|
|
Privacy
Guidelines for
British Columbia Public Libraries
2. Registration
B.C. public libraries are as diverse as the communities
they serve. Registration systems often reflect these diversities.
Depending on the library, registration of a new patron
may be done by means of a paper registration form, direct entry into the
library’s computer system, on-line application, verification and transfer
of information from an on-line application, or a combination of these.
Regardless of the registration system, libraries must
carefully consider the personal information they collect and how it is
handled (Act, Part 3).
a) Collecting personal information
|
Public libraries are authorized to collect personal
information under the Library Act and section 26 of
FOIPPA. Collection occurs in a
variety of ways and for several purposes. Below are some of the
considerations when collecting personal information during the
registration process.
See "Circulation", "Internet/Computer Access",
"Reference Questions", and "Outside Service Providers" for more
information about collecting personal information.
|
i) Only collect personal information that is
required
|
Libraries may only collect personal information that is
necessary for the library to offer its services and operate its programs
or otherwise authorized by FOIPPA (Act, s. 26). For example, if knowing the first language of a patron is
not necessary, it should not be collected.
When libraries wish to collect information for
statistical purposes
or to learn more about their patrons
for the purpose of planning or
managing their programs and services (such as reading preferences and
preferred language), separate forms should be used with no personal
identifiers.
Once the statistical information is compiled, the
original forms should be shredded.
Box 2.1
|
|
NOTE for Smaller
Communities :
In smaller
communities, information collected
anonymously could still identify an individual. For example, there may
be only one man in town who is over 70 and whose preferred language is
Hungarian. Because the individual may be identified, this is still
personal information and needs to be protected as such. |
ii) Only by trained employees and volunteers
| Only employees and volunteers who are fully aware of the
requirements for protecting personal information should be authorized to
collect personal information. |
iii) Best practices re patron ID
|
Most libraries require individuals to provide
identification
showing their name and home address. It is best not to record the ID
number. If a library wants to document that ID was checked, a check box on
the paper form or a flag in the computer system is sufficient. It may be
helpful, especially for new employees and volunteers, to avoid providing
any space on the form that may look like it is intended for recording an
ID number.
Some libraries allow patrons to borrow expensive
reference materials
for a short period of time if the patron leaves something of value, such
as their keys or a piece of ID. It is preferable from a privacy
perspective not to keep an ID card or anything else with personal
information.
See "Collecting ID numbers and references for debt
collection" (below) and "Reference Questions: In person" for more
information.
|
iv) On-line registration
|
Libraries that allow patrons to register
on-line should ensure that the personal information is
protected during the communication process (e.g. using 128-bit encryption
technology).
If the communication is not secure, libraries should
state this very clearly to individuals who may wish to register on-line.
Personal identification numbers (PINs) issued should be randomly chosen. Non-random numbers,
such as the last 4 digits of an individual’s phone number or birth date
may be easily guessed by a third party.
|
v) Collecting ID numbers and references for
debt collection
|
Libraries that have difficulties with unreturned
resources may wish to
collect certain personal information (such as ID numbers or references)
specifically for the purpose of debt collection (see Box 2.2 below). Where
an individual’s personal information is collected specifically for the
purpose of debt collection, libraries must inform the individual
of this at the time the information is collected (Act, s. 27).
Box 2.2
|
|
TIPS for
collecting ID numbers and references:
-
Before collecting ID numbers for debt collection
purposes, make sure
the library or the collection agency has legal authority to use the ID
numbers in collecting debts. For example, can they legally use certain
ID numbers to find the patron’s current address?
-
When
collecting personal references (e.g.
contact information for a patron’s parents or friends), be careful to
only collect
-
work
contact information (name, business phone number and address),
or
-
information that is listed in the local telephone directory,
-
unless the reference person has provided consent for the collection
(Act, s. 27(1)).
|
vi) Recording other family members’ personal
information
|
Personal information about
another member of a patron’s family should not be collected without the
family member’s
consent
(Act, s. 27(1)).
See "Children" below for information about children’s
registration.
|
b) Information individuals need to know when
personal information is collected
|
Anytime personal information is collected
from an individual, employees or volunteers must give her information
about
-
the purpose(s) for collecting it,
-
the legal authority for collecting it, and
-
the person she can contact for more information and their
contact information (including the person’s title, business address and
phone number) (Act, s. 27(2)). (See Box 2.3 below).
Box 2.3
|
|
FOI/Privacy
Officer
A library must have
a designated employee responsible for the library’s compliance with
FOIPPA (Act, s. 77(a)) . In
these Guidelines, this person will be referred to as the library’s
FOI/Privacy Officer. |
i) When registering using on-line or paper
registration forms
|
Registration forms
(paper or on-line) are an excellent place to include a
statement that communicates the required information to individuals when
their personal information is collected (see (b) above); they can also
direct individuals to the library’s privacy policies for more information.
Paper forms with personal information should be shredded
when no longer needed.
See "Records Retention & Disposal" and "Appendix II:
Sample Privacy Clauses" for more information.
|
ii) When registration information is input
directly into the system
|
When
a patron’s information is entered directly into the library’s computer
system, the employee or volunteer entering the information should
communicate the above required information (under (b) above) to the new
patron. This can be done by calling the individual’s attention to a notice
on the registration desk that sets out the information or by giving the
individual a brochure with the library’s privacy policies, which includes
this information.
See the "Appendix II: Sample Privacy Clauses".
|
iii) Privacy policies & procedures
|
Libraries should have privacy policies
setting out their personal information protection practices.
These policies must be made readily available to the public (Act, s. 70).
Libraries should also have clear to guide employees and
volunteers in the handling of personal information in different situations
they may encounter in the library. These procedures must be made readily
available to the public (Act, s. 70).
Box 2.4
|
|
Good places for
letting patrons know about privacy policies and procedures:
-
Library cards are great places for brief privacy statements and to
refer patrons to the library’s privacy policies and procedures for
more information.
-
Notices at Registration and Circulation counters provide good places
to let patrons know where they can read the library’s privacy
policies.
-
The
Library’s website can provide full privacy policies and procedures.
|
c) Children
i) Collecting children’s personal information
ii) Parent/guardian authorization
|
Libraries generally have policies requiring that children
under a certain age have their parents or guardians
authorize their membership applications. In most cases, the adult signs an
agreement to be responsible for the materials borrowed by the minor child.
This allows the library to contact the parent/guardian regarding overdue
books and fines.
Where this is the case, children 12 years and older should be told that the library may disclose personal information to the
parent/guardian, such as book/resource title, where necessary to recover
overdue materials. This notification could be provided on the registration
form.
Box 2.5
|
|
Why should
children be given this
notice?
-
Children have the right to control the disclosure
of their own
personal information (and to access or correct it). It is only when a
child is "incapable" of exercising her rights that a parent or
guardian may do so on her behalf (Reg., s. 3).
-
While
the FOIPPA Regulation does not specify an age at which a child
is deemed to be "capable" of exercising her own information rights,
section 76 of the Child, Family and Community Service Act
establishes 12 as the age at which a child in care may exercise her
own access, disclosure and correction rights. This provides a useful
guideline for establishing an age in policy.
-
However, libraries should keep in mind that a child under 12 who is
"capable" of exercising her own information rights has the right to do
so. Policies should not be applied so rigidly that such a child is not
able to exercise her rights under FOIPPA.
|
d) Home service
|
Some libraries offer home service
for patrons who have special needs. Additional personal information may be
required in order to offer these services. For example, if library
employees or volunteers choose the resources, they may need to know the
patron’s reading preferences, whether large print or audio books are
needed, emergency health and contact information, and what the patron has
already borrowed to avoid duplication.
Where a service cannot be provided unless a patron
provides evidence of a documented disability (e.g. Talking Books),
libraries should not photocopy the evidence/certificate, unless absolutely
necessary for a specified purpose. Instead, a note should be made of the
fact that the appropriate certificate was shown and any other necessary
information, such as an expiry date.
Only the personal information required to offer the
services should be collected (Act, s. 26). Extra care should be taken to
ensure that any sensitive health information collected is securely stored.
See "Security" and "Circulation: Home Service" for
more information.
|
e) Non-residents
|
Libraries sometimes allow visitors and other
non-residents
limited and/or temporary membership privileges. There may be a real
concern for libraries over collecting unreturned material. In such cases,
libraries may want individuals to provide a credit card number as
security. If the library is able to charge to the credit card for the
overdue materials, then collecting the credit card information may be
reasonable. The individual must be informed that the credit card number is
being collected for this purpose. Extra care should be taken to ensure
that credit card numbers are securely stored.
Also see "Security".
|
f) Personal information for marketing or
fundraising
|
Personal information should not be disclosed or marketing or fundraising
purposes unless the patron’s consent is obtained. Consent can be
obtained easily by providing a box on application/registration forms
patrons can check to either "opt-in " or "opt-out " of being
contacted for marketing or fundraising purposes.
Box 2.6
|
|
"Opt-in" vs.
"Opt-out" by ticking a box on a form:
·
"Opt-out"
à
a box is provided for an individual to indicate that she does not
consent. If the individual filled-in the form but did not tick the
"opt-out" box, she is considered to have consented.
o
This
type of consent should not be used where sensitive personal
information is involved.
·
"Opt-in"
à
a box is provided for an individual to tick if she wishes to consent.
o
This
is the higher level of consent, because it requires the individual to
actively choose to consent. |
|
