Library Policies
Confidentiality of Library Records

Library Board policy as of March 14, 1990. Revised February 13, 2002; March 13, 2013; July 10, 2024.

Policies > Confidentiality of Library Records

The Library’s commitment to the confidentiality of patron information is rooted in the law, as well as long-standing practices of the library profession. This policy applies to all patron records, regardless of library card type. By visiting the Library or using the Library’s services, patrons agree to this policy.

This policy shall comply with applicable federal, state, and local laws. This includes Connecticut General Statutes § 11-25 (2007), which protects the confidentiality of personally identifiable information contained in the circulation records of all public libraries, and §1- 210 (2021), which exempts such records from the Freedom of Information Act.

In accordance with the American Library Association’s Policy on Confidentiality of Library Records and Code of Ethics, attached as Appendices C and D: “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted.”

Collection of Information

The Library and its authorized vendors collect information directly from patrons as well as automatically through network logs, cookies, and other tracking technology. Different types of information are collected depending on a patron’s chosen level of engagement with Library services and the information needed to provide access to those services.

Information Collected Automatically

When patrons use the Library’s digital or online services, information about this usage is automatically collected and retained.

This information includes, but may not be limited to, the following:

Public computer usage statistics, which contain minimal personal information related to a patron’s library account, time and date of access, duration of access, and print payment balance, and do not include browsing history, personal account information, files, or any other detailed information
Wi-Fi and website usage statistics and analytics data, including IP address, location, browser information, time and date of access, duration of access, pages viewed on the Library’s website (and no other websites), unique device identifiers, and other diagnostic data, which are anonymized and will not be tied to individual personal information

Information Collected by Third Parties

The Library partners with various vendors to provide access to digital services and resources. These third-party vendors may collect information as part of providing their services. It is important to note that the data handling and privacy practices of these vendors are governed by their own terms and conditions, which may differ from the Library’s policies.

Using a third-party service constitutes agreement to that service’s privacy policy, terms, and conditions, and to sharing personal information with the service. Patrons are responsible for reading, agreeing to, and following all policies, terms, and conditions for any third-party service they choose to access. Although Library staff will make every effort to select only reputable vendors, the Library does not control and is not responsible for the privacy practices of third-party vendors.

Information Provided by Patrons

This information is collected directly from patrons and is not collected without patron consent. Patrons are responsible for keeping their information accurate and up to date.

This information includes, but may not be limited to, the following:

Personal information that can personally identify a patron, as necessary for Library use, including name, birth date, address, email address, phone number, library card number, and payment information
Residency information, reviewed during the library card application process when using identification such as driver’s license, government-issued identification, and utility bills to verify eligibility
Employment information, reviewed during the library card application process when using employment to verify eligibility
Library records, which contain personal information as well as information related to circulation, borrowing, holds, fees, etc.
Registration records, including name, email address, phone number, and any other information provided at the time of registration for events, programs, contests, etc.
Payment information, when paying fees or making donations
Email and other messages sent to Library accounts
Login credentials for Library services, including username and password, which are encrypted and not directly accessible by Library staff
Content created by patrons, such as book recommendations, contest submissions, photos, or other content voluntarily shared with the Library online or in person

The Library may also keep records of questions and other interactions for the purpose of training, statistics, and better serving the community. Personally identifiable information is generally not included in these records.

Retention of Library Records

The Library shall endeavor to create only necessary records, and to keep records only as long as necessary for the proper operation of the Library. The Library may retain some information in backup storage systems, hard copy form, or as required by law.

Computer Records

In order to lend materials and provide services, the Library must retain computer records that include personally identifiable information about Library patrons as well as transactions like borrowed items, overdue and lost materials, outstanding fines, payments of patron accounts, etc. These computer records are kept secure and can only be accessed by authorized Library staff or vendors.

The Library is a member of LCI, a consortium of Connecticut public libraries. LCI provides, administers, and maintains the integrated library system (ILS) used by the Library. LCI manages patron data on behalf of the Library and maintains personally identifiable information about Library patrons and transactions. This allows for online access and reciprocal borrowing between libraries, and also protects from accidental or malicious data loss.

Computer records are purged from the Library’s computer system when no longer needed for library business purposes; however, the Library cannot guarantee records are purged from offsite or backup servers maintained by LCI or vendors contracted by LCI.

Paper Records

Paper records containing personal information such as names, addresses, and phone numbers, are shredded once added to the computer system. Only Library staff shall have access to personal data stored by the Library.

Disclosure of Personal Information

Personal information collected from patrons is considered confidential. Except when required by law or to fulfill an individual user’s service request, the Library and its staff will not disclose, sell, or otherwise share personal data collected from patrons.

This privacy protection includes, but is not limited to, personally identifiably information such as names, addresses, telephone numbers, database search records, reference interviews, circulation records, interlibrary loan records, and uses of Library materials, facilities, or services.

Children’s Personal Information

Confidentiality rules also apply to children’s information. In order for the Library to provide information about a minor’s account, parents or guardians must provide the child’s library card to access their account information online, by phone, or in person. In person, parents or guardians may substitute photo identification verifying that they are the person who accepted responsibility for their child by co-signing the card.

Disclosure to Law Enforcement

Library records and other confidential information will not be made available to any officer, agent, or agency of state, federal, or local government unless the Library is served with a subpoena, warrant, court order, or other authorized request that requires legal compliance.

Only the Library Director or a designee is authorized to receive or comply with requests from law enforcement officers. The Director shall consult with legal counsel, such as the Town attorney, prior to any action being taken.

If there is a request for confidential information:

Library staff shall not release any confidential information.
Library staff shall immediately refer all law enforcement inquiries to the Director.
If the law enforcement agent or officer does not have a subpoena or court order compelling the production of records, the Director shall explain the Library’s privacy and confidentiality policy and the state’s confidentiality law and inform the law enforcement agent or officer that the Library’s confidential information is not available without the production of a valid subpoena or court order.
If the law enforcement agent or officer produces a subpoena or court order, the Director shall immediately refer it to legal counsel for review. Based upon advice of legal counsel, the Director shall determine whether to release the requested confidential information.

Disclosure to Other Individuals

Confidential information will not be disclosed to other individuals except in the specific circumstances listed below.

In situations where friends or family members want to help a patron who cannot make it to the Library in person, Library staff will only provide account information if they present the patron’s library card. In such a case, Library staff will provide the minimum of information to accomplish the transaction and will under no circumstances provide the patron’s phone number, address, email address, or any other potentially sensitive information.

In situations where a third party requests to pay all or part of the debt owned on a patron’s library card, Library staff may look up the patron record and provide only the amount owed and collect a payment. No other information will be given out without a library card.

As library cards may be used to access personally identifiable information, patrons are responsible for alerting the Library to a lost or stolen library card immediately.

Disclosure to Patrons

Patrons are encouraged to notify the Library when their contact information changes, so that the Library is able to offer proper notification of the availability of reserved or interlibrary loan items, reminders of overdue materials, etc. Patrons wishing to update or verify the accuracy of their own personal information may do so at the Circulation Desk. To ensure the security of personal data, verification of identity will be required in the form of a valid photo identification, such as a driver’s license, passport, etc.

In order to ensure that patrons’ records are private, the Library requires patrons to provide their library card to access their account information online, by phone, or in person. In person, patrons may substitute their photo identification.

Library staff will release limited borrowing information (currently checked out items, holds, fines) by phone to patrons who either provide their library card barcode number or are calling from the phone number listed on their record.

Disclosure to the Public

Patrons may choose to share content, such as book lists and recommendations, as part of Library programs or services, when interacting on social media, or in other contexts, in which case such information will be publicly accessible.

Disclosure to Third-Party Electronic Services

Some third-party services, such as eBook providers and electronic databases, require the disclosure of some amount of personal information in order to offer access to the service. This is generally limited to information that authenticates registered Library patrons, such as name, library card number, whether the patron account is active, and a unique patron identification number assigned in the Library’s computer system. These services may also maintain records of patron actions or borrowing history within the service itself.

Wellness Checks

An exception may be made if Library staff have reason to suspect an immediate threat to a patron’s welfare to the extent that necessitates contacting law enforcement for a welfare check. A patron’s name, phone number, and address may be disclosed to law enforcement. No further information may be disclosed.

Library Communications

The Library may use personal information such as name, address, email address, or phone number to communicate with patrons by mail, email, or phone. Library communications will be limited to messages about patron circulation transactions, as well as updates, reminders, and promotions related to the Library.

Email Circulation Notifications

An email address is not required to borrow items from the Library.
Patrons who have shared their email addresses with the Library may opt out at any time.

Patrons who choose to associate an email address with their library card consent to receive emails related to their library circulation transactions, including checkout receipts and notices for holds, renewals, and overdue items.

Email Newsletters and Other Updates

Patrons who sign up for the Library’s monthly or weekly newsletters are consenting to receive emails about Library news, programs, and/or new materials. The Library may occasionally send emails off of the newsletter’s regular schedule for special events or important updates.

Patrons who sign up for any the Library’s email newsletters agree to share personal information, including name and email address, with the Library as well as the Library’s trusted third-party newsletter service. The Library’s third-party newsletter services must use industry standard security measures. In the event of a data breach, the Library will notify anyone who may be affected.

Patrons may unsubscribe from newsletters at any time. Each newsletter will include an unsubscribe link, or patrons may contact the Library directly for assistance.

Mailings

The Library may mail lost item bills, particularly when email is unavailable or ineffective, and may send a minimal amount of promotional materials by mail.

Library Policies Confidentiality of Library Records