!
Engstrom, B.S., Hartley, J., Kezele, S., & Phillips, K. (2006, April). Evaluating Patron Privacy on
  • Your ILS: How to protect the confidentiality of your patron information. AALL Spectrum, 10(6), 4-5, 19. Retrieved from Wilson Web

A short article on conducting a privacy audit on a school library media center.
Adams, H. R. (2007, February). Conducting a Privacy Audit. School Library Media Activities Monthly,
  • 23(6), 35. Retrieved from ProQuest

Discussion points:
  • Can you think of anything else a library or librarian can do to protect privacy and confidentiality rights of users?


American Library Association (2007). Questions and Answers on Privacy and Confidentiality.

American Library Association, Office for Intellectual Freedom. (2006). Intellectual Freedom
  • Manual (7th ed.). Chicago: American Library Association.