Check out these library privacy policies for other wording suggestions.
Privacy Statement - Your Right to Privacy
This is the section where you can tell users why privacy matters to libraries. Write details about your commitment to privacy values and ethics. Include links to applicable local, state, and federal laws.
What information do we collect?
Users have the right to know every type of information that is collected by the library. Include any and all PII and non-personally identifiable information you might collect. This section should also include information collected as part of any kind of analytics program. Including a link to third-party vendors’ privacy policies is helpful here. Be sure to include information that may be collected through email, chat services, RFID, or any reference interactions.
This is a good section to include your retention policies. Let users know how long you keep any information, including their borrowing history. If you have a written retention policy, provide the link.
Who has access to my information?
Remind users that their information is confidential, but also tell them who has access to it at your library. This is a good place to discuss policies around one user getting access to another user’s information (e.g. a parent asking for their child’s records).
How do we protect the privacy of students and minors?
Many libraries serve users that may have specific privacy rights under local, state, and federal law. If you serve students or minors, be sure to address how your library protects their privacy.
Our website and public computers
This might feel like the most complicated section if you’re unfamiliar with technology. If possible, seek out help from the Information Technology department to fill out the details in each of these sections.
Let users know what HTTPS is (it’s a certificate that encrypts your network traffic) and that your library employs it on your website.
- Does your library lack a secure website? Get a free SSL certificate with Let’s Encrypt
Explain what cookies are (see the commonly used term section in this guide) and let users know what cookies your site uses. This section is likely to mostly be teaching users about cookies.
- Data and Network Security
Let users know that you are actively working to prevent their data from getting into the wrong hands. You don’t need to go into elaborate detail here, but avoid using phrases found in the red flag section like, “we may protect your data” or “reasonable measures.”
- Public Computers and Connected Devices
If your library offers WiFi access, device checkout, or pubic computers, here is where you can tell them what protections are in place. Let users know how long you keep a log of their computer usage (hopefully not more than 24 hours) and what happens to their data when they log out of a computer or return a device.
Most library users think anything they access from the library’s website is part of the library. They don’t have knowledge of the vast third-party vendor network. In this section give a summary of the types of information that may be collected, used, and shared by these vendors. Provide a link to an easy-to-read and regularly updated page that has links to all of the third-party vendor privacy policies. Also, include what the library’s expectations are for vendors. This information may be included in the contracts or requests for purchase.
Many libraries employ some form of surveillance. Be upfront and honest with your users. Include details on security cameras and any body-worn cameras (including retention policies and who has access to the footage), facial recognition software, and smart speakers.
Detail the procedures in place when a request from law enforcement comes in to access a user’s records. Include information about any training staff has undergone.