Contents:
It is the policy of the Pennsylvania State University Libraries that the privacy of all users, including employees, shall be respected in compliance with federal and state laws and professional standards of confidentiality. We maintain strict client confidentiality and will not reveal the identities of individual users or information related to their personal transactions to any non-Libraries' staff, individual, or entity without a court order or a valid subpoena, except under appropriate federal law. Additionally, it is the Libraries' policy that patron records containing personal information will be disposed of once the need for their original creation has ended, unless it is for archival purposes in compliance with the policies of the University, and state and federal law. This policy applies to personal business records and to the retention periods for those records. It applies to all records of patron transactions with the University Libraries regardless of their format, means of delivery, or location as well as to all records management services offered by the Libraries. This policy is intended to be supplemental to Policy UL-AD08 Confidentiality and Privacy of Patron Library Records.
The records of patron transactions with the University Libraries, regardless of their format, have a life span or life cycle in which they eventually become inactive or no longer support their original business or administrative purpose. Retention periods are extended beyond that expiration only to comply with minimum legal requirements or standard business practices of the University and University Libraries. Retention beyond the recommended time periods for disposal of inactive patron records requires justification and will be at the discretion of the Libraries' administration. This University Libraries' policy complies with the minimum standards set by University Policies AD35: University Archives and Records Management, and AD11: University Policy on Confidentiality of Student Records, and the General University Reference Utility (GURU) Appendices, General Retention Schedule (staff only) and Financial Document Retention Schedule: University Auditing Department Requirements (staff only), respectively.
Users' personal information associated with individual item circulation records is maintained only so long as the circulation transaction remains active, i.e., while the materials are still on loan or there is a fine or fee connected with the transaction. Once a circulation transaction is complete (materials returned and/or fine or fee paid), the personal data of the patron involved in the transaction will be deleted from the circulation history, and/or links to that information will be broken. Circulation data related to that item only will be retained for collection development purposes and collection usage statistics. No specific personal user information will be retained or associated with an item's circulation.
All patron financial records such as, but not limited to, bills, fines, fees, credits, etc., will be maintained as long as the transaction is active, that is as long as the account is "open," and regardless of whether the patron is currently a registered borrower with the Libraries. Records of closed accounts will be retained, without personal patron data or links to personal data if possible, for two years after the account is closed for auditing purposes. That is, after an account is closed, the records are retained for the current year plus one year. See: AD35: University Archives and Records Management, AD 11: University Policy on Confidentiality of Student Records, and the General University Reference Utility (GURU) Appendix, Financial Document Retention Schedule University Auditing Department Requirements, sec. C, Student Accounts Receivable (staff only).
All user files and logs of user transactions on the University and Libraries' computer systems are held to be confidential and will be kept as private as possible. [See: Policy UL-AD08 Confidentiality and Privacy of Patron Library Records] Logs of patron computer use such as, but not limited to, electronic mail, reference interactions, interlibrary loan transactions, databases consulted, Internet sites visited, etc., are covered by this policy. Disposition of computer use logs will occur at the end of each calendar year after a retention period of one year.
Any request for patron information that Libraries' staff may receive from a law enforcement official should be referred directly to the Dean's office immediately. All staff must follow the procedures contained in Guideline UL-ADG04 Staff Guidelines on Protecting the Confidentiality and Privacy of Patron Library Records. This applies to all requests for information regarding our library users as well as an individual's library records, etc. This applies to all locations and all hours of service.
Other Policies/Guidelines in this manual should also be referenced, especially the following:
UL-AD08 – Confidentiality and Privacy of Patron Library Records
Guideline UL-ADG04 – Staff Guidelines on Protecting the Confidentiality and Privacy of Patron Library Records
Effective Date: November 23, 2004
Date Approved: November 23, 2004 (Deans/University Legal Counsel)
Last Review Date: August 2007
