Privacy, Confidentiality and Law Enforcement Policy 4.23

Russell Library (the Library) is committed to protecting the confidentiality of its customers. We believe that privacy is essential to the exercise of free speech, free thought, and free access to information. To that end, the Library minimizes the amount of personally identifiable information that it gathers, and retains information about transactions only as long as it is needed for the efficient operation of the library. Information on customer use of the library is only disclosed under the conditions set forth by Connecticut State Statute Sec. 11-25 and the Library’s Privacy, Confidentiality and Law Enforcement Request Policy:

Connecticut State Statute Sec. 11-25 Reports by libraries: Confidentiality of records.
(a) The libraries established under the provisions of this chapter, and any free public library receiving a state appropriation, shall annually make a report to the State Library Board.
(b)  (1) Notwithstanding section 1-210, records maintained by libraries that can be used to identify any library user, or link any user to a library transaction, regardless of format, shall be kept confidential, except that the records may be disclosed to officers, employees and agents of the library, as necessary for operation of the library.
(2) Information contained in such records shall not be released to any third party, except (A) pursuant to a court order, or (B) with the written permission of the library user whose personal
 nformation is contained in the records.
(3) For purposes of this subsection, “library” includes any library regularly open to the public, whether public or private, maintained by any industrial, commercial or other group or association, or by any governmental agency, but does not include libraries maintained by schools and institutions of higher education.
(4) No provision of this subsection shall be construed to prevent a library from publishing or making available to the public statistical reports regarding library registration and use of library materials, if such reports do not contain personally identifying information.

Confidential Information Retention
The Library shall endeavor to create and maintain only necessary records. The Library shall create and follow a schedule for the deletion of personally identifiable information when such information is no longer necessary for the efficient operation of the Library. The Library Director and CEO (CEO) shall have sole discretion with respect to determining the appropriate retention of records.

Law Enforcement Requests
Any Library records containing personally identifiable information are confidential and shall not be made available to any agency of state, federal, or local government without the individual’s authorization, except pursuant to such proper process, order or subpoena, as may be authorized under the authority of, and pursuant to, federal, state, or local law relating to civil, criminal, or administrative discovery procedures or legislative power. Library records that may be subject to discovery may include: card registration with personally identifying information, current materials circulation, outstanding fines, computer sign-up, Internet searches, and program registration. The CEO, and/or any person duly appointed in writing by him/her, shall be responsible for handling all law enforcement or similar requests to obtain the Library’s confidential information.

If there is a request for confidential information:

a)the Library staff shall immediately refer all law enforcement inquiries to the CEO, or in his or her absence, to his or her duly appointed designee;
b)the Library staff shall not release any Library confidential information until authorized by the CEO, or in his or her absence, by his or her duly appointed designee; and
c)the CEO, or in his or her absence, his or her duly appointed designee, shall immediately consult with appropriate legal counsel to determine if such request is in proper form and to formulate an appropriate response.

If the law enforcement agent or officer does not have a subpoena or court order compelling the production of records, the CEO shall explain the Library’s privacy and confidentiality policy and the state’s confidentiality law and inform the agent or officer that the Library’s confidential information is not available without the production of a valid subpoena or court order. If the agent or officer produces a subpoena or court order, the CEO shall immediately refer it to legal counsel for review. Based upon advice of legal counsel, the CEO, or his or her duly appointed designee, shall determine whether to release the requested confidential information.

Subject to the provisions of applicable law, the CEO will report in writing to the Board of Trustees, at least monthly, describing each instance, if any, in which the Library has received a request for information from state or federal law enforcement agents, whether informally or by subpoena or court order, including the Library’s response to such request and the current status of each request.

Enforcement
The provisions of this Privacy, Confidentiality and Law Enforcement Request Policy will be construed and enforced by the CEO at his or her sole discretion. All decisions, determinations and actions taken by the CEO or any other Library staff person with respect to this Privacy, Confidentiality and Law Enforcement Request Policy is subject to review only by the Board of Trustees.

Amendment
The Library Board of Trustees reserves the right to amend this Privacy, Confidentiality and Law Enforcement Request Policy at any time.

DATE APPROVED BY THE RUSSELL LIBRARY COMPANY BOARD OF TRUSTEES: November 15, 2016