Cecil County Public Library’s (CCPL or “the library”) privacy and confidentiality policy is based on the ethics and practices of professional librarianship, and in accordance with the American Library Association’s Code of Ethics, “we protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.”
We are committed to privacy and confidentiality for all library users, consistent with applicable federal, state, and local laws.
Maryland state law (MD Code, GP §4-308; ED § 23-108) protects your library records against any unlawful “inspection, use, or disclosure” and provides specific legal criteria under which records can be inspected, used or disclosed. Protected library records include user names, personally identifiable information, use of the library’s materials, services, or facilities, such as information and materials consulted or borrowed, database search records, public access computer use, circulation records, interlibrary loan records, and program registration records. In keeping with the American Library Association’s Policy on Confidentiality of Library Records and Policy Concerning Confidentiality of Personally Identifiable Information About Library Users and Maryland State law (MD Code, GP, § 4-308; ED, § 23-108), Cecil County Public Library staff will not respond to any informal request by a third party for personally identifiable information about any library user. Personally identifiable information may be released to a law enforcement agency or officer and only after presentation by the law enforcement agency or officer of an order by a court of competent jurisdiction issued in proper form (a court-issued subpoena or search warrant) and/or under the provisions of the USA Patriot Act.
Information we collect and retain includes (but may not be limited to):
- Information required to register for a library card (for example, name, address, library card number, telephone number, email address, birthdate)
- Grade level and school (used only for Student Virtual Cards and our Summer Reading and Learning Program)
- Records of materials currently checked out (this information is deleted once materials are returned)
- Fines owed and payments made
- Information to sign up for library programs
- Information about topics searched for and materials requested (does not contain any personally identifiable information)
- Website data to measure and analyze visitors, usage, and activity (does not contain any personally identifiable information)
- Usage and activity data of third party vendor library services, such as research databases and digital materials
What is done with this information?
This information enables us to provide access to a library account, to other library services, and allows the library to perform and improve essential functions. In setting this policy, the library seeks to provide the ideal balance of privacy, customer service, and convenience. Personal information may be used in the following ways, but is not limited to:
- Assisting customers with their accounts
- Maintaining internal records
- Sending notifications regarding customer accounts, such as holds, materials checked out, accounts about to expire, fines and overdues
- Sending notifications regarding library news and events
- Analyzing library usage data to improve services
- Contacting library users for research purposes to help improve services
- Resolving cases of violations of library rules and regulations
Personally identifiable information will remain confidential and will not be sold, licensed, or disclosed to any third party, except those vendors working under contract with the library, or except as required by law. For information about the ways third-party vendors may use or disclose your information, please see the “Third-party vendor services” section later in this policy.
CCPL strives to avoid creating unnecessary records and makes sure your personally identifiable information is not placed on public view without your consent. We also take steps to remove or to de-identify personally identifiable information from data, wherever possible.
CCPL publicly posts the library’s privacy and confidentiality policy and encourages you to ask questions about it – we’re here to help.
Third-party vendor services
Cecil County Public Library contracts with third-party vendors to provide expanded services, such as digital collections, research databases, and streaming media content. CCPL makes concerted efforts to ensure that the library’s contracts, licenses, and off-site computer service arrangements reflect the library’s policies and legal obligations concerning user privacy and confidentiality. CCPL’s agreements address appropriate restrictions on the use, aggregation, dissemination, and sale of information, particularly information about minors. When connecting to licensed databases and content providers outside the library, CCPL only releases information that authenticates users as registered Cecil County Public Library users. Nevertheless, when accessing remote or third-party vendor sites, there are limits to the privacy protection the library can provide.
Third-party vendors may gather and disclose your information according to their own policies, such as,
- Personally identifiable information you knowingly provide, including when you register for the site, provide feedback and suggestions, request information, or create shared content
- Other information that could be used to identify a library user, such as your IP address, search history, location-based data, and/or device ID
- Non-personally identifiable information, such as your ad views, analytics, browser information (type and language), cookie data, date/time of a request, demographic data, hardware/software type, interaction data, serving domains, page views, and the web page you have visited immediately prior to visiting the site
- Other data that third-party services may collect as described in the vendor’s privacy policy and terms of use
For more information on these services and the specific types of data that may be gathered and disclosed by each service, please refer to the Terms of Use and Privacy Policies for the services you may choose to use. Users may choose not to use these third-party services if they do not accept their Terms of Use and Privacy Policies. We encourage users to read and evaluate them carefully. Links to the library’s third-party vendor policies are provided here.
Protecting your library card and PIN/password
Please notify the library immediately if your card is lost or stolen, or if you believe someone is using your card or card number without your permission. We encourage you to protect your PIN/password for your privacy and security and please note that PINs and passwords are not given out over the phone for security reasons. However, you can use the “Forgot my PIN” feature through the catalog if you have an email listed in your library account. Please contact the library if you need assistance.
Keeping account information up-to-date
Please notify the library immediately of any changes to your personal information to keep your account information up-to-date. Visit any Cecil County Public Library branch, along with your library card or valid ID, to update your account information. Cecil County Public Library cards expire every year after the date they are created or renewed.
Parents and children
CCPL respects the privacy of all library users, regardless of age. Parents and legal guardians of a child under age 18 who wish to obtain access to a child’s library records must present the child’s library card or confirm their identity as the minor’s parent or legal guardian by displaying valid ID. Individuals 14 and older may sign for their own library card, without a parent or legal guardian present. Additionally, in accordance with COPPA (Children’s Online Privacy Protection Act), we do not collect personally identifiable information online from children under 13 without permission from their parent or legal guardian.
Items on hold
CCPL staff treat the materials you place on hold as confidential. You may choose to have another person pick up your holds by asking our staff to add that person’s name to your account as “approved to pick up holds.” In addition, parents or legal guardians of a child under 18 may pick up holds for their children. They must present the child’s card or confirm their identity as the child’s parent or legal guardian by displaying valid ID to pick up the child’s hold, if a note is not already on the account. Please ask a staff member if you have questions about holds.
Photographs and videos
Cecil County Public Library staff may take photographs and/or videos at library events and library-related activities, and attendance and participation at such constitutes implied consent to be photographed. These photographs and videos may appear in future library publications or other library publicity. To ensure privacy, images will not be identified using full names or other personally identifiable information without written approval from the person, parent, or legal guardian. Staff will announce when they will be taking photos and videos and will respect if you do not want to be included – please let a staff person know at the event.
Security cameras
The library uses security cameras to enhance the safety and security of library users, staff, and property, while at the same time, protecting your right to privacy. When necessary, recorded images are provided to law enforcement for the purpose of investigating or prosecuting criminal activity.
To protect your privacy, cameras are located where library users would not have a reasonable expectation of privacy, such as entryways and public seating areas. Cameras are never installed in areas where members of the public and staff would have a reasonable expectation of privacy, such as restrooms.
Data, computer, and payment security measures
The library takes proactive steps to assure data security. We protect personally identifiable information by electronically purging or manually shredding data once it is no longer needed for library business purposes, whenever possible. In addition, we take steps to remove or de-identify personally identifiable information in aggregate, summary data. Our policies and procedures limit staff access to data and ensure that those with access use the data for authorized purposes only. We limit and protect access through the use of strong passwords that are changed regularly and by storing data securely. Staff will not disclose any personally identifiable information to any other party except to fulfill your service requests or where required by law.
We regularly remove cookies (upon the close of the browser), browsing history, files, or other computer and Internet use records that are placed on our public computers. Our public computers are routinely updated and scanned for malicious software, and are protected against intrusion.
Although we maintain the best possible security with our Wi-Fi network, we encourage you to use secure browsing practices, whether on a public computer or on Wi-Fi. Please see a staff member if you have questions about secure browsing. Please note that Wi-Fi traffic from device to device is prohibited – devices connected to the network cannot communicate to one another.
Payments processed via card transactions are done securely through our payment processor. No card information is stored locally.
Other services
This privacy and confidentiality policy does not apply to external applications or websites you may access from the library’s public computers, devices, or equipment, such as social media sites.
You may choose to take advantage of library-related services via e-mail or other communication methods that send personally-identifiable information related to library use via public communication networks. You should be aware that the library has limited ability to protect the privacy of this information once it is outside our control.
Illegal activity prohibited and not protected
Library users may conduct only legal activity while using library resources, facilities, and services. Nothing in this policy prevents the library from exercising its right to enforce its Rules of Conduct, protect its facilities, networks, and equipment from harm, or prevent the use of library facilities and equipment against illegal purposes. The library can electronically log activity to monitor public computers and external access to its networks and reserves the right to review such logs when a violation of law or library policy is suspected. Staff is authorized to take immediate action to protect the security of library users, staff, facilities, computers, and networks. This includes contacting law enforcement authorities and providing information that may identify the individual(s) suspected of a violation.
Questions, Concerns, or Complaints
If you have a question, concern, or complaint concerning your personally identifiable information or this policy, you may send written comments to the Library Director. We will respond in a timely manner and may conduct an investigation or review of practices and procedures. We also conduct reviews regularly to ensure compliance with the principles outlined in this policy.
Library records may be subject to disclosure to law enforcement officials under provisions of state law, the USA PATRIOT Act (Public Law 107-56), or in a civil lawsuit. Librarians may be forbidden from reporting to you that your records have been requested or obtained under provisions of the USA PATRIOT Act.
Consistent with MD Code, GP, § 4-308; ED, § 23-108, we will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order, or other investigatory document is issued by a court of competent jurisdiction, showing good cause and in proper form. We have trained all library staff to refer any law enforcement inquiries to the Library Director.