Privacy and confidentiality of library records

Policy summary

This privacy policy explains your privacy and confidentiality rights and responsibilities, the steps Multnomah County Library takes to respect and protect your privacy when you use library resources, and how we handle personally identifiable information we collect from our patrons. Multnomah County Library has measures in place to protect patron privacy and confidentiality. In setting these policies, the library tries to strike a balance between your privacy and your convenience. Third party services provided through the library have other terms and policies that affect the privacy of your personally identifiable information. Patrons must understand when accessing remote or third party vendor sites that there are limits to the privacy protection the library can provide. Links to the terms and policies of many of the library’s third-party vendors are provided below.

Please ask a staff member if you have questions about this policy. We’re here to help.
 

Introduction

Multnomah County Library takes steps to protect the privacy and confidentiality of all library patrons, no matter their age. Our commitment to your privacy and confidentiality has deep roots not only in the law but also in the ethics and practices of librarianship. In accordance with the American Library Association's Code of Ethics: "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted." Multnomah County Library's privacy and confidentiality policies are in compliance with applicable federal, state, and local laws.

State law protects your library records from disclosure if a member of the public or the media requests them. Library records include your circulation records, your name together with your address or telephone number, and your email address. Library records may be subject to disclosure to law enforcement officials under provisions of state law, the USA PATRIOT Act or in a civil lawsuit. Librarians may be forbidden from reporting to you that your records have been requested or obtained under provisions of the USA PATRIOT Act.
 

Privacy and confidentiality policy

We post publicly the library's privacy and information-gathering policies. We avoid creating unnecessary records, we avoid retaining records not needed for library business purposes, and we do not engage in practices that might place personally identifiable information on public view without your consent.

Information the library may gather and retain about library patrons includes the following:

  • Information required to register for a library card or use the John Wilson Special Collections (e.g. name, address, telephone number, email address, birthdate)
  • Records of material checked out, charges owed, payments made
  • Records of electronic access information such as the library card or guest pass number used to log onto library public computers
  • Requests for interlibrary loan or reference service
  • Sign-up information for library classes, programs, Sterling Room for Writers
  • Information about topics searched for (does not contain any personally identifiable information)

The library will not collect or retain your private and personally identifiable information without your consent. Individuals may choose to submit their names, email addresses, postal addresses or telephone numbers in order to receive library services, such as registering for library cards, ordering materials, receiving personal responses to questions or being added to specific mailing lists. If you consent to give us your personally identifiable information, we will keep it confidential and will not sell, license or disclose it to any third party, except those working under contract to the library, or except as required by law. For information about the ways third parties may use or disclose your information see the Third Party Vendor Services section below.

We never use or share the personally identifiable information provided to us in ways unrelated to the ones described above without also providing you an opportunity to prohibit such unrelated uses, unless we are required by law to do so.
 

Access to accounts and patron responsibility

Protecting Your Library Card

It is your responsibility to notify the library immediately if your card is lost or stolen or if you believe someone is using your card or card number without your permission. We encourage you to protect your password for your privacy and security.

Keeping Account Information Up-To-Date

You may access your personally identifiable information held by us and are responsible for keeping your information accurate and up-to-date. You may choose to use a preferred name in addition to your legal name. If you choose to use a preferred name, library correspondence will be addressed to your preferred name. Please ask a staff member if you have questions about the process for accessing or updating your information.

Parents and children

We respect the privacy of all library patrons, no matter their age. Parents, guardians or caretakers of a child under age 18 who wish to obtain access to a child’s library records, including the number or titles of materials checked out or overdue, must provide the child’s library card or card number.

Having other people help you with your account

You may have other people help you with your account by providing them with your library card or card number and password. Please ask a staff member if you have questions about the process for having others assist you with your account.

Items on hold

Items placed on hold for library patrons are shelved for pick-up in the public areas of our libraries. They are shelved under the first four letters of the patron’s last name and the last four numbers of the patron's library card number. Patrons who do not want their holds shelved by last name may contact library staff for alternative options. Patrons of any age may choose to have other people pick up their holds. Holds will be checked out on the library card presented at the time of check-out.
 

Data security

The library takes reasonable steps to assure data security. We protect personally identifiable information by electronically purging or manually shredding it once it is no longer needed for library business purposes, whenever possible. We have invested in appropriate technology to protect the security of personally identifiable information while it is in the library's custody. We take steps to remove personally identifiable information from aggregate, summary data. We regularly remove cookies, browsing history, cached files, or other computer and Internet use records that are placed on our computers or networks.

Security measures

Our policies and procedures limit access to data and ensure that those individuals with access do not use the data for unauthorized purposes. We limit access through the use of strong passwords that are changed regularly and storage of data on secure servers or computers.

Staff may access personally identifiable information stored in the library's computer systems only for the purpose of performing their assigned library duties. Staff will not disclose any personally identifiable information to any other party except where required by law or to fulfill your service request.

Cookies

A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer or mobile phone or device browser from a website's computer and is stored on your device's hard drive. Each website can send its own cookie to your browser if the browser preferences you have set allow it. Many websites do this whenever a user visits their website in order to track online traffic flows. Websites also use cookies to customize your user experience to your preferences.

The library uses cookies to verify that you are an authorized user in order to allow access to licensed library resources, to customize Web pages for your use, to help make our site more useful to visitors and to learn about the number of visitors to our site and the types of technology our visitors use.

Some of the applications or external sites that you may link to from our pages, devices or equipment also use cookies. For more information on the use of cookies by each service please refer to the Terms of Use and Privacy Policies for the services you use. You may set the preferences in your web browser to refuse cookies or to tell you when a cookie is being sent. This may result in an inability to access some library services from computers outside the library.

Third party vendor services

Multnomah County Library enters into agreements with third parties to provide online services, digital collections, streaming media content and to improve our website. When using some of these services, you may also connect with social networks and other users of these services.

Third party services may gather and disclose your information, including,

  • Personally identifiable information you knowingly provide, including when you register for the site, provide feedback and suggestions, request information or create shared content,
  • Other information that could be used to identify you such as your IP address, search history, location based data and device ID,
  • Non-personally identifiable information, such as your ad views, analytics, browser information (type and language), cookie data, date/time of your request, demographic data, hardware/software type, interaction data, serving domains, pageviews and the web page you have visited immediately prior to visiting the site, and
  • Other data that third party services may collect as described in the vendor’s privacy policy and terms of use.

For more information on these services and the specific types of data that may be gathered and disclosed by each service please refer to the Terms of Use and Privacy Policies for the services you use. Links to our major vendors’ policies are provided here. You may choose to not use these third party services if you do not accept their Terms of Use and Privacy Policies; please read them carefully.

Policies for our discovery software for the online catalog:

Policies for our e-books, audiobooks, streaming music, movies, learning resources and kids' stuff:

Policies for event registration and meeting room reservations:

Policies for online help, including the Ask-A-Librarian and My Librarian text and email reference services:

Policies for the services we use to improve our website:

Policies for our wireless printing service:

Policy for our collections agency:

We make reasonable efforts to ensure that the library's contracts, licenses, and off site computer service arrangements reflect our policies and legal obligations concerning user privacy and confidentiality. Our agreements address appropriate restrictions on the use, aggregation, dissemination, and sale of information, particularly information about minors. When connecting to licensed databases and content providers outside the library, we release only information that authenticates users as registered Multnomah County Library patrons.

Multnomah County Library expects vendors to

  • abide by privacy related components of library/vendor contract and licensing agreements,
  • conform to library privacy policies regarding the retention and release of information to third parties,
  • provide a product which complies with the provisions of Children’s Online Privacy Protection Act (COPPA), and
  • refrain from collecting or disclosing additional information about patron activity or identifiers other than is needed for administration of the library service provided.

Nevertheless, patrons must understand when accessing remote or third party vendor sites that there are limits to the privacy protection the library can provide.

Other services

This privacy and confidentiality policy does not apply to external applications or websites that you may access from the library’s public computers, devices or equipment (such as Internet computers, Chromebooks and iPads).

Some patrons may choose to take advantage of RSS feeds from the library catalog, public blogs, hold and overdue notices via e-mail or text message, and similar services that send personally identifiable information related to library use via public communication networks. Patrons should also be aware that the library has limited ability to protect the privacy of this information once it is outside our control.
 

Illegal activity prohibited and not protected

Patrons may conduct only legal activity while using library resources and services. Nothing in this policy prevents the library from exercising its right to enforce its Rules of Behavior, protect its facilities, network and equipment from harm, or prevent the use of library facilities and equipment for illegal purposes. The library can electronically log activity to monitor its public computers and external access to its network and reserves the right to review such logs when a violation of law or library policy is suspected. Staff is authorized to take immediate action to protect the security of library patrons, staff, facilities, computers and the network. This includes contacting law enforcement authorities and providing information that may identify the individual(s) suspected of a violation.
 

Security cameras

Libraries have security cameras located inside and outside of the buildings for safety, security, and facility purposes. The security cameras are limited to common areas where patrons and staff do not have a reasonable expectation of privacy. The presence of security cameras does not mean they will be actively monitored or functioning properly at all times.

Authorized staff, which includes certain staff in management, facilities, security, and others designated by the Director of Libraries, may access the security cameras for safety, security, and facility purposes, and video footage may be disclosed as part of an investigation, litigation, or as otherwise required by law. Video footage is kept for 30 days in accordance with the library’s records retention schedule, unless a longer retention period is required as part of an ongoing investigation or litigation.
 

Enforcement and redress

If you have a question, concern, or complaint about our handling of your personally identifiable information or this policy you may file written comments with the Director of Libraries. We will respond in a timely manner and may conduct an investigation or review of practices and procedures. We conduct such reviews regularly to ensure compliance with the principles outlined in this policy.

The Director of Libraries is custodian of library records and is authorized to receive or comply with public records requests or inquiries from law enforcement officers. The Director may delegate this authority to designated members of the library's management team. The Director confers with the Office of the Multnomah County Attorney before determining the proper response to any request for records. We will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction, showing good cause and in proper form. We have trained all library staff and volunteers to refer any law enforcement inquiries to the Office of the Director of Libraries.