Library Privacy & Confidentiality Policy

 

Notice and Openness:

The Oregon Coast Community College (OCCC) Library is committed to protecting the privacy and confidentiality of all its library patrons. This commitment is in compliance with College policies, as well as local, state and federal rules and is consistent with the American Library Association’s Code of Ethics.

The Oregon Revised Statute 192.502 (23) exempts from disclosure under open records law:
“The records of a library, including:
(a) Circulation records, showing use of specific library material by a named person;
(b) The name of a library patron together with the address or telephone number of the patron; and
(c) The electronic mail address of a patron.”

  • OCCC Library posts its privacy and confidentiality policies on the Library website; and a print copy is available upon request at the Library Services window.
  • The policies that govern these issues include Ask-a-Librarian reference services, Coarse Reserves, Collection Development/Purchase Requests, Intellectual Freedom, Library Services, and Study Room policies.
  • Illegal activity is not protected. Staff are authorized to take immediate action to protect the security of library users and staff, facilities, computers, and the network. This includes contacting college security or local law enforcement and providing information that may identify the violators.
  • Only the Librarian or their superior, after conferring with OCCC administrators and legal counsel, is authorized to accept or comply with subpoenas, warrants, court orders, or other investigatory documents directed to the library or pertaining to library property.

Choice and Consent:

Provision of many library services requires the collection and retention of personally identifiable information (PII).  This is required in order to circulate library material.  Information is retained only as long as necessary to fulfill the function for which it was gathered, for example when processing InterLibrary Loan requests.  We will give patrons the choice to opt-in or opt out of a service whenever possible.

 

Access by Users:

Users have the right to access their own personally identifiable information (PII).  The Library can provide users with the PII information gathered, such as name, address, phone number, and email address, along with a listing of items overdue, lost, or damaged.  Users must contact the Librarian with valid state or federal photo ID.

 

Data Integrity and Security:

Data Integrity: Whenever personally identifiable information is collected, the library takes reasonable steps to ensure its integrity, including using only reputable sources of data, providing library users access to their personal data, updating information as library card accounts are renewed, destroying untimely data or converting it to anonymous form, and stripping personal information from aggregated, summary data.

 

Shared Data:

Patron records are shared within the Chinook Library Network consortium, and the OCCC Library ensures that timely corrections and deletions of data are made on a routine basis. Library PIN numbers are initially set by the library system, and then users are able to change them themselves.

 

Security:  Security measures are integrated into the day-to-day practices of the OCCC Library’s operating environment as part of its continuing commitment to risk management. Library staff may access personal data stored in the library’s computer system only as necessary to fulfill library functions. Staff are prohibited from disclosing personal data to any other party, unless required to fulfill a service request. The Library does not sell, lease, or give users’ personal information to companies, governmental agencies, or individuals except as required by law or with a user’s authorization.

 

Administrative Measures:

Library staff are trained in privacy and confidentiality, so that those individuals with access do not utilize the data for unauthorized purposes. The Library staff routinely shred PII collected on paper if transactions are complete, before the close of business each night.

 

Electronic Tracking:

The Library does not collect personally identifiable information by users’ log-ins or e-mail, chat room use, web browsing, cookies, middleware, or other usage. All Library computers have software installed that cleans any PII when turned off.

 

Data Retention:

The Library avoids creating unnecessary records and retains records in conformance with applicable records retention regulations.  Library staff do not have information on previous check-outs, unless an item was lost or damaged, and then that information stays on the account until paid for.   Patron requests for InterLibrary loans are retained until the item has been filled, and then the email is deleted.  Reference requests are deleted as completed.

 

  • OCCC Student Accounts– Information to produce a virtual library card account is supplied by the college student management system. Data may include patron name, address, telephone number, and college email address. Accounts are valid for one quarter, and old accounts are purged annually.
  • Community member Accounts– Library card applications are kept on file indefinitely, and account information is retained as long as an account continues to be renewed by the patron.

Enforcement and Redress:

Redress is available for library users who feel their privacy and confidentiality rights have been violated. A patron must present the Librarian with a written complaint, along with their contact information.  The patron must present valid state or federal photo ID at the time.  The Librarian will investigate and provide a written response within one week letting the patron know whether the violation occurred and the possible redresses available.  If a violation did occur, the Librarian will review policies and procedures within 48 hours, and make adjustments or corrections to close the gap and avoid future breaches.

OCCC Library | 12 Apr 2017