Privacy and Confidentiality

Privacy statement

The Delafield Library recognizes and affirms its commitment to protecting user privacy. It further finds that protecting library user privacy and keeping confidential information that identifies or associates individuals with their use of library books, materials, equipment, programs, services, facilities, and/or staff assistance to be a core library principle.

Legal protections and exceptions

Wisconsin law has strong protections in place to assist the library in keeping records confidential. In certain circumstances, library records may be subject to disclosure to law enforcement officials under provisions of state law or federal law under the provisions of the USA Patriot Act (Public Law 107-56). In accordance with the USA Patriot Act, public libraries must allow an immediate search and possible seizure of equipment or information if presented with a FBI National Security Letter or Foreign Intelligence Surveillance Act Warrant. Staff members are provided training in handling requests from law enforcement.

The relevant Wisconsin laws concerning the confidentiality of library records are Wisconsin Statutes Section 43.30 and the Wisconsin Personal Information Practices Act (Sections 19.62 to 19.80). Library records include any record of use of library materials, resources, or services.

Wis. State Statute 43.30 requires that library records may only be disclosed under the following circumstances:

  1. With the consent of the individual library user.
  2. To a custodial parent or legal guardian of a juvenile under 16 years of age.
  3. By court order.
  4. Upon the request of a law enforcement officer who is investigating criminal conduct alleged to have occurred at the library.
  5. To persons acting within the scope of their duties in the administration of the library or library system.
  6. To other libraries for interlibrary loan purposes in accordance with the standards set forth in Wisconsin Statute Sections 43.30(2) and (3).
  7. To a qualifying third party to assist with delinquent accounts. Under the provisions of the law, the library may only disclose the individual’s name, contact information and the quantity, types and value of unreturned materials, not the titles of the items. A “qualifying third party” is a collection agency or a law enforcement agency if the delinquent amount is over $50.

Library records

The library avoids creating unnecessary records and retaining records longer than needed for library business purposes. The library’s automated circulation system is executed by the Bridges Library System and the policies on retention are therefore set by the system rather than individual libraries.

  1. To receive a library card, library users are required to provide identifying information such as name, birth date, picture ID, and physical as well as mailing address (if different). The identifying information is retained as long as the library user continues to use the library card. In most cases*, the information will be in the database for a maximum of three years after the person stops using the library card, at which time the record is deleted.
    • *Expired patron records remain for those patrons with:
      • Collection agency fees
      • Overdue fines over $100 (for other libraries’ fines) or $50 (for Delafield fines)
      • Lost items from other libraries
  2. A library user’s circulation record includes current identifying information, items currently checked out or on hold, as well as overdue materials and fines. When an item is returned, it is removed from the cardholder’s account. However, cardholders who sign up for the reading history service will have their checkout history saved instead of purged. The cardholder has the option to turn off the service and delete their reading history at any time.
  3. The library may gather information necessary to provide a requested service to a library user including but not limited to the following examples:
    • Records for interlibrary loan requests or reference services
    • Records needed to sign up for or participate in library classes, programs, and services
    • Records for use of meeting rooms
    • Records for receiving emails and/or text messages about library services and programs
    • Personally identifying records are destroyed once there is no longer a need for the information. Emails sent to library staff may be subject to open records requirements.
  4. The library treats records as confidential in accordance with Wisconsin State Statute 43.30. The library will not collect or retain private and personally identifiable information without the person’s consent. If consent to provide personally identifiable information is given, the library will keep it confidential and will not sell, license, or disclose it to any third party, except for purposes described by the law.

Protecting a patron account

It is the patron’s responsibility to notify the library immediately if a library card is lost or stolen or if he or she believes someone is using the card or card number without permission.

Keeping account information up-to-date

The purpose of accessing and updating personally identifiable information is to ensure that library operations can function properly. A patron may access their personally identifiable information held by the library and is responsible for keeping the information accurate and up-to-date. A patron may view or update their personal information in person. They may be asked to provide verification in the form of library card or picture identification card to ensure verification of identity.

Parents and children

For the protection of patrons, parents seeking records of their minor child under age 16 may be asked to provide proof of their child’s age as well as evidence they are the custodial parent. According to Wisconsin State Statute 43.30(1b)(ag) “Custodial parent” includes any parent other than a parent who has been denied periods of physical placement with a child under s.767.41(4).

Items on hold

Patrons may choose to designate others to pick up their holds. To reduce errors and ensure privacy, holds can only be checked out on the card that held the item.

Public computer use and the library’s automation systems

The library routinely and regularly purges information that may be linked to library users, such as information from web servers, mail servers, computer time management software, interlibrary loan requests, and other library information gathered or stored in electronic format.

The library uses Radio Frequency Identification (RFID) technology to secure and circulate its collection. The only information stored on the RFID tag is the item barcode and a security tag that indicates if the item is in or out of the library. RFID technology is not used in library cards.

The Bridges Library System maintains the online catalog and several databases. The Library System automatically collects and maintains statistical information about library users’ visits to the library catalog and databases. This information includes the IP address of the visitor, the computer and web browser type, the pages used, the time and date, and any errors that occurred. This information is used for internal reporting purposes and individual users are not identified. Network traffic is monitored to identify unauthorized attempts to upload or otherwise damage the web service. If a library user chooses to pay fines and fees via credit card, the credit card number is not stored in the user’s library account; it is simply passed through to the payment processor.

Websites

The library’s website contains links to other sites including third party vendor sites. The library is not responsible for the privacy practices of other sites which may be different from the privacy practices described in this policy. The library encourages users to become familiar with privacy policies of other sites visited, including linked sites.

The library website does not collect personally identifying information from visitors to the website unless the patron requests a service via the library website. The library may collect non-personal information from visitors to the website for statistical analysis, site assessment, server performance, authentication, troubleshooting and other management purposes. Examples of non-personal information collected include Internet Protocol (IP) address of the computer, the type and version of browser and operating system the computer uses, geographical location of the network used to link to the library’s site, and time and date of the access. There is no link to personally identifiable information in computer communications, unless a patron has provided that information in the content of a transaction, for example, filling out an online form to request a service.

The library uses temporary cookies to maintain authentication when a patron is logged in to the online catalog. A “cookie” is a small text file that is sent to a user’s browser from a website. The cookie itself does not contain any personally identifiable information. Other electronic services offered by the library through third party vendors may use cookies to help control browser sessions. Websites may use the record of cookies to see how the website is being accessed and when, but not by whom.

Library database users are asked for their library card number to ensure that only authorized users have access. Database vendors do not have access to any user records or information.

The library and the Bridges Library System work with a variety of partners to provide e-content to users. Prior to checking out any of the library’s e-content users should read the privacy policy of the company that is providing the service.

Wireless access

The library offers both a collection of wireless hotspots to check out as well as free wireless access (Wi-Fi) both inside and outside the library premises for library patrons to use with their personal devices.

Due to the proliferation of Wi-Fi networks, library users may also be able to access other Wi-Fi networks within the building that are not provided by the library. Use of these non-library wireless networks within the library’s facilities is also governed by the library’s Internet Policy.

As with most public wireless options, the library’s wireless connection is not secure. A patron’s use of this service is governed by the library’s internet policy. Any information being transmitted could potentially be intercepted by another wireless user. Cautious and informed wireless users should choose not to transmit personal information (i.e. credit card numbers, passwords, and any other sensitive information) while using any public Wi-Fi. Use of the library’s wireless network is entirely at the risk of the user. The library disclaims all liability for loss of confidential information or damages resulting from that loss.

Other services

Some patrons may choose to take advantage of hold and overdue notices via e-mail or text message, and similar services that send personally identifiable information related to library use via public communication networks. Patrons should also be aware that the library has limited ability to protect the privacy of this information once it is outside the library’s control.

Library photographs and recordings

Delafield Library staff may photograph or record library programs, activities, and events for use in marketing and promotions.

Signs are posted and/or participants are verbally informed that their image may be used for promotional purposes, including posting on social media. Patrons are advised to notify library staff members if they do not wish to be recorded.

Illegal activity prohibited and not protected

Patrons may conduct only legal activity while using library resources and services. Nothing in this policy prevents the library from exercising its right to enforce its Code of Conduct, protect its facilities, network, and equipment from harm, or prevent the use of library facilities and equipment for illegal purposes. The library can electronically log activity to monitor its public computers and external access to its network and reserves the right to review such logs when a violation of law or library policy is suspected. Staff is authorized to take immediate action to protect the security of library patrons, staff, facilities, computers, and the network. This includes contacting law enforcement authorities and providing information that may identify the individual(s) suspected of a violation.

Enforcement and redress

Patrons with questions, concerns, or complaints about the handling of his/her personally identifiable information or this policy may file written comments with the Library Director. A response will be sent in a timely manner and the library may investigate or review best practices and procedures.

The Director is custodian of library records and is authorized to receive or comply with public records requests or inquiries from law enforcement officers. The Director may delegate this authority to designated members of the library’s management team. The library will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction, showing good cause and in proper form. All library staff are trained to refer any law enforcement inquiries to the Director.

Adopted by the Delafield Public Library Board of Trustees on May 14, 2024

Privacy and Confidentiality Policy PDF