Indiana University Libraries
Privacy Policy
Approved by University Counsel 12/22/03
Approved by the Council of Head Librarians 2/20/04

I. Introduction

Privacy is essential to the exercise of free speech, free thought, and free association.  The Indiana University Libraries define the right to privacy as the right to open inquiry without having the subject of one's interest examined or scrutinized by others.  Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf. 

The courts have recognized a right of privacy based on the Bill of Rights of the U.S. Constitution.  The state of Indiana guarantees privacy in its constitution and statutory law.   (See http://www.in.gov/pac/statutes/ or http://www.ilfonline.org/IFC/inlaw/confidentiality.htm).   IU Library's privacy and confidentiality policies are intended to comply with applicable federal, state, and local laws, as well as with any IU policies on privacy, including the IU Policy on Privacy of Information Technology Resources (http://www.itpo.iu.edu/IT07.html).

User rights--as well as our institution's responsibilities--outlined here are based in part on what are known in the United States as the five "Fair Information Practice Principles."  These five principles outline the rights of Notice, Choice, Access, Security, and Enforcement. 

Our commitment to our users' privacy and confidentiality has deep roots not only in law but also in the ethics and practices of librarianship.  In accordance with the American Library Association's Code of Ethics:

"We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted."

II. Indiana University Libraries' Commitment to Our Users' Rights of Privacy and Confidentiality 

This privacy policy explains our users' privacy and confidentiality rights, the steps this library takes to respect and protect privacy, and how we deal with personally identifiable information that we may collect from our users.

1.  Notice & Openness

The IU Libraries affirm that our library users have the right of "notice" -- to be informed about the policies governing the amount and retention of personally identifiable information, and about why that information is necessary for the provision of library services. 

The IU Libraries post publicly and acknowledge openly the privacy and information-gathering policies of the IU Libraries.  Whenever policies change, notice of those changes is made publicly available.  In all cases involving personally identifiable information, it is our policy to avoid creating unnecessary records; to avoid retaining records not needed for the fulfillment of the mission of the library; and to avoid engaging in practices that might place sensitive information on public view.

Information that the IU Libraries may gather and retain about current and valid library users includes, but is not limited to, the following:

• Circulation Information
This includes all information that identifies a user as borrowing specific materials, including reserve materials.

• Collection Development and Resource Management
This includes information regarding the request, purchase, transfer, and related collection management requests linked to individual users or groups of users (e.g., departments). 

• Electronic Access Information
This includes all information that identifies a user as accessing specific electronic resources, whether library subscription resources, electronic reserves, or other Web resources.

• Interlibrary Loan/Document Delivery
This includes all information that identifies a user as requesting specific materials.

• Library Surveys/Assessment Projects
This includes any information or data obtained by any IU library through surveys (group or individual interviews or other means) in support of assessment of services, collections, facilities, resources, etc., or in support of research related to library and information services.  Any data collected in the course of research is subject to additional review of privacy and confidentiality protections.

• Reference/Research Consultations
This includes any information regarding the identity of library users, the nature of their inquiry, and the resources that they consult.

• User Registration Information
This includes any information the library requires users (faculty, staff, students, or others) to provide in order to become eligible to access or borrow materials. Such information includes addresses, telephone numbers, and identification numbers.

• Other Information Required to Provide Library Services
This includes any identifying information obtained to provide library services not previously listed.

2.  Choice & Consent

This policy explains our information practices and the choices users can make about the way the IU Libraries collect and use this information. 
To provide borrowing privileges, we must obtain certain information about our users in order to provide them with a library account.  If users are affiliated with Indiana University, the library automatically receives personally identifiable information (name, address, e-mail address, status [as student, faculty, staff], identification number, etc.) in order to create and update their library account from the Registrar's Office (for students) or Human Resources (for employees).  When visiting our library's web site and using our electronic services, users may choose to provide their name, e-mail address, library card barcode, phone number or home address.
Users who are not affiliated with Indiana University have the option of providing us with their e-mail address for the purpose of notifying them about their library account.  Users may request that we remove their email address from their record at any time.

The IU Libraries never use or share the personally identifiable information provided to us in ways unrelated to the ones described above without also providing users an opportunity to prohibit such unrelated uses, unless we are compelled to do so under the law.  Our goal is to collect and retain only the information we need to provide library-related services.  The IU Libraries strive to keep all personally identifiable information confidential and do not sell, license, or disclose personal information without consent unless compelled to do so under the law or as necessary to protect library resources or conduct necessary library operations.   

3.  Access by Users

We attempt to fulfill all requests made by individuals who use library services that require the provision of personally identifiable information and to update their information through proper channels. Users may be asked to provide some sort of verification (e.g., PIN number, photo or network identification card, etc.) to ensure verification of identity.

4. Data Integrity & Security

The data we collect and maintain at the library must be accurate and secure.  Although no method can guarantee the complete security of data, we take steps to protect the privacy and accuracy of user data in the following ways:

Data Integrity: We take reasonable steps to assure data integrity, including: using only reputable sources of data; providing our users access to their own personally identifiable data; updating data whenever possible; utilizing middleware authentication systems that authorize use without requiring personally identifiable information; destroying untimely data or converting it to anonymous form. 

Data Retention:  We regularly review and purge personally identifiable information once it is no longer needed to manage library services. Information that is regularly reviewed for purging includes, but is not limited to, personally identifiable information on library resource use, material circulation history, and security/surveillance tapes and logs.

The IU Libraries are committed to investing in appropriate technology to protect the security of personally identifiable information while it is in the library's custody.  The IU Libraries follow university policy for the retention of data, and access to data is restricted to a small number of authorized university computing personnel.  The IU Libraries post announcements about the choice users make in signing up for customized or personalized services related to web and database services.
 
Services that Require User Login:  In-library computers allow guest use of most library resources without logging in.  Use of the full resources of the World Wide Web and of the full power of some subscription databases requires that a user log on to the workstation, either with his/her network ID and password or with a special guest account the user obtains from the library.  Data about which users were connected to which machine is collected, in accordance with University policy, and kept for a limited time with very limited access by staff.  Users of electronic resources that require authorization for their use are also asked to log in when they connect from outside the university IP address ranges.  The data kept from these transactions does not include information linking the user to the resources to which the user connected or about searches completed and records viewed. 

Cookies:  Cookies are used by IUCAT to maintain the persistence of a default library search limit.  These cookies are session cookies and are removed when the user exits the catalog and closes the browser.  Some licensed databases also use cookies to remember information and provide services while the user is online.  Users must have cookies enabled to use these resources.

We are committed to working with vendors of library resources to find solutions that respect the user's privacy and we include a review of the privacy policy espoused by the vendor in purchasing decisions.  We provide users with information about the risks of providing personally identifiable information so that they can make reasonable choices about use of personalized services from vendors of electronic library materials.  We discourage users from choosing passwords or PINs that could reveal their identity, including Social Security numbers.  We regularly remove cookies, web history, cached files, and other use records from library computers and networks.

Security Measures: Our security measures involve both managerial and technical policies and procedures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data.  Our managerial measures include internal organizational procedures that limit access to data and prohibit those individuals with access from utilizing the data for unauthorized purposes.  Our technical security measures to prevent unauthorized access include encryption in the transmission and storage of data; limits on access through use of passwords; and storage of data on secure servers or computers that are inaccessible from a modem or network connection. 

Staff access to personal data: We permit only authorized Library staff with assigned confidential passwords to access personal data stored in the Library's computer system for the purpose of performing library work. The IU Libraries will not disclose any personal data collected from users to any other party except where required by law, to report a suspected violation of law or University policy, or to fulfill an individual user's service request. We do not sell or lease users' personal information to commercial enterprises, organizations or individuals.

5.  Enforcement & Redress
The IU Libraries will not make library records available to any agency of state, federal, or local government unless required to do so under law or to report a suspected violation of the law.  Nor will we share data on individuals with other parties including faculty, staff (including library staff except in the performance of their assigned duties), parents, students, campus security, and law enforcement personnel, except as required by law or University policy or as needed to perform our University duties.
Library staff are to refer all requests for confidential user records to the appropriate Library Dean or Director or their designate. Only the Library Dean/Director or designate has authorization to receive and  respond to requests from law enforcement or other third parties.  The Dean/Director will forward all requests from law enforcement or other government officials, all requests under applicable "open records" laws, to University Counsel, and will consult with counsel regarding the proper response.  Each library within Indiana University will develop written procedures to comply with this policy.  
We conduct regular privacy audits in order to ensure that all library programs and services are enforcing our privacy policy.  Library users who have questions, concerns, or complaints about the library's handing of their personally identifiable data should file written comments with the director of the library in question.  We will respond in a timely manner and may conduct a privacy investigation or review our policy and procedures.