Handling and Disclosing Patron Data Policy
Hennepin County Library Administrative Policy
The following responsibilities apply to all Hennepin County Library staff and other persons authorized to handle patron data (e.g. volunteers, interns, and security staff):
- Follow the American Library Association’s Code of Ethics and protect each library patron’s right to privacy and confidentiality with respect to information sought or received, resources consulted, borrowed, acquired, or transmitted.
- Use and disclose patron data only to conduct the library business for which it was collected.
- Refrain from sharing information about patrons or patron activities that is unnecessary for the provision of library service. This includes, but is not limited to, postings about patrons on social media sites, and informal conversations.
- Understand the difference between public and private data as defined by the Minnesota Government Data Practices Act.
- Safeguard private patron data in accordance with state and federal law, and the policies of Hennepin County.
- Complete data security training and confidentiality and use agreement as required by Hennepin County.
- Report any potential data breach in accordance with the Hennepin County Data Breach Policy and Procedures.
- Disclose public data as it relates to routine job duties and assignments.
- Forward written requests for patron data to the Library’s Data Practices Contact.
- Immediately inform supervisor or person in charge when a request to disclose private data is made by law enforcement officials.
Supervisors and managers have the following additional responsibilities:
- Ensure patron data is used appropriately and take disciplinary measures if direct reports are in violation of this policy.
- Work with library and security staff and law enforcement officials to respond to initial requests to disclose private data. Notify the Operations Division Manager and Library Data Practices Contact.
The name, roles and responsibilities of the Library’s Data Practices Contact is defined on the Hennepin County Data Governance site for County employees.
The Library Director is the Library’s Responsible Authority Designee and as such ensures the Library is in compliance with state and federal laws and county policies associated with data governance.
Associated Laws, Policies and Procedures
Next review: 01/25/2019
Last reviewed/revised: 01/25/2016