PATRON PRIVACY POLICY
I. PURPOSE
The purpose of this policy is to affirm that Sacramento Public Library (hereinafter “the Library”) staff maintains the confidentiality of library records, protects the privacy of those who use its websites and other electronic services, and ensures that all library staff understand that patron records are protected by California State Law.
II. POLICY
The Library maintains the confidentiality of all registration and circulation records, consistent with the California Public Records Act (Protection of Library Circulation and Registration Records, Government Code Title 1, Division 7, Chapter 3.5). Registration and circulation records shall not be disclosed to any person, local, state, or federal agency unless authorized by the patron or the patron’s representative, as required by law or court order, or as required for the administration of the Library. Confidentiality extends to database search records, computer use records, and all other personally identifiable uses of Library materials, programs or services.
Patron records will only be released to the person(s) whose name(s) appear on the library borrower’s record, unless required by a court order or to the extent required for the administration of the Library, consistent with this policy.
Protecting the privacy of users is one of the core principles of librarianship. This policy discloses what information is gathered during interactions with the Library and how this information is used. Obtaining a library card, using our website and digital resources, and visiting our locations implies agreement to this policy.
III. GENERAL
The Library keeps all information that it purposefully or inadvertently collects confidential to the full extent of federal, state and local law, including the California Public Records Act.
The Library makes this policy available on its website and at its service desks.
The Library reserves the right to change or modify this policy at any time. Any changes or modifications to this policy will be posted on the Library’s website.
IV. WHAT THE LIBRARY COLLECTS AND HOW IT IS USED
The Library collects information from patrons in various ways. Examples include direct input, network logs, and cookies. The Library strives to collect the least amount of Personally Identifiable Information (PII). We avoid creating unnecessary records; however, to administer services, the Library may need this information to create and maintain borrowing records, collect payments, promote library programs and services, and provide access to digital services.
The following personal information may be collected to access library services:
• Name
• Address
• Telephone Number
• Email Address
• Date of Birth
• Library card barcode number
• Student ID number
• Items currently checked-out, requested and canceled holds, and interlibrary loans
• Overdue items (until returned)
• Payment history
• Sign-up information for library programs/events
Some masked PII (i.e. data without names, birthdates, phone numbers, email address) may also be used to create and analyze library statistics such as circulation, program headcounts or language demographics for collection development and program/service improvement using 3rd party, web-based software. The Library does not sell or license PII to any third party.
V. PATRON RECORDS
Library records may only be disclosed:
• To Library staff performing library duties;
• To the cardholder to whom the records pertain, upon proof of identity;
• To anyone authorized, in writing by the cardholder, to inspect the records; or
• By order of the appropriate court of law.
Patron account information is stored and protected on a secure server(s) and accessed through a suite of software available under contract with the Library. The Library will keep individual patron data only as long as it deems necessary to provide services.
The Library does not keep a patron’s reading history record except as required to provide Library services. After a patron returns an item, the record of that borrowed item is removed from the user’s account. However, the Library’s automated system has a feature called "My Reading History" that allows patrons to track items checked out. Participation in the feature is entirely voluntary and participation in “My Reading History” may start or stop at any time. Choosing to record "My Reading History" implies agreement to allow the Library’s automated system to store this data. Content stored in "My Reading History" is subject to all applicable local, state, and federal laws. Under those laws, such records may be subject to disclosure to law enforcement authorities pursuant to a court order.
VI. CHILDREN’S PRIVACY
California State Law protects the confidentiality of all patron records, including children. Parents or guardians of minor children, not Sacramento Public Library, are solely responsible for their child’s use of library resources, including online services.
Library Records
Parents or legal guardians with proper identification may have access to their children’s records only when the materials become overdue. In addition, parents or guardians may view their children’s record and modify some personal information by accessing the child’s online account.
Parents and guardians of children 17 and under (or those listed on the c/o line of a Library record) may view a child’s Library record with the following stipulations:
• Parents and guardians of children under age 13 may view a child’s Library record as long as the parent’s name appears in the Library record.
• Parents and guardians of children age 13-17 may view a child’s Library record if they have the card in hand, or if the child is present and gives consent.
Internet Use
The Children's Internet Protection Act (CIPA) was enacted by Congress in 2000 to address concerns about children’s access to obscene or harmful content over the Internet. As a library subject to CIPA, the Library is required to include technology protection measures, and must block or filter Internet access to pictures that are: (a) obscene; (b) child pornography; or (c) harmful to minors (for computers that are accessed by minors). All internet sessions for card holders 17 and under are automatically filtered. It is assumed that a parent or guardian signature on a library card application implies permission to access the Internet using that Library card.
The Library encourages all parents and guardians to learn about their children's online activities and to join in their children's exploration of the Internet.
The Library also encourages parents and caregivers to tell their children about the importance of: (i) not revealing personal information online, and (ii) asking for permission before giving their last name or personal information to any website. The Library may partner with third-party services to provide educational content for children. Parents and guardians should review those services’ privacy policies before permitting their children to use them.
VII. VISITORS AND SECURITY SURVEILLANCE
The Library utilizes contract security officers for the purpose of maintaining public safety and building security. Security officers perform physical surveillance of the premises and intervene with patrons violating the Library’s Rules of Conduct.
In some instances, patron violation of the Rules of Conduct may warrant the initiation of a Library incident report. An incident report is entered in the Incident Tracker web-based database and may include information about the patron observed violating rules of conduct. Specific information may include a description of the incident/behavior, the patron’s name if known, screen capture photos from surveillance video, scans of police trespass notices and any other files or data pertinent to the incident.
Library branches have security cameras outside and/or inside. Recordings are stored on a Library computer and remain available for not less than thirty days. Video surveillance recordings or photos obtained through the surveillance system will only be released in accordance with applicable laws. Video recordings may be used by Library security staff and management to research reported incidents and may be made available to law enforcement officials when needed for investigative purposes. Such recordings may be admissible as evidence in a court of law. No release of surveillance recordings or images will occur without prior authorization by the Library Director or designee via the External Request for Surveillance Video Release form.
VIII. LIBRARY WEBSITE and PUBLIC COMPUTERS
The Library does not collect personal user information when a user visits the Library’s website (www.saclibrary.org).
The Library automatically collects and stores only the following information about a website visit, for statistical purposes:
• The Internet domain and IP address from which access to the Web site is gained;
• The type of browser and operating system used to access the Library's site;
• The date and time of access to the Library's site;
• The pages visited;
• The address of the Web site from which the initial visit to www.saclibrary.org was launched, if any, as well as the address from which a visitor exits.
HTTPS
The Library uses this information to make its site more useful to visitors and to learn about the number of visitors to the site and the types of technology visitors use. The data that is collected is not connected to any PII. The Library’s website (saclibrary.org) and its event website (saclibrary.evanced.info/signup/) are encrypted with HTTPS. All communications between a browser and the Library website are private.
All connected devices borrowed from the Library (e.g. Chromebooks) have their history cleared after the device is returned.
Cookies
A cookie is a small file sent to the browser by a website each time that site is visited. Cookies are stored on a user’s computer and can transmit personal information. Cookies are used to remember information about preferences on the pages visited.
A user can refuse to accept cookies, disable cookies, and remove cookies from their hard drive. However, this may result in a lack of access to some library services. SPL’s servers use cookies to verify that a person is an authorized user. This allows you access to licensed third-party vendors and to customize webpages to your preferences. Cookies obey a browser’s privacy settings. The Library will not share cookie information with external third parties.
Data & Network Security
The Library uses software programs that monitor network traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. No other attempts are made to identify individual customers or their usage habits.
Public Computers & Connected Devices
The Library does not keep a record of browsing history or activities on any public computer or laptop. Any record of browsing history and activities are removed at log out.
All personally identifiable information is purged from the individual computer immediately upon the end of a public computer reservation. However, a log is created for statistical purposes which includes user library card number, the computer terminal number, reservation time, reservation type and duration of the session.
Software-based solutions are in place to clear browsing history data from all connected devices borrowed from the library (e.g. Chromebooks) after the device is returned.
Online Catalog
The Library’s online public access catalog (OPAC) https://catalog.saclibrary.org, provides users with self-activated features. Information gathered and stored using these features, such as a user-saved search, is accessible to the library user and potentially to staff with administrative rights. The user has the option to delete their reading history and saved search history at any time, at which point records are discarded and not retrievable.
The Library’s website contains links to services through other sites (i.e. third-party vendors). The Library is not responsible for the privacy practices of other sites, including those of third-party vendors providing access to online databases or eBook/eMedia services. Third party vendor privacy practices may differ from the Library’s privacy practices, as described in this policy. Patrons should review the privacy policies for third-party vendors prior to accessing their services.
IX. EMAIL, WEB FORMS and REFERENCE QUESTIONS
Information provided by a library user via email or web forms will be used only for purposes
described at the point of collection (e.g., on a web form), to send information or
provide Library services, update information on a patron’s record, or to respond to questions or comments.
The Library may use contact information to clarify a comment or question, or to learn about the level of customer satisfaction with Library services.
The Library treats service requests and reference questions, regardless of format of transmission (in person, via telephone, fax, email or online) confidentially. PII related to these requests/questions is purged at least quarterly.
Email is not necessarily secure against interception and may be subject to disclosure requirements of the Public Records Act or other legal disclosure requirements.