Policy #207 Adopted: June 17, 2004; Revised January 15, 2015; Revised August 16, 2018
The San Francisco Public Library champions the protection of personal privacy. Protecting library user privacy and keeping confidential information that identifies individuals or associates individuals with their use of library books, materials, equipment, programs, facilities, and/or staff assistance is an integral principle of the Library. This policy affirms the Library's commitment to privacy, explains the information that the Library collects, and alerts visitors to Library facilities and users of remotely accessed Library services to the privacy choices they face.
1. The Library will keep all such information that it purposefully or inadvertently collects or maintains confidential to the fullest extent permitted by federal state and local law, including the California Public Records Act1, the San Francisco Sunshine Ordinance2, and the USA PATRIOT Act3.
2. To make this policy easy to find, the Library makes it available on the Library's Website and at every point where personally identifiable information may be requested.
3. Protection of confidentiality extends to information sought or received, and materials consulted, borrowed, and received.
4. Protection of confidentiality includes database search records, circulation records, interlibrary loan records, and other personally identifiable uses of library materials, facilities or services.
5. The Library does not collect personal information about a library user when a user visits the Library's Website, registers for a program, or registers for a library card unless the user authorizes the Library to have that information. The user has the option to participate or not participate.
6. Any information the library user chooses to provide will be used only to provide or improve library services, such as information gathered through voluntary library user surveys.
7. The Library protects library user account information by placing it on a secure server.
Library Cards and Circulation Records
8. To receive a library card, library users are required to provide identifying information such as name, birth date and mailing address. This identifying information is retained as long as the library user continues to use the library card.
9. A library user's library record includes current information, items currently checked out or on hold, as well as overdue materials and fines.
10. The Library does not maintain a history of what a library user has previously checked out once books and materials have been returned on time4.
11. When fines accrue on a user's account, the Library does maintain records of items that have been borrowed but returned after the due date, or are still outstanding on the user's record. When overdue materials are returned and all associated fines are paid, the information associated with the library card number is deleted.
Discovery Layer Interface
12. The San Francisco Public Library provides an online search interface for users to find information held in the Library’s catalog and other data that lies outside the Library’s immediate catalog including web based content stored remotely and user-generated content created within other participating public libraries’ discovery layers. Harvested data is indexed and presented to the end user in a single set of results for greater information retrieval functionality. In addition, users may also choose to use the discovery layer interface to share ratings and reviews of titles found at San Francisco Public Library, create custom booklists, which can also be shared, and connect with other users’ recommendations.
- BiblioCommons allows parents of children ages 12 and under, upon proof of identity, to request from Library staff, review and edit personal information collected from their children on this service and/or to delete a minor’s BiblioCommons account. These requests will be fulfilled by Library staff in coordination with BiblioCommons. Information shared with parents will be limited to the minor’s personal information and user-generated content. Borrowing history or items requested by the minor will not be revealed.
- Some BiblioCommons features and services may request users to enter additional information such as educational level.
14. User activity in creating a BiblioCommons account is optional as the service is deployed alongside the online public access catalog (OPAC). Without creating a BiblioCommons account, a user may still view and use the Library’s existing online public access catalog depending on a given user’s preference. In addition, without a BiblioCommons account, a user may search and view the BiblioCommons discovery layer interface. However, in order to use the many additional features of BiblioCommons, such as commenting, rating, tagging, creating public booklists, and one-click holds, a user would need to create an account, in which case user information is encrypted and stored on BiblioCommons servers. Users of the discovery layer interface are advised to read the description of the services carefully, so as to be aware of the extent to which information that is user generated and/or shared will be stored.
Radio Frequency Identification (RFID)
15. The only information stored on the RFID chip/tag will be limited to the item barcode or an encrypted number, as well as a security bit that indicates if the item is in or out of the library.
16. RFID technology will not be used for library cards.
17. All local, state and/or federal legislation relating to RFID and library usage will be fully complied with at San Francisco Public Library.
Public computer use and the Library's online system
18. The Library uses an online computer reservation program that allows the public to reserve a computer in order to access the Library's catalog, the Internet and other resources. The Library's public computer search stations are programmed to delete the history of a library user's Internet session and all searches once an individual session is completed. Booking history is deleted every day.
19. Searching by the barcode of library books and other materials is not available to the public.
20. The Library's online public access catalog system, also known as the “Classic Catalog,” offers library user self-activated features, using Log In to Your Record, including email notification of new library materials which contain library user saved search terms. Information gathered and stored using this feature is only accessible to the library user. There is no administrative interface to this information for library staff and, therefore, it is not retrievable by anyone other than the user. The user has the option to delete their search history at any time.
21. Enhancements to the Library's online catalog system that offer greater functionality and customized features that may impact user confidentiality will be activated by the Library only if such enhancements are optional to the user. Use of enhancements is governed by privacy statements and terms and conditions of the vendor.
Email, Web Forms, and Reference Questions
22. Information provided by a library user via email or Web forms will be used only for purposes described at the point of collection (for example on a Web form), such as to send information or provide library services to the library user, update information on the library user's record, or respond to a library user's questions or comments.
23. If contact information is provided, the Library may contact the library user to clarify a comment or question, or to learn about the level of customer satisfaction with library services.
24. The Library treats reference questions, regardless of format of transmission (in person, via telephone, fax, email or online) confidentially. Personal identifying information related to these questions is purged on an ongoing basis.
25. Email is not necessarily secure against interception and may be subject to disclosure requirements of the Public Records Act or other legal disclosure requirements.
Information Automatically Collected and Stored
26. As library users browse through the Library's Website, read pages, or download information, certain information will be automatically gathered and stored about the visit, but not about the library user. The information gathered is for statistical purposes only to insure that the Library is providing appropriate services and does not personally identify any individual.
27. The Library automatically collects and stores only the following information about a visit, for statistical purposes:
The Internet domain and IP address from which access to the Web site is gained;
The type of browser and operating system used to access the Library's site;
The date and time of access to the Library's site;
The pages visited; and
The address of the Web site from which the initial visit to www.sfpl.org was launched, if any, as well as the address from which a visitor exits.
28. The Library uses this information to help the Library make the site more useful to visitors and to learn about the number of visitors to the site and the types of technology visitors use. The data that is collected is not connected to any personal information or identity.
29. The Library does not collect information about who library users are, and encourages library users to become familiar with privacy policies of the ISP that the user subscribes to and other sites visited.
Links to Other Sites
30. The Library's Website contains links to other sites. The San Francisco Public Library is not responsible for the privacy practices of other sites, including providers of online database services and eBook/eMedia services for which the Library subscribes, which may be different from the privacy practices described in this policy. The Library encourages library users to become familiar with privacy policies of other sites visited, including linked sites.
31. For Web site security purposes and to ensure that the service remains available to all library users, the San Francisco Public Library uses software programs that monitor network traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. Anyone using the Library's Web site expressly consents to such monitoring. Except for the above purposes, no other attempts are made to identify library users or their usage habits5.
Working with Law Enforcement
32. Library records will not be made available to any agency of the state, federal or local government except pursuant to such process, order or subpoena as may be authorized under the authority of, and pursuant to, federal, state, or local law relating to civil, criminal, or administrative discovery procedures or legislative investigatory power.
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT ACT)
33. Sections 214-216 of this Act gives law enforcement agencies expanded authority to obtain library records, secretly monitor electronic communications and prohibits libraries and librarians from informing library users of monitoring or information requests.
34. The Library Commission and the San Francisco Board of Supervisors have formally opposed the Act, including Sections 214-216, in two separate resolutions. (Appendices E and F)
35. On March 2, 2004, San Francisco voters codified the City's resistance to the federal USA PATRIOT Act with their approval of Proposition E. The charter amendment requires that any request for library, health or other personal records be routed through the Board of Supervisors instead of through City department heads. The supervisors will then decide whether the request is constitutional and whether to respond to it.
1 Library records are protected under California Government Code, Title 1, Division 7, Sections 6250-6270, Chapter 3.5.
2 San Francisco Administrative Code, Section 67
3 PL 107-56 - Uniting & Strengthening America by Providing Appropriate Tools Required To Intercept and Obstruct Terrorism (USA Patriot Act) Act of 2001
4 Library users may choose to opt in and enable My Check-out History. By doing so library users choose to give explicit consent to the storage of their Check-out History from the opt-in date. Library personnel will not access or release Check-out History unless required by law to do so. Library users may opt out of this service and delete Check-out History at any time. (Noted - November 30, 2011)
5 Unauthorized attempts to upload information or change information are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and 18 U.S.C. Section 1001 and 1030.