Tufts University Library Privacy Policy
Download the full policy (PDF version).
Purpose
This policy establishes the confidentiality of library user data that identifies the user of library resources, and the acceptable use of that data at Tufts University.
Scope
All members of the Tufts Community.
Policy Statement
Library User Data Definition
Library user data is data related to library usage by individuals, which the Tufts University Libraries create, exchange, use, and manage in order to provide a wide range of library services as part of the Libraries' normal course of business. This data includes, but is not limited to, circulation records, inter-library loan records, submitted reference questions and correspondence, and database and website log data. Library user data is a type of institutional data as defined by the Information Stewardship Policy.
Library User Data Confidentiality and Acceptable Use
Library user data is classified as Level B: Confidential Institutional Data as defined by the Information Classification and Handling Policy. De-identified library user data is considered Level C Administrative Institutional Data and is not covered by this policy.
- Library user data is available only to members of the Tufts community on a strictly need-to-know basis in order to support library services.
- Library staff may only use library user data to support library services.
- Library staff may share library user data with other libraries or library service providers in order to support library services.
- Library staff may not disclose library user data directly to any agency of state, federal, or local government without a proper court order, subpoena, or warrant. Any such demand presented to a library staff member should be immediately referred to the Office of University Counsel in Ballou Hall for legal review before any action is taken. Responding to these demands is governed by the Policy on Subpoenas for University Records.
- Library staff may disclose library user data to the Tufts University Department of Public & Environmental Safety to investigate the damage or theft of Tufts Libraries property.
- The Tufts Libraries make reasonable efforts to protect the privacy of library user data.
- The Tufts Libraries' management and safeguarding of the confidentiality of library user data is guided by the Tufts University Information Stewardship Policy and Business Conduct Policy, the American Library Association Code of Ethics, and the Society of American Archivists Code of Ethics for Archivists.1
Responsibilities
The University Libraries are the information managers of library user data as defined by the Information Roles and Responsibilities Policy. Library staff are responsible for complying with this policy.
Review Entities
University Library Council
University Counsel
Approval Date
December 16, 2003; revision approved February 19, 2013
Effective Date
December 16, 2003; revision effective May 31, 2013
Executive Sponsor
Mary Y. Lee, Associate Provost
Policy Manager
University Library Council
Responsible Offices
Digital Collections and Archives
Ginn Library
Hirsh Health Sciences Library
Lilly Music Library
Tisch Library
University Library Technology Services
Webster Family Library
Revision
The University reserves the right to change this policy from time to time. Proposed changes will normally be developed by the policy managers with appropriate stakeholders. The review entities have sole authority to approve changes to these guidelines.
Review Cycle
Annually or as needed.
Distribution
http://www.library.tufts.edu/privacyPolicy.html
Related Policies and Documents
Information Stewardship Policy
Information Classification and Handling Policy
Information Roles and Responsibilities Policy
American Library Association Code of Ethics
Society of American Archivists Code of Ethics for Archivists
1 The Information Stewardship Policy notes, "Tufts University and members of the University community are expected to responsibly manage and use information in support of research, teaching, service, and administration. … The privacy of the personal information of University community members and clients should be protected." The Confidentiality section of the Business Conduct Policy states, "It is the responsibility of all Tufts employees to respect the highest level of privacy for their colleagues and other members of the Tufts community. Disclosure and discussion of confidential information obtained from University, school, or department records, either during or after employment with Tufts, is impermissible unless such disclosure is a normal requirement of an employee's position and has been so authorized." The American Library Association Code of Ethics declares, "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted." The SAA Code of Ethics for Archivists says, "Archivists respect all users' rights to privacy by maintaining the confidentiality of their research and protecting any personal information collected about the users in accordance with their institutions' policies."