Submitted by libwww on Fri, 11/10/2023 - 17:42

The University at Albany Libraries gather, maintain, and use select patron data to better serve our valued students, faculty, staff, and other community members, and support our institutional mission and goals. Data management is a serious responsibility, and we strive to balance effective services with patron confidentiality and privacy.

Our data collection practices and our associated policies regarding privacy and transparency are guided by the principles outlined in the American Library Association's Library Bill of Rights. We strictly maintain compliance with FERPA and applicable New York State laws. Our efforts are consistent with the best practices of the University at Albany and the library profession.

How we use your data

The University Libraries use data to assess library resources, services, and platforms to continuously improve the user experience. The libraries play an integral role in student success and research excellence at the University at Albany. The data collected in accordance with this policy will be used alongside other campus-level data to highlight student and faculty success, to demonstrate impact to stakeholders, and to benchmark our performance as an Association of Research Libraries member. The Library Assessment Committee oversees the assessment initiatives at the University Libraries.

What types of data we collect

Items tracked for assessment purposes include:

Data Collected Why We Collect It How We Handle Your Data
Library Borrowers
(E.g., library books, equipment, etc. that you currently have checked out)		 We need to know who currently possesses materials we own for damage or loss accountability. Only library staff who assist with borrowing materials can access patrons’ current checkouts.
Historical use of Physical Materials
(The number of times an item has been loaned or used in- house; loan dates, return dates, in-house use dates)		 We use circulation statistics to develop the library collections and determine what items need to be weeded or acquired. No borrower information is retained once library materials are returned.
Access of Licensed Digital Materials
(E.g., databases)		 We use statistics related to use of digital materials to make collection decisions and determine what services to subscribe to. Also, to ensure off-campus access is not a compromised patron account being used for unlicensed, bulk downloads of material. Login records are stored on a secure server that is only accessible to library staff who need access as part of their regular job duties. We do not track what materials an individual user has accessed beyond one year.
Use of Physical Library Spaces
(E.g., library headcounts/gate counts, use of Special Collections research room, group study rooms)		 We use this information to plan library hours and staffing. Only numerical counts are collected without any user information.
Use of Computers
(E.g., computer workstation logins, application usage)		 The University at Albany Office of Information Security sets industry recommended requirements, and ITS and the library use aggregated counts to determine where to place computers and what software licenses to renew or cancel. Only system administrators have access and we do not conduct centralized tracking of activity within applications. User profiles on public workstations are automatically deleted within 48 hours. Short- term, guest patron credentials are available without personal identity requirements.
Use of the Library Website We use this information to continuously improve information visibility and accessibility and to identify aggregated interests and worldwide origination. Only IP address, browser capabilities and information about the web pages viewed is collected. No personal information is collected unless voluntarily provided by the user. See the libraries Internet Privacy Policy for more information.
Participation in Library Events
(E.g., Registration for events, event sign-in, entering library contests, attending library instruction sessions)		 We use this information to develop and improve library events and instruction. Registration, entries, and attendance information is stored on a secure third-party platform.
Consultations
(E.g., virtual or in-person reference interactions, tickets, research consultations, scholarly communication consultations)		 We use the frequency and content of these transactions to improve library services and to make staffing and scheduling decisions. Library users may choose to provide their name and/or contact information to facilitate further communication with library staff. Patron information is stored on a secure third-party platform. Only library staff who provide these services have access to this information. Content of these interactions is retained for our knowledge base.

The libraries do not sell your data nor do we use it to sell anything to you.

Third Party Policies

Many library services and content are provided by third party vendors, all of which have their own privacy policies. Library users are encouraged to review these policies.

How we secure your data

  • All methods of data storage will comply with University at Albany ITS policies on Information Security, File Storage, and File Sharing.

     

  • Library staff will only access user data necessary to carry out their respective job-related responsibilities.

  • Library staff will complete all required annual information management training and FERPA compliance training.

  • Library staff will complete department-specific data handling training. This training will include data collection practices laid out in this policy, where to locate this policy, and how the policy will be made available to library users.

    • Departments are responsible for developing data training and documentation of data training for employees.

     

  • Electronic data being transferred over the network is encrypted with public/private key pairs signed by a chain of trusted Certificate Authorities.

  • Most of the stored electronic data containing personal user information is generated as part of industry standard logging processes. Said information is protected through best-practice, least- privileged security protocols for access only by administrators of the host servers and is automatically deleted after a fixed period.

  • Suspected breaches of data or security shall be reported to the University at Albany Information Security Officer immediately. Suspected inappropriate disclosures of personally identifiable information shall be reported to the Office of Human Resources Management immediately.

Opt-In

Library Services

Except for borrowed materials and access to licensed digital content (as outlined above), the collection of identifying user information is on an opt-in basis. Most library services do not require users to share identifying information, but some users may choose to do so in some instances. Some examples of users voluntarily providing such information include:

  • Registering for library events.

  • Signing in or swiping/scanning your university ID when attending a library event or class.

  • Making an appointment for a consultation.

  • Providing contact information to allow a librarian to follow up after a reference interaction or consultation.

  • Entering a library sponsored contest or drawing.

Any identifying information provided to the library by users will be handled securely as outlined in this policy and in accordance with FERPA and applicable state laws.

Third Party Services

Some third-party platforms require the creation of individual user accounts to access extended features or content. Users should consult the vendor’s privacy policy before proceeding.

  • Where an individual account is required to access content of a third-party service, users may choose not to use that service. Librarians are available to help users identify alternative resources.

  • Where an individual account is required to access extended features of a service, users may access the content of the service without utilizing the extended features.

Transparency

A copy of this document will be made publicly available on the library’s website. A link to this policy will be included on library forms that request personal information from the user.

Print copies of the policy will be provided at library service points at the request of library users. Information about this policy and where to find it will be posted in the libraries.
 

Living document clause

University Libraries will periodically review this policy to ensure compliance with current best practices in academic libraries, the latest data security standards, and alignment with University at Albany vision and mission.

University Libraries will review and update this policy when there is a change to our data collection and/or handling procedures.

Policy Last Updated