Privacy Policy

Confidentiality of Library Records and Data Privacy Policy

Policy Number: 006
Supersedes Policy #006 - 05/27/15

Approved: 01/26/2022 Effective: 01/26/2022 - 01/01/2025
Authorized by: Board of Trustees Review Date: 10/01/2024

1) Purpose:

To inform visitors of the Timberland Regional Library’s (TRL) commitment to protect patron Personally Identifiable Information (PII) data and confidentiality, when and how personally identifiable information might be shared, and their responsibilities when using third-party vendors.

2) Scope:

This policy applies to the confidentiality of library records and patron data, and how this information is used by TRL.

3) Background:

Timberland Regional Library is committed to protecting the data of its patrons. TRL believes informing patrons about the types of information it collects and how it uses the information is crucial in the protection and privacy of our patrons.

4) Definitions:

A. Record: Any documentation in print or electronic format that could be used to identify the names of library patrons with specific materials. Also including computer use records and all personally identifiable information provided to obtain a library card.

B. PII: The personally identifiable information (PII) we do collect is retained for limited amounts of time and is used to provide library services to the patron.

Information the library may gather and retain about library patrons includes the following:

  1. Information required to register for a library card (e.g., name, address, telephone number, email address, birthdate).
  2. Records of material checked out, charges owed, and payments made.
  3. Records of electronic access information such as the library card or guest pass used to log onto library public computers.
  4. Requests for interlibrary loan or reference service.
  5. Sign-up information for library programs, events, newsletters, and services.
  6. Websites accessed via library computers or library networks.
  7. When using our website or web applications (Mobile Printing, PC reservations, etc.) TRL may collect your Internet Protocol (IP) address, your location, kind of web browser or electronic device that you use, date and time of your visit, website that you visited immediately before arriving at our website, pages that you viewed on our website, certain searches/queries that you conducted.
    Use of TRL’s Internet computers and printers is logged for one week before the data is anonymized.

5) Policy:

A. Confidentiality of Library Records

  1. TRL employees release information regarding patron and library account activity only to the person to whom the library card is issued.
    • TRL does not disclose information to the parent or guardian regarding the minor’s library record
    • Library patrons may designate others to receive information, check out materials, place, and pick up holds.
    • Library patrons who link accounts provide designation that the linked users may see each other’s library record information.
  2. Records that could be used to identify the names of library patrons with specific materials shall not be made available to any agency of federal, state, or local government, except pursuant to such process, order or subpoena as may be authorized under the authority of, and pursuant to federal, state or local law.
  3. This confidentiality extends to information sought or received, and materials consulted, borrowed, acquired, and includes database search records, circulation records, interlibrary loan records, and other personally identifiable uses of library materials, facilities, or services.
  4. We will not sell or share your information with third party vendors, except those working under contract to the library, or except as required by law.

B. Third Party Vendors

TRL has partnered with reputable vendors to provide certain services to online customers. These services include but are not limited to access to electronic books, videos, and audiobooks, access to electronic databases, etc. Third-party services provided through the library have other terms and policies that affect the privacy of your personally identifiable information. Patrons must understand when accessing remote or third-party vendor sites that there are limits to the privacy protection the library can provide. When patrons visit a partner’s site, they are encouraged to become familiar with the other site’s privacy statement.

C. Security

TRL has implemented reasonable physical, electronic, and managerial measures to prevent unauthorized access to the information it collects online. TRL does not, however, claim any responsibility for information collected by other websites linking to or from TRL’s website.

D. Cookies

A cookie is a small data file sent from your web browser to a web server and stored on your electronic device’s hard drive. They are generated by websites to provide users with a personalized and often simplified online experience. TRL may use cookies to customize content areas; to analyze site activity or user behavior; or to maintain the state of authentication for pages during a given session.

If you are concerned about the use of cookies, please explore your browser’s options to notify you whenever a cookie is set or disallow cookies altogether. However, prohibiting cookies may restrict your access to certain web content or features.

E. Promotional Email, Newsletter, and Opt-Out Elections

TRL offers a monthly newsletter that is distributed via email to registered patrons. New patrons that sign up for library service and provide an email address are automatically registered for TRL newsletters. Patrons may choose to opt-out of newsletters by using the opt-out option information provided in the newsletters.

F. Other Services

This privacy and confidentiality policy does not apply to external applications or websites that you may access from the library’s public computers, devices or equipment (such as Internet computers, Chromebooks, or other devices provided by the library for patron use).

Some patrons may choose to take advantage of RSS feeds from the library catalog, public blogs, hold and overdue notices via e-mail or text message, and similar services that send personally identifiable information related to library use via public communication networks. Patrons should also be aware that the library has limited ability to protect the privacy of this information once it is outside TRL’s control.

G. Illegal Activity Prohibited and Not Protected

Patrons may conduct only legal activity while using library resources and services. Nothing in this policy prevents TRL from exercising its right to enforce its Rules of Behavior, protect its facilities, network, and equipment from harm, or prevent the use of library facilities and equipment for illegal purposes. TRL can electronically log activity to monitor its public computers and external access to its network and reserves the right to review such logs when a violation of law or library policy is suspected. Staff are authorized to take immediate action to protect the security of library patrons, staff, facilities, computers and the network. This includes contacting law enforcement authorities and providing information that may identify the individual(s) suspected of a violation.

H. Enforcement and Redress

If you have a question, concern, or complaint about our handling of your personally identifiable information or this policy you may file written comments with the Executive Director. We will respond in a timely manner and may conduct an investigation or review of practices and procedures. The Executive Director is custodian of library records and is authorized to receive or comply with public records requests or inquiries from law enforcement officers. The Executive Director may delegate this authority to designated members of the Administrative Team.

The Executive Director confers with a TRL contracted attorney before determining the proper response to any request for records. TRL will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction, showing good cause and in proper form. TRL has trained all library
staff to refer any law enforcement inquiries to the Executive Director.

6) References:

A. Internet Use Policy.
B. Internet Use Policy Compliance Measures for CIPA.
C. Public Records Request Procedures.

7) Citations:

A. RCW 42.56.310.
B. American Amusement Machine Association v. Teri Kendrick 534 U.S. 994 (2001).
C. Erznoznik v. Jacksonville 422 U.S. 205 (1975).
D. Board of Education v. Pico 457 U.S. 853 (1982).
E. ALA Privacy Toolkit:

Cheryl Heywood, Executive Director
Nicolette Oliver, President
By the enactment of this policy the Board of Trustees of Timberland Regional Library is concurrently rescinding any prior policy or procedure within TRL that is either in conflict with or expansive of the matters addressed in this policy.

Confidentiality of Library Records and Data Privacy Policy (pdf), opens a new window


Print this page