DATA PRIVACY AT REFERENCE DESKS/CIRCULATION DESKS & OVER THE PHONE

Page: 1 of 6

HCL Administrative Policy

Section: IS1
   

Release Date: June 1998

Replaces Issue Dated:

Responsibility: Information Services Committee and Library Board

_________________________________________________________________________________

POLICY

HCL data privacy policy and procedures are based on the Minnesota Data Practices Act. Most recently amended in the 1996 legislative session, it states (in Article 1, Section 7, Subd. 2, PRIVATE DATA; LIBRARY BORROWERS).
    1. Except as provided in paragraph (b), the following data maintained by a library are private data on individuals and may not be disclosed [except to the subject of the data] for other than library purposes except pursuant to a court order:
  1. data that link a library patron’s name with materials requested or borrowed by the patron or that link a patron’s name with a specific subject about which the patron has requested information or materials; or
  2. data in applications for borrower cards, other than the name of the borrower.
    1. A library may release reserved materials to a family member or other person who resides with a library patron and who is picking up the material on behalf of the patron. A patron may request that reserved materials be released only to the patron.

At HCL, this translates to:

Private data: may be given only to the subject of the data (and, if a minor, the parents or guardians)
  1. the title of items on loan or overdue
  2. the titles of items on reserve

    3. Note: Except as provided in paragraph (b) above.

  3. subjects about which a patron has requested information
  4. patron address, phone number, birthdate

Public data: available to anyone who requests it
  1. number of overdues (e.g., Mr. Smith, your wife/father/grandfather has 3 items overdue)
  2. fines and/or bills owed (amounts, not titles) (e.g., Mr. Smith, your wife owes $5.00 in fines)
  3. number of items on reserve (e.g., Mr. Smith, your mother has reserved 12 titles)
  4. patron last activity date (the last time the patron had activity on Dynix)
  5. patron name

 

Procedures:

Data Privacy at Reference Desks and over the Phone

With their library card/barcode:

-In person or over the phone-

Without their library card/barcode, but with patron ID # from date due slip or other ID (see definitions)

-In Person only (no "other ID" if over the phone)-

Verification: First, verify patron address in the patron record. (In Checkout, do patron name lookup using View command, or select patron name and do .M to see entire record.) Don’t volunteer address; have the patron give the address.

Without their library card/barcode or other ID:

-In person or over the phone-

Verification: First, verify patron address in the patron record. (In Checkout, do a patron name lookup using View command, or select patron name and do .M to see entire record.) Don’t volunteer address; have the patron give the address.

 

Data Privacy at Circulation Desks and Over the Phone

With their library card/barcode:

-In person or over the phone-

Without their library card/barcode, but with patron ID # from date due slip or other ID:

-In person-

Verification: First, verify patron address in the patron record. Don’t volunteer address; have the patron give the address.

-Over the phone with patron ID # from date due slip –

Without their library card/barcode or other ID:

In person or over the phone –

Verification: First, verify patron address. Don’t volunteer address; have the patron give the address.

 

Important notes and definitions

  1. What does "verification" mean?

    2. The primary means of ID to get library service is the patron card or barcode. Lacking that, patron address is used to help ensure the patron being served really is the card-holder. When patrons present "other ID," or no ID, they should be asked to recite their address, so that staff can check it against the address in their Dynix patron record. The intent is to a) ensure we’ve picked the correct Dynix patron record, b) guard against use of stolen cards (or other stolen ID), and c) avoid giving out private data incorrectly. Note: This verification is different from the prompt to confirm current address information that reference staff see each time they place a reserve. The intent of this prompt is to update incorrect address information.

  2. What constitutes acceptable "other ID?"

    3. The same ID that’s accepted for registering a patron: driver’s license, checkbook, or evidence of mail received at their current address. For data privacy purposes, student picture ID is acceptable "other ID."

  3. Why the phrase "library card/barcode?"

    4. Patron presentation of library cards or barcodes will continue to grow in importance as more automated library services require it (patrons will need their barcode to look up their own record on OPACs, for example, or to renew their own materials from home using touch-tone phones, etc.). Providing library service based on presentation of library card or barcode is necessary if library staff are to continue to discuss private data with patrons over the phone.

  4. Access to minor’s records, without minor’s card or ID

    5. Unless children under age 18 have asked for and received approval for the library to withhold private library data from their parents, parents by law have access to their minor children’s library records.

         5. "...unless patron or situation alerts you otherwise."

    Patron presentation of a library card is the key to accessing private data on a patron’s record, unless, as the HCL Data Privacy Report (1988, p.6) states, "the patron or situation alerts you otherwise." What this means is that even if the patron gives you a library card, you may not give the patron private data if the situation alerts you that the patron handing you the card is not the card owner.

This area has been and continues to be, of necessity, an agency option. In agencies where staff are familiar with many of their patrons, staff may {will?} give private data to patrons who are known to them, even though the patrons may not have their library card or other ID with them. In the largest agencies, this familiarity may be a luxury they cannot afford procedurally.

 

Data Privacy – Reserve Pickup by Patron Only

In August 1996 there was a change in the MN Data Practices Act and private data for library borrowers.

MN Statutes Article 1, Section 7, Subd. 2, PRIVATE DATA; LIBRARY BORROWERS. The changes state, "A library may release reserved materials to a family member or other person who resides with a library patron and who is picking up the material on behalf of the patron. A patron may request that reserved materials be released only to the patron."

HCL has operated, without any difficulties, under the rationale of "implied consent" when allowing patrons to pick up reserves for each other. The change in the law only puts HCL more in compliance than previously with the exception of developing procedures to allow for a patron to request that reserved materials be released only to the patron.

A patron requests that reserved materials be released only to the patron:

Staff should place a message in the patron record indicating that reserves are to be picked up by the patron only.

Verify that the person picking up the reserve is the requesting patron when you see "PICKUP BY PATRON ONLY" message on the reserve workslip. If the person picking up the reserve is not the name on the workslip, then do not give them the material.



Return to Policy Index