Core library-focused guidance, templates, and background on privacy and confidentiality in libraries. This is your foundational resource for building privacy policies and procedures.
What You'll Find:
Privacy policy templates tailored for libraries
Background on privacy principles and confidentiality
Practical guidance for implementing privacy protections
Tip: Start here when creating or updating your library's privacy policy. Use the templates as a foundation and customize for your specific needs.
Overview showing that most U.S. states protect library records and how laws vary state-by-state. Essential when responding to subpoenas or law enforcement requests.
Why It Matters:
48 states plus DC have statutory protections for library records
Language and exceptions differ significantly by state
Critical for knowing your legal obligations and patron rights
Tip: Keep a quick state-law cheat sheet for your legal team. Know your state's specific protections before responding to any records request.
ALA Library Privacy Guidelines & Checklists Practical
American Library Association
Practical, step-by-step checklists for operational privacy including data minimization, retention, notices, and audits. Great for building policies and standard operating procedures.
Key Features:
Step-by-step implementation checklists
Data minimization and retention guidelines
Privacy audit frameworks
Patron notification templates
Tip: Use these checklists to conduct a privacy audit of your current systems and identify gaps in your privacy protections.
Grant-funded, librarian-friendly "how-to" guides on digital security basics, privacy audits, talking with patrons, and vendor/privacy lifecycle. Useful for training and workshops.
Topics Covered:
Digital security basics for library staff
Conducting privacy audits
Communicating with patrons about privacy
Vendor privacy lifecycle management
Tip: Perfect for staff training sessions. Use the field guide exercises to map data flows and identify privacy risks in your systems.
Practical tools and advocacy resources for libraries, including browser extensions like Privacy Badger for public computers and guidance on limiting tracking.
Adopt a written Privacy Policy — State what you collect, why, how long you keep it, and how patrons can request deletion/access (base on ALA checklists)
Document retention periods — Set clear timelines for circulation data, computer logs, security camera footage
2. Data Minimization
Collect only what's necessary — E.g., a barcode for checkout; avoid collecting DOB where not required
Automate secure deletion — Set systems to automatically purge unnecessary data
3. Public Computer Protection
Default to private browsing modes — Clear user profiles/logs between sessions
Install tracking blockers — Privacy Badger or similar on all public browsers
Use clean-state restoration — Disk-freeze solutions or Windows UWF to restore clean state
4. Technical Security
Encrypt in transit and at rest — Require HTTPS for all library sites; encrypt sensitive backups
Review vendor contracts — Insist on library data ownership, compliance with state laws, and security controls
5. Staff Training & Response
Train staff on privacy basics — How to respond to law enforcement requests (who to escalate)
Create incident response checklist — Document steps for handling privacy breaches or legal requests
6. Ongoing Audits
Run periodic privacy audits — Follow ALA/IMLS field guide exercises to map data flows
Identify and reduce unnecessary exposure — Which systems collect which fields? Where can you minimize?
Pro Tip: Don't try to implement everything at once. Start with a written privacy policy and data minimization, then add technical controls and training over time.
Legal Considerations & Response Planning
Know Your State Law
48 states plus DC have statutory protections for library records, but language and exceptions differ significantly. Keep a quick state-law cheat sheet accessible for your legal team.
Important: Understand your state's specific protections and exceptions before you receive any legal request for patron data.
Responding to Legal Demands
ALA guidance explains what to do when served with subpoenas or search warrants. Have a clear escalation path established before you need it.
Key Steps:
Require a court order for patron records
Immediately consult legal counsel
Provide only the minimum information required
Document the request and your response
Know who in your organization handles these requests
Tip: Create a one-page "Legal Request Response Protocol" for your staff with clear escalation contacts and steps to follow.