The University Libraries respects the privacy of users in compliance with federal and state laws and professional standards. The Libraries will not reveal the identities of individual users nor reveal the information sources or services they consult unless required by law. This policy applies to all resources regardless of their format or means of delivery as well as to all library services.
The Libraries from time to time may aggregate and retain user data for a reasonable period of time in order to investigate the use or value of resources and services. It will, however, neither collect nor retain information identifying individuals except during the period when and only for the purpose that such record is necessary to furnish a specific service (for example, loaning a book, ordering a report, recording user service preferences, or for internal service evaluation). Data on individuals will not be shared with third parties unless required by law. Other service providers on campus and off campus may gather data on non-library services that is not covered by this user privacy policy.
Circulation
The privacy of all borrowers of library materials shall be respected. The Libraries will not reveal the names of individual borrowers nor reveal what items are, or have been, checked out to or requested by any individual.
Collection Development and Resource Management
Comments, purchase recommendations, gifts-in-kind, and special requests from users make an important contribution to building and shaping the Libraries’ collections. Purchase, transfer, and related collection management requests linked to individual users are confidential reader information and not shared outside the Libraries without permission. Within the Libraries, user names are temporarily attached to internal records and shared among relevant staff to facilitate notification of library actions and follow-through.
Contracts and Licenses for Information Resources
The Libraries expects information service providers to follow privacy policy standards in the performance of products they license, lease or sell to the Libraries consistent with those of the Libraries. The Libraries will seek to ensure that contracts, licenses, agreements and arrangements for information resources include explicit assurance that the product and its vendor, as standard practice, protects the identity of individual users and the information they use. This expectation does not apply to information resources to which the Libraries merely links without a license or other formal relationship.
To provide additional personalized services (for example, help in using resources or profiling user interests for subsequent notification) service providers may require users to identify themselves. Such identification will be only at the user’s discretion and will require the user to follow clearly indicated procedures before the service is activated. No user identification will be required by service providers simply to access the information covered by the Libraries’ license agreement with that service provider. The service provider may not sell, lease, or loan information identifying individual users, individual user workstations, or the information they use to third parties unless authorized in advance by each individual user. Service providers may aggregate and retain anonymized user data in order to investigate the use or value of resources and services.
Interlibrary Loan/Document Delivery
Requests for interlibrary loan and document delivery services are confidential. Information about requests is shared in some cases with other libraries’ staff for collection development purposes; it remains confidential within the Libraries. Documentation of requests may be retained as necessary for the Libraries to comply with auditing, copyright or other regulations.
Library Surveys and Assessments
The Libraries or its units may obtain information and data through surveys (group or individual interviews or other means) assessing services, collections, facilities, resources, etc., or in support of research related to library and information services. This information and data is confidential and will not be shared without permission except in aggregations which protect the privacy of individual participants.
Publicly Accessible Digital Information Systems
The Libraries’ computer-based access systems (e.g., InfoHawk or various digital information systems) frequently track or “log” the actions performed by users of those systems. Transaction level logging that can be tied to individuals may be kept intact for a limited period of time for trouble-shooting and problem resolution related to system functions and service transactions. During the period this information is retained, it is held in confidence and is not shared with third parties unless required by law. When the information is no longer useful, by a reasonable standard, for resolving problems, the Libraries may aggregate and retain anonymized user data in order to investigate the use or value of resources and services. Information regarding individual identities (or the source of the transaction) will be removed. Original transaction logging information that has been processed in this way will be destroyed and care taken to ensure that backups or other inadvertently stored forms of the data are not retained.
Reference/Research Consultations
Reference and research consultation services are confidential and information about individuals using these services will not be shared outside the Libraries. Libraries’ staff will not reveal the identity of library users, the nature of their inquiries, nor the information or sources they consult. Anonymized data about reference or research consultations may be recorded for management or assessment purposes or to compile information on frequently asked questions.
Approved by Libraries’ Executive Council, 9/20/01
Approved by Provost, 11/1/01
Replaces UI Libraries 1988 policy on disclosure of client identity