Resources and Best Practices for Handling Patron Information

June 10, 2024

By law, by policy, and by historical and professional practice, CARLI and CARLI member libraries have an obligation to protect the privacy of patrons’ information. It is CARLI’s official policy to store personally identifiable information for the shortest amount of time possible and to restrict access to this information only to staff that need access to conduct library business. By extension, CARLI expects that member institutions will handle personally identifiable information with the same care.

This page identifies several best practices used by CARLI Office staff and expected of member organizations. Individual member institutions may have more stringent expectations, in which case library staff should follow the stronger requirements.

What is Personally Identifiable Information (PII)?

According to National Institute of Standards and Technology (NIST)'s Computer Security Resource Center, part of the U.S. Department of Commerce:

• "Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
• Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
• Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual."

CARLI Privacy Policy

"CARLI takes the collection of personally identifiable information required to provide library services very seriously. It is our policy to store personal information in our systems for the shortest amount of time necessary to complete transactions or provide service. Access to personal information is restricted to the library and consortium staff needing such access to conduct library business. Personal information is never made available for commercial purposes and will not be revealed to any third party except by such process, order, or subpoena as authorized by law." [Approved by the CARLI Board of Directors, March 10, 2017]

CARLI Policy is informed by statute, specifically the Illinois Library Records Confidentiality Act (Illinois Compiled Statutes 75 ILCS 70/1) and the U.S. Dept. of Education Family Educational Rights and Privacy Act (FERPA); as well as by the University of Illinois System Privacy Statement. See also the CARLI Privacy Notice for the CARLI website.

Professional Best Practices

Data Lifecycles, part of the Privacy Field Guide for Libraries, enumerates several actions that individuals and organizations should take regarding personally identifiable information. These include the following:

• Only collect data that has a specific operational need.
• Keep user data secure and limit staff access to only the data they need to perform specific tasks.
• Retain records in compliance with legal and operational considerations, and dispose of data in a timely manner when data are no longer required.
• Library consortia "should have retention policies and procedures for its member libraries to ensure the same level of user privacy throughout the consortium."

In addition, the ALA Code of Ethics states:
"3. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted."

CARLI-specific Privacy Practices

CARLI is currently reviewing its procedures and practices for ways in which we can continually safeguard patron information. Current efforts include:

Record Sharing

• CARLI staff exchange patron data using secure and encrypted file transfer methods:
  • CARLI’s secure FTP server
  • the University of Illinois’ Box sharing system, which is certified for the storage of FERPA-protected data

Record Retention

• CARLI I-Share consortial policies have a 60-day retention period for letters produced by Alma (e.g., lost item, fines and fees). After 60 days, letters will not be visible from anywhere within Alma.
• Files transferred via the CARLI secure FTP server are retained for 60 days. After 60 days, files are automatically deleted.
• On July 29, 2024, CARLI I-Share will implement the anonymization of user fulfillment data in Alma. Completed loans and requests are anonymized after a retention period of seven days, and fine/fee data is anonymized after a retention period of seven years.  See Alma Anonymization of User Fulfillment Data for more information.