Privacy and Confidentiality Policy

I. Introduction

Privacy is essential to the exercise of free speech, free thought, and free association. The Sherburne Memorial Library believes the only way to assure the right to open inquiry is by assuring that the focus of one’s interest is not subject to the scrutiny of others. Personally identifiable information about users is confidential and the library keeps that information private and confidential on their behalf.

Vermont provides guarantees of privacy in the constitution and statute law. Sherburne Memorial Library’s privacy and confidentiality policy is in compliance with applicable federal, state, and local laws.

Our commitment to your privacy and confidentiality has deep roots not only in law, but also in the ethics and practices of librarianship. In accordance with the American Library Association’s Code of Ethics:

“We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.”

II. Sherburne Memorial Library’s Commitment to Our Users Rights of Privacy and Confidentiality

This privacy policy explains your privacy and confidentiality rights, the steps this library takes to respect and protect your privacy when you use library resources, and how we deal with personally identifiable information that we may collect from our users.

1. Notice & Openness
We affirm that our library users have the right of “notice”—to be informed about the policies governing the amount and retention of personally identifiable information, and about why that information is necessary for the provision of library services.

We post publicly and acknowledge openly the privacy and information-gathering policies of this library. Whenever policies change, notice of those changes is disseminated widely to our users. In all cases we avoid creating unnecessary records, we avoid retaining records not needed for the fulfillment of the mission of the library, and we do not engage in practices that might place information on public view.

Information we may gather and retain about current and valid library users include:

  • User Registration Information
  • Circulation Information
  • Information Required to Provide Library Services

2. Choice & Consent
This policy explains our information practices and the choices you can make about the way the library collects and uses your information. We will not collect or retain your private and personally identifiable information without your consent. Further, if you consent to give us your personally identifiable information, we will keep it confidential and will not sell, license or disclose personal information to any third party without your prior consent, unless we are compelled to do so under the law or to comply with a court order.

If you wish to receive borrowing privileges, we must obtain certain information about you in order to provide you with a library account. When visiting our library’s Web site and using our electronic services, you may choose to provide your name, e-mail address, library card barcode, phone number or home address.

You have the option of providing us with your e-mail address for the purpose of notifying you about your library account. You may request that we remove your e-mail address from your record at any time.

We never use or share the personally identifiable information provided to us ways unrelated to the ones described above, unless compelled to do so under 22 V.S.A. § 172 of Vermont law or to comply with a court order. For the protection of our patrons, parents seeking records of their minor child, under age 16, may be asked to provide proof of their child’s age as well as evidence they are the custodial parent.

3. Access by Users
Individuals who use library services that require the function and process of personally identifiable information are entitled to view and/or update their information. You may view or update your personal information in person. You may be asked to provide some sort of verification or identification card to ensure verification of identity.

The purpose of accessing and updating your personally identifiable information is to ensure that library operations can function properly. Such functions may include notification of overdue items, recalls, reminders, etc. The library will explain the process of accessing or updating your information so that all personally identifiable information is accurate and up to date.

Children: We strongly urge parents to remind their children to ask their permission before providing personal information to any website or purchasing any products or services online. The Library urges all parents to participate in their children’s exploration of the internet and to teach them about protecting their personal information while online. For further information, see A Safety Net for the Internet: A Parent’s Guide.

4. Data Integrity & Security
Data Integrity
: The data we collect and maintain at the library must be accurate and secure. We take reasonable steps to assure data integrity providing our users access to their own personally identifiable data and only their own; updating data whenever possible and destroying untimely data or converting it to anonymous form.

Data Retention : We protect personally identifiable information from unauthorized disclosure once it is no longer needed to manage library services. Information that is regularly purged or shredded includes personally identifiable information on library resource use, material circulation history, and logs.

Tracking Users : We remove links between patron records and materials borrowed when items are returned and we delete records immediately when the original purpose for data collection has been satisfied. We permit in-house access to information in all formats without creating a data trail. Our library has invested in appropriate technology to protect the security of any personally identifiable information while it is in the library’s custody, and we ensure that aggregate, summary data is stripped of personally identifiable information. We do not ask library visitors or web site users to identify themselves or reveal any personal information unless they are borrowing materials, requesting special services, registering for programs or classes, or making remote use from outside the library of those portions of the Library’s Web site restricted to registered borrowers under license agreements or other special arrangements. We discourage users from choosing passwords or PINs that could reveal their identity, including social security numbers. Cookies, Web history, cached files, or other computer and Internet use records and other software code are never written to a public computer’s hard drive or network and is erased immediately up computer reboot.

Third Party Security : We ensure that our library’s contracts, licenses, and offsite computer service arrangements reflect our policies and legal obligations concerning user privacy and confidentiality. Sherburne Memorial Library will not enter agreements with any third party vendor that provide access to our users’ personally identifiable information, or the server the data is stored on. Further our agreements address appropriate restrictions on the use, aggregation, dissemination of that information regardless of age of user. Our agreements strictly prohibit the sale of that information. In circumstances that there may be a risk that personally identifiable information may be disclosed by a user by completing a user profile, we will warn our users about the potential dangers to personal privacy by revealing such data.  When connecting to licensed databases outside the library, we release only information that authenticates users as “members of our community.” Nevertheless, we advise users of the limits to library privacy protection when accessing remote sites and provide users with available tools to protect their anonymity.

Cookies: Users of networked computers will occasionally need to enable cookies in order to access a number of resources .A cookie is a small file sent to the browser by a Web site each time that site is visited. Cookies are stored on the user’s computer and can potentially transmit personal information. Cookies are often used to remember information about preferences and pages visited. You can refuse to accept cookies, can disable cookies, and remove cookies from your hard drive. We will not share cookies information with external third parties. Cookies are automatically deleted when a public computer is rebooted.

Security Measures: Our security measures involve both managerial and technical policies and procedures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data. Our managerial measures include internal organizational procedures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Our technical security measures to prevent unauthorized access include encryption in the transmission and storage of data; limits on access through use of passwords; and storage of data on secure servers or computers that are inaccessible from a modem or network connection.

Staff access to personal data: We permit only authorized Library staff with assigned confidential passwords to access personal data stored in the Library’s computer system for the purpose of performing library work. We will not disclose any personal data we collect from you to any party except where required by law or to fulfill an individual user’s service request. The Library does not sell or lease users’ personal information to companies, universities, or individuals.

Children: Parents should remind their children to ask their permission before providing personal information to any website or purchasing any products or services online. The Library urges all parents to participate in their children’s exploration of the internet and to teach them about protecting their personal information while online. For further information, see A Safety Net for the Internet: A Parent’s Guide

5. Enforcement & Redress
Our library will not share data on individuals with third parties unless required by law. We conduct regular privacy audits in order to ensure that all library programs and services are enforcing our privacy policy. Library users who have questions, concerns, or complains about the library’s handing of their privacy and confidentiality rights should file written comments with the Director of the Library. We will respond in a timely manner and may conduct a privacy investigation or review of policy and procedures. 22 V.S.A.§ 173. provides a right of patron action if their confidentiality rights have been violated.

Only the Library Director is authorized to receive or comply with requests from law enforcement officers; we confer with our legal counsel before determining the proper response. We will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction that shows good cause and is in proper form. We have trained all library staff and volunteers to refer any law enforcement inquiries to library administrators. Detailed are attached and integral part of this policy.

Policy Changes

This Privacy Policy may be revised to reflect changes in the Library’s policies and practices or to reflect new services and content provided by the Library. Patrons are encouraged to check this document periodically to stay informed of the Library’s current privacy guidelines.

Adopted 11/6/05 Revised and readopted 6/13/06, updated June 11, 2008, June 2010.