Creating a Library Privacy Policy

Background

This page and related materials are the products of a University of California systemwide libraries "Task Force to Develop a Model Policy on Privacy for Library Provided Digital Services." The task force was charged by the libraries' Systemwide Operations and Planning Advisory Group (SOPAG). Supplementing the Task Force's final report, materials here represent the work of the task force and are meant to further the discussion about privacy policies within UC libraries, but do not yet represent adopted policies or procedures.

Users of the World Wide Web have learned to look for privacy policies on web sites. Although not a guarantee of privacy, these policies help inform visitors of the privacy practices of sites that they visit.

Although most libraries have policies relating to patron privacy, few post privacy statements on their web site. As Internet users become accustomed to checking the privacy policy of sites that they visit, they will expect to find them on library sites as well. Unless they find privacy policies on library sites, they may assume that there is no privacy protection provided by our institutions.

Creating the Policy

• Review laws and policies (Federal, State, University).
• Determine the desired local policy for each library function.
• Make sure the library's practices follow the policy.
• Create a privacy statement for users of the library's services and post it prominently on library web pages.
• Determine a date when the privacy policy will be reviewed.

Performing a Privacy Audit

Before you can complete a detailed privacy policy it is necessary to determine where the privacy risks are in your systems and what measures you are taking to minimize those risks. During this audit you may decide to modify your practices and to create specific policies that did not exist before. Only after you have performed such an audit can you write your detailed privacy policy.