Ethics

As I have written before, a big rule for the "Ask the Lawyer" service is "don't reinvent the wheel!"

So before I answer this, I will reiterate the member's mention of the "Prison Library Support Network", and refer readers to their excellent guide "Reference Letter Writing: A Volunteer Handbook."

The "Volunteer Handbook" reviews a lot of what I would otherwise supply: how to be respectful of an incarcerated person’s needs and personal considerations when responding to a reference request, how to be aware of and work within the larger social dynamics at play, and--critically--the practical considerations of sending mail to incarcerated people (it's also well-written, which is always a plus).

To the "Volunteer Handbook" I would add just a few considerations for a library at a private higher education institution:

First, it is important to recognize that while library services provided in the state of New York by both public libraries and academic libraries are confidential, incarcerated individuals do not have privacy with respect to information they receive via the mail.  Therefore, the normal librarian/library user dynamic is "off."

Here is a sample of the scrutiny mail to a person living in jail or prison will be subject to:

(c) Printed or photocopied materials.

(1) When, in the course of inspection, printed or photocopied materials are found, the entire contents of such correspondence may be delayed through the correspondence unit for up to six days while the materials are subject to media review guidelines (see Part 712 of this Title).

(2) A limit of five pages of printed or photocopied materials (an individual newspaper clipping will be considered one page) may be received within a piece of regular correspondence (except as provided in paragraphs [3] and [4] of this subdivision). In order to facilitate media review, pages or clippings must not be taped, glued, or pasted together or to other papers.

(3) Not to exceed once every four months, an inmate may make a written request to the superintendent to receive in excess of five pages of printed or photocopied legal papers specifically related to the inmate's current legal matter (e.g., legal brief or trial transcript relating to the inmate's active case) within a piece of regular correspondence. The inmate shall make the request in advance...[etc.]

Ugh.  That's a lot of compromised privacy.[1]  So, from the outset, just keep in mind that per 7 CRR-NY 720.4, as well as a facility's customized policies and procedures, the usual rule of confidentiality will not apply.

Aside from that, I add three things:

1.  An academic library should specify via written policy if it offers library privileges to community members within a defined geographic scope (not just students, alumni, and employees).

2.  An academic library should have a policy setting out its capacity and limits for providing hard copy/mailed responses to reference requests.

3.  If a library is going to provide services specifically to incarcerated persons living beyond the geographic scope allowed by their policies (as the member's question says, they get questions "from around the country"), a specific policy should be developed for providing that service, even if the institution doesn't have a fully-developed prison outreach program.

These three policies should be applied evenly, fairly, and with attention to budget and capacity. This means:

With respect to #1, if an academic institution allows residents within 100 miles to have library privileges, and there is a prison within that radius, a person who is incarcerated may have library privileges (although their ability to exercise them may be limited).

With respect to #2, if an academic library provides written, mailed responses to users, there should be time and resource limits on providing that service to users, and those limits should be uniformly applied with respect to both staff hours, and copying/mailing budget.

And with respect to #3, if a private academic institution wants to provide services to persons living in jail or prison beyond the scope of their usual services, but it not able to develop a full prison outreach program, such services should still be done per a specific policy.

Why a specific policy, if there isn't a fully developed outreach program?  A few reasons.  First, it will help set the boundaries for the service, based on the library's capacity.  By establishing those boundaries, the library/institution will be able to show that the resource is being allocated fairly.  And finally, it provides clarity on how such services are provided, who is responsible for providing them, and how much is allocated for the expense associated with them (useful information if your institution ever wants to expand the service through a grant).

Here is a sample policy:[2]

[ABC Library] Policy on Reference Services to Incarcerated Persons

Policy

As part of our mission, the [ABC College Library] provides up to [20 hours per month] of reference services to persons incarcerated anywhere within [the United States].

Procedure

Upon receiving a reference request from a person who is incarcerated, the ABC Library assesses if the inquiry can be answered by the library within [one month (30 days)].[3]

If it can be answered, the question is placed in a queue to be answered in order of receipt, and an answer will be sent via the USPS within 30 days of receipt.

If it cannot be answered, either due to a large queue, or because it is not within the capability of the institution, a reply is sent stating "The ABC Library received your request for reference services, and regrets that answering your question is not within our capability at this time."

The position responsible for reviewing requests, and for assessing and effecting a timely response, is [INSERT]. This responsibility may be delegated, based on capacity.

OPTIONAL: To the greatest extent possible, persons within [NAME Correctional Facility], which is in the Library's area of service, are served per the library's policy on community members, and hours spent serving such users are not counted against the monthly amount allowed under this policy].

I appreciate that for many institutions of higher education, this question is deeply related to mission. Therefore, in adopting even the most informal policy, such as the one above, I also suggest considering a recital of how the work specifically plays into the mission of the institution.

Thank you for a thoughtful question.

[1] I get why, but as someone opposed to the carceral system in general (we can do better), this is just another reason to develop a better system.

[2] [Text in Brackets] in this sample policy indicates places where customization is most needed.

[3] An institution should research what time frame they feel is fair to offer; for some inquiries, sixty, or even ninety days may be reasonable.  This depends on the type of inquiries your institution is receiving...especially since this is a policy for a reactive service, rather than a deliberative outreach program.

This question needs to be answered on a sliding scale.

Here are three scenarios to show how the scale can slide:

Scenario 1: "Scrapbooking"

A museum makes robust use of social media to connect with its community.  At different events, a staffer or two are expected to take lots of photos, including shots of staff and guest speakers interacting with the community.  Members often comment how much they enjoy the images and connectivity.

Since the Museum got in on the ground floor of social media and the practice started on the Museum's website, some of the content is almost 3 decades years old ("born and aging digital"). At this point, some of the employees in the images have not only simply moved on--they've retired.

No written, signed permission to use the employees' images is obtained.

Scenario 2: "Image Crafting"

A library is working to show its commitment to diversity, equity, and inclusion.  The employee in charge of the web site and social media culls through photos of employees and patrons to post selected images on static pages that refer to a DEI commitment; while other use of the website and social media is managed as usual, these pages remain unchanged as stand-alone statements.

No written, signed permission to use the employees' images is obtained.

Scenario 3: "Stone Cold Marketing"

An association library is creating a brochure to kick off a capital campaign to build a new library on a donated piece of property.  The donated land is more centrally located in the library's area of service.  To raise funds for the hoped-for building that will serve a new generation of library users, the library asks all the employees and their kids to attend a photo shoot on the new land.  The idea is they will sit on blankets, reading, on the currently-empty lot, and the library's graphic designer will put a semi-transparent rendering of the future building over them, showing the library of the future.

No written, signed permission to use the employees' images (or their kids' images) is obtained. 

In New York, the law is pretty straightforward on the unauthorized commercial use of living people; NY Civil Rights Law Section 50 "Right of privacy" says "a person, firm or corporation that uses for advertising purposes, or for the purposes of trade, the name, portrait or picture of any living person without having first obtained the written consent of such person, or if a minor of his or her parent or guardian, is guilty of a misdemeanor."

Recently, the law was expanded to restrict the commercial use of the image of deceased "personalities": NY Civil Rights Law Section 50-F 2. a. provides "Any person who uses a deceased personality's name, voice, signature, photograph, or likeness, in any manner, on or in products, merchandise, or goods, or for purposes of advertising or selling, or soliciting purchases of, products, merchandise, goods, or services, without prior consent from the person or persons specified in subdivision four of this section, shall be liable for any damages sustained by the person or persons injured as a result thereof."[1]

"Ask the Lawyer" has addressed this issue a bit before: see https://wnylrc.org/raq/employee-privacy-and-image-use and https://wnylrc.org/raq/posting-patron-images-facebook-when-image-release-required, but we haven't focused on solutions to the question posed by the member: If an individual who no longer works at an institution finds that their picture is still being used by said institution, whether in promotional photos or on staff/faculty pages, does that individual have any legal recourse?

This is where our scenarios come in.

If the use is what I've called "scrapbooking" in the first scenario--part of a collection documenting events as they unfolded, and not featured or linked in a way that advertises the institution or asks for money--the law does not have much recourse.   That said, a former employee can always ask for an image to be removed as an act of courtesy, and if there is a compelling reason (safety, emotional well-being, not wanting to be affiliated with the institution any more) an attorney could help the person isolate and make a convincing argument for removal.

As the scale continues to slide, if the use is what I've called "image crafting" (the use referenced by the member in the question), if written permission was not granted, there may be grounds for demanding removal under the law.  A current or former employee who feels strongly about this should consider working with a lawyer, since the first request should accurately set out the basis for the requested removal.

On the final end of the scale, when the use is clearly for "advertising purposes, or for the purposes of trade" (like a posting soliciting a capital donation), written permission should have been obtained, and a former or current employee--unless their job description includes serving as a model or posing for published pictures--has a strong basis to demand removal under the law.

What can a cultural institution do to avoid the risk of unauthorized commercial use of an employee's image?  A few things:

First, unless it is part of the employee's job description, do not require use of the employee’s image on print publications and social media.  If the institution has determined that, for the sake of public relations and service, all public-facing employees will have their picture on the website, it should ensure that due attention to safety and privacy is factored into the requirement.[2]

Second, even when an employee seems "okay" with being featured in a publication (print or online), it is good to get written permission. While not all uses will qualify as "commercial" and thus risk violation of the law, it shows respect and proper attention to employee agency and safety.

Third, if feasible, consider a default position that every employee, unless it is in their job description, has "opted out" for use of employee images on institutional publications.  Then ask who would want to be featured.  For example: "To respect employee privacy, the library does not intentionally use the name and images of employees except to the extent they are listed on the website and in published board materials.  If you would like to be featured in library social media and publications, please alert the Director, so we can obtain a written image release.  This is not a requirement!"

Fourth, if your library or other cultural institution needs to rely on the personality and persona of an employee to the point where use of their name and image in association with the library is part of their job, consider putting that in their job description.  For example, "The [insert title] position is a community-facing position and in addition to routine interaction with the public, will be required to interface with the public via materials published by the [library] from time to time, including use of their name, signature, and recorded images of their likeness and voice."

And fifth, when in doubt, get an image release.

An image release can come in many forms; to be on the safe side, an image release should be custom-written for your institution, and the use it plans to make of authorized images.

That said, here is a sample:

Image Release

NAME, who is at least 18 years of age, consents to the use of their image, name, and likeness, as governed by New York Civil Rights Law 50 for purposes of informing the public about events, opportunities, and initiatives of the XYZ Library, including fundraising initiatives.  As an employee, I understand that such consent is not a requirement of my position, and I may revoke this consent at any time by sending a written request to make no further use of my image under this Image Release. I understand that "revoking consent" means no further use will be made of my image, but that past use will not be removed. Unless revoked by me personally, this release shall be binding on my heirs and cover the institution's use of my "right of personality" as covered by New York Civil Rights Law 50-F.

DATE:______________

SIGNATURE:______________________

WITNESS:____________________________

Records retention period of this release: PERMANENT.

A well-written release can cover you whether you are "scrapbooking", "image crafting", or engaging in "stone cold marketing."

Thank you for a thoughtful question!

[1] I won't list them all here, but there are many exceptions to this law for use by artists, journalists, etc.  If you are just learning about Civil Rights Law 50-F in this RAQ, please don't let it stifle your archive, art, or journalism! You can find the list of exceptions here: https://www.nysenate.gov/legislation/laws/CVR/50-F.

[2] I could write a whole chapter on this consideration, but we'll leave it there for now.

There is no one right answer to this question, but there is a formula for any library to come up with its own, unique answer.

Here is the formula:

[Situation] x [Ethics + Law] / [POLICY/Precedent] = YES or NO

Let me break this approach down.  And trust me, I will give a clear reply to the member's question at the end of all this.

The formula starts with the situation.  In the scenario we have here:

"Local police walked through our Library earlier today with no explanation. Later on, we noticed 2 teens on premises, who we assume should have been in school. We thought the police may have been looking for them as truants, but that is not confirmed."

There is a lot that can be said about this description, but one important aspect of it is the library's care to not reach a conclusion about why the teens were at the library instead of school (while the member describes an "assumption," there is no action on that assumption).  And as noted, law enforcement was not called; rather they "walked through...with no explanation."

This situation is then multiplied by the combined factor of ethics and law.  Both the ALA and NYLA Codes of ethics emphasize patron confidentiality.  Meanwhile, New York's Civil Practice Law and Rules ("CPLR") Section 4509,[1] the state law requiring a subpoena or judicial order before a user's library records can be shared without that patron's consent, does not define "library records" other than to state that they include "personally identifying details."  This is why whatever the situation, ethics, and law are, the answer must be assessed under a library's policy governing patron records (while considering past applications of the policy, to ensure consistent application).

It is at this last factor--policy--where things can get complicated.  With the advent of (sorta) new technologies, the definition of "library records" is not just internet searches and checked-out materials.  It could be what a person printed on a 3D printer, or their image on a surveillance camera, or their use of library wi-fi.  None of these things, right now, are listed in CPLR 4509, but many library professionals would consider them to be library records.

The trick is making sure that when a library takes a position about library records (especially with regard to records that, at first glance, are not about library services, but more about security), it is supported by their policy.

Okay, I know I promised a "clear answer".  So let's re-state the question: "if the police were to ask if we saw the teens, are we able to answer or is that considered a violation of patron privacy as it is with patron information and records?"

Based on a fictitious library consulting a fictitious lawyer, here is one possible answer:

To the ABC Library:

You have requested legal advice regarding whether a library may provide a substantive answer in response to law enforcement enquiring about the presence of a patron in the library.

Your concern is that such a disclosure, based on the visual observations of library employees rather than written/recorded records, could still be considered a violation of patron privacy.  You confirmed that at the time of the inquiry, the library had no operational need to release any such information.

I have reviewed the library's policy on patron confidentiality, and based on the below clause, I advise to not release such information unless there is a subpoena or judicial order:

"Consistent with the ALA and NYLA Codes of Ethics, the ABC library considers any record or information that indicates an individual's use of library services and/or facilities to be a library record under CPLR 4509, unless specifically excluded[2] by this policy."

Therefore, I advise not providing such information without a subpoena or judicial order, unless the requestor accurately points out that a specific law requires it.

Thank you for trusting me with this question.

Very truly yours,

A. Hypothetical Lawyer, Esq.

Of course, as the "formula" at the start of this answer points out, the "situation" may vary from time to time.   And CPLR 4509 does leave room for mandatory disclosure "when otherwise required by statute." [3] Those are the times when a library may want to consult a local attorney to obtain quick advice in the moment.

Since this formulaic balancing of facts, ethics, legal obligations, and policy can be difficult to keep in mind,[4] it may be helpful to summarize it to library trustees, employees, and volunteers this way: “A patron's use of the library and our services are confidential.  If anyone asks about a patron using or being at the library, our standard reply is 'Since patron information is confidential, I need to refer you to [the Director].’”[5]

Thanks for a very thought-provoking question.

[1] As of November 12, 2021, here is the text of CPLR 4509: "Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state, including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute."

[2] What are examples of things to exclude?  If a library is in shared space with a shared security surveillance system, that should be excluded (unless the library has confirmed via written contract that the footage of the library will only be reviewed per the policy).  If the library has a snack bar or gift shop and wants to monitor the point of sale for theft, that could be excluded.  Security footage of a community room used by third-party groups (not individuals) under a space rental agreement is another possible example. 

[3] Such as FERPA. For more on this, see the “Ask the Lawyer” posted here: Patron Confidentiality in School Libraries

[4] Even lawyers need to look this stuff up sometimes.  Just like I don't have some of the finer points of the Domestic Relations Law at my fingertips, not all lawyers can recite the requirements of CPLR 4509.

[5] Or designated positions with regular training and/or adequate experience to appreciate the fine points of the library's policy.

Questions that combine higher education, data access, and "terms of use" enforcement always give me a moment of sad reflection, as I remember Internet pioneer and activist Aaron Schwartz. It was an alleged overuse of an academic database at MIT in 2012 that lead up to his demise.[1]

While the circumstances in the Schwartz tragedy are different from the situation described here, both scenarios--and the care the member has taken in framing this question--illustrate the importance of considering what's at stake when an institution balances contract compliance, digital access, and privacy.

What's "at stake" here? The member's question combines concerns about:

• Confidential use of library resources
• Academic freedom
• Intellectual freedom
• Honoring the exclusion of certain academic and library actions from liability for copyright infringement
• FERPA

Let's do a quick run-down of these critical areas:

In New York, the confidentiality of library services is protected by Civil Practice Law & Rules ("CPLR") section 4509, which states that library records indicative of the identity of a library user may only be accessed with that user's permission, or per a subpoena or court order. CPLR 4509 applies to private libraries within academic institutions as much as it does public libraries or those within school districts. It works hand-in-glove with the American Library Association's and New York Library Association's recitals of patron confidentiality in their Codes of Ethics.

In New York, the commitment of a higher education institution to academic freedom is reflected in various ways. An example is the American Association of University Professors' 1940 "Statement on the Principles of Academic Freedom"[2]: "Teachers are entitled to full freedom in research..."

In New York and throughout the nation, the commitment of libraries to collaborate with others to promote intellectual freedom and access to information is reflected the ALA Library Bill of Rights: "Libraries should cooperate with all persons and groups concerned with resisting abridgment of free expression and free access to ideas."

In New York and throughout the nation, certain academic and library actions that would otherwise violate copyright are excluded from liability for infringement. This exclusion is to ensure there is a clear and well-defined legal safety net for content accessed in furtherance of certain intellectual and academic freedoms.

And throughout the USA, the privacy of education records, including library records, is assured under the Family Education Rights Privacy Act" (FERPA).

Serving as a counterweight to all of these critical factors are an educational institution's obligations under federal law and regulation with regard to alleged copyright infringement, particularly the regulations found in 34 CFR §668. If I were to delve into that and describe all of those obligations here, this answer would be 50 times longer, but a good summary of what compliance in that regard looks like can be found in this sample policy from RIT: https://www.rit.edu/its/rit-response-copyright-infringement.  In short:  since 2008, federal law requires higher education institutions receiving federal financial aid and other federal benefits to be express enforcers and re-enforcers of copyright.[3]

Sitting astride of all of this is whatever notification commitments (and other responses)  a college or university library agreed to when it signed the license agreement with the database provider (I have reviewed many of these types of license agreements, and almost all of them have some form of notification action requirement, which can range from a warning as described by the member, to ensuring the immediate cutoff of access by an offender).  This means that in addition to the ethical, legal, and regulatory factors that have to be balanced in a question like this, we also have to consider obligations that are contractual.[4]

With all of these very important considerations now laid before us, let's review what the member is doing:  1) getting a notification of a possible terms violation from the provider, and then 2) using a firewalled[5] process to identify the user and alert them of the alleged violation, and then 3) assuring the vendor they have addressed the issue.  As asked by the member:  Is this process appropriate in resolving the misuse of a database, or does it violate the user’s/student’s privacy rights?

Here is my short answer: since the method of response described by the member shows there is a big firewall between the vendor and the institution (meaning: the outside party never learns the actual identity of the alleged violator), I believe so.  BUT: the only real way to ensure privacy is protected as it should be is to confirm that the information flowing between the library and the IT Department never goes any further...within the institution.

What do I mean by that? The information should never go to campus safety or security. Unless it is per a very clearly articulated procedure developed for the operational needs of the library, it should never go to the office responsible for student discipline. And it should certainly never go to an employer on campus, a faculty member, or an advisor.[6]

This caution is warranted because, although a library within a higher educational institution is not a separate business entity the way a chartered public library is an entity separate from the town or city that sponsors it, for purposes of an academic library's adherence to privacy ethics and laws, it should be considered a stand-alone entity. Information can flow into it, but information should not flow out, even to other departments, unless the flow serves the operational needs of the library, and verifiably goes no further.

This 'one-way flow" for user-associated academic library records is an easy goal to articulate, but in practice, it can be very difficult to assure. As systems within large and small institutions get more integrated in the interests of security and economy, so too is it more difficult to separate one type of information from another. However, when it comes to privacy and library confidentiality, because of the high stakes involving intellectual freedom, academic freedom, and student privacy, extra care and attention is warranted.

The care of the member in submitting this question and describing the careful process they are using is emblematic of the type of care that should be used at all times when safeguarding user confidentiality and privacy at a higher education academic library.

Thank you very much to the member for submitting such a careful question.

RIP, Aaron Schwartz.

[1] I say "led up to" rather than "led to" because while many believe the latter, the facts of the case clearly establish the former.

[2] Found as of November 14, 2021, here: https://www.aaup.org/report/1940-statement-principles-academic-freedom-and-tenure.

[3] I won't mince my words about that requirement: I don't like it. But I am not a member of Congress.

[4] And voluntary. This is why it is very important to read database licenses and to PUSH BACK on clauses that require draconian responses to alleged violations.

[5] By "firewalled," I mean that the vendor never knows the name or other identifying information of the alleged violator.

[6] Unless the student has signed a waiver. Then it can go to whoever has permission.

[NOTE: for background to this short answer, please see the much longer "Ask the Lawyer" Background checks and fingerprinting for new employees, that addresses the tightrope walk/legal minefields of employee background checks.]

So, does a school district public library[1] implementing a background check for new employees have to also check their current ones?

The answer is: no; barring an over-ruling requirement (such as a term in a union contract) a library board can implement a background check policy for all hires going forward, without imposing a "retroactive check" requirement for current employees. 

However, I would never advise that approach.  Here are three reasons why:

1.  Possible discrimination

A policy to only check the backgrounds of "new" employees could have a disproportionate impact on candidates on the basis of age, or gender, or race (to name a few).  By not checking everyone, an employer risks the appearance of (or actual occurrence of) illegal discrimination.

2.  Possible liability

Employee background check policies are implemented to reduce risk.  If an employer is using employee background checks to reduce risk, there should be a very good reason for not checking all employees (such as a union contract that bars it[2]), or the employer risks a claim of negligence.

3.  Worker relations

A work environment should be a place of high trust.  By subjecting one class of employees ("new" employees) to heightened scrutiny, in addition to the possible concern mentioned above in "1," it creates an unbalanced environment for trust.  This is bad for morale.

I appreciate that background checks can come with a cost, so minimizing their frequency is helpful.  I encourage any library implementing such a policy to check with their "Directors & Officers Insurance" carrier, since sometimes, carriers offer resources to defray and even pick up the costs of the check.

Thank you for a thoughtful question.

[1] Of course, if a school district public library is in a school (not a common scenario; school district public libraries are largely autonomous and separate from school district property), and if the librarians are on the payroll of the district, then they are already being background checked and fingerprinted, per the chart here: http://www.nysed.gov/educator-integrity/who-must-be-fingerprinted-charts.  Of course, this question pre-supposes that the board is setting the hiring policy, which means the library is autonomous.

[2] Just to be clear, a contractual obligation to not conduct criminal background checks should never be in a collective bargaining agreement!  However, some reasonable restrictions on the scope of such a check would be consistent with NY law and policy.

Before I answer, I would like to thank this unnamed trustee for bringing forward this important issue.  Dealing with personal legal matters is rarely easy; remembering to factor in consideration of one's volunteer obligations at the same time is impressive.

On its surface, this question is a fairly simple exercise:[1] does the status of a library trustee as a plaintiff against the district supporting the library create a "conflict of interest" that would violate the library's bylaws, ethics, or the Not-for-Profit Corporation Law ("NFPCL")?

To address that question, one must first understand what is meant by a "conflict of interest."

The concept “conflict of interest” sounds simple, but often quickly gets, as they say these days, “complicated.”

Why is that?  For a library,[2]  the concept of a "conflict of interest" could consist of layered elements like the petals of one, single (but complex) rose...or it could be a complex, multi-variety bouquet.

What can comprise this bouquet?

Let's start with the rose.

Section 715-a of the NFPCL requires every charitable corporation in New York (a category that includes most libraries), to adopt and enforce a policy "to ensure that its directors, officers and key persons act in the corporation's best interest and comply with applicable legal requirements, including but not limited to the requirements set forth in section seven hundred fifteen of [the NFPCL]."

Let's peel back the petals on this first thorny flower.  In one sentence, 715-a lists a broad expectation (acting in "the corporation's best interest"), a broad mandate ("comply with legal requirements"), and one very specific law to follow (NPFCL 715, which bars "related party transactions").[3]

Let's take that last petal first.  What is a "related party transaction?"

According to the NFPCL's "Definitions" section, a "related party transaction" means "any transaction, agreement or any other arrangement in which a related party[4] has a financial interest and in which the corporation or any affiliate of the corporation[5] is a participant..."

Based on the information provided, the trustee submitting the question is not in a "related party transaction".  The suit is not against the library, and in this scenario, the district who will be named in the suit is not an "affiliate" of the library.  Since the district is required to put the tax vote on the ballot (the school board has no control over this; it has to put the ballot up as proposed by the library board), the act of using the district to float the vote to the public does not create a relationship that could serve as the basis of a conflict.

Let's take the middle petal: "legal requirements?"  Is there any "legal requirement" that a trustee not bring an unrelated legal action against a school district who facilitates a library budget vote?  No.[6]

And finally, that first, most fraught petal: "the corporation's best interest?" --We're going to leave that for last.

What other “blooms” could join, and affect, this "conflict of interest" bouquet?

• The library' bylaws
• The library's customized "Conflict of Interest" policy[7]
• An association library's trustee oath of office[8]
• A grant or other contractual obligation that creates a temporary definition of a conflict
• The library's strategic plan, or other planning document that would create a conflict as defined by law, bylaw, or policy.[9]

Fortunately, no matter how many blossoms in the "conflict of interest" bouquet, the law requires that when the possibility of a conflict arises, it is the board--not the individual trustee--who must assess it.

The NFPCL does that by requiring a board to pass a conflict of interest policy that:

 ...include[s], at a minimum, the following provisions:

  (1) a definition of the circumstances that constitute a conflict of interest;

  (2) procedures for disclosing a conflict of interest or possible conflict of interest to the board or to a committee of the board, and procedures for the board or committee to determine whether a conflict exists;

  (3) a requirement that the person with the conflict of interest not be present at or participate in board or committee deliberation or vote on the matter giving rise to such conflict, provided that nothing in this section shall prohibit the board or a committee from requesting that the person with the conflict of interest present information as background or answer questions at a committee or board meeting prior to the commencement of deliberations or voting relating thereto;

  (4) a prohibition against any attempt by the person with the conflict to influence improperly the deliberation or voting on the matter giving rise to such conflict;

  (5) a requirement that the existence and resolution of the conflict be documented in the corporation's records, including in the minutes of any meeting at which the conflict was discussed or voted upon....
  

So, at the end of the day, no matter how large the "conflict of Interest" bouquet, it is the board, as a whole, who has to sniff out a problem.[10]

In this case, the rub is in that first petal: the requirement that a trustee always act "in the corporation's best interest."

At the surface, there is no conflict whatsoever in this scenario: the school district is not a partner or contractor with the library, and the school board has no discretion about whether or not to put the library's budget on the ballot (they must put it exactly as the library board requests it).[11] Therefore, even if the contemplated lawsuit by the trustee is not taken kindly by the school district's board, there can be no direct negative impact.

Now, however, for a pragmatic answer: in a world where everything is political, and library budgets all the more so, could an adversarial relationship between an individual library trustee and a school district board be in something other than "in the best interest" of the library?

That consideration--and its answer--is not a legal issue.  In this scenario, there is nothing that violates the law, and I have never seen an oath of office, nor a bylaws provision, that would bar trustee service under such circumstances.  Further, as discussed above, even if the school board takes umbrage, they would be powerless to block the requested ballot item.

However, there is a "soft" consideration here that goes beyond the law.  I categorize these types of concerns not as "legal" issues, but that dreaded concept: "diplomacy."

When it comes to "diplomacy"...could members of a community, including an individual school board member in their individual capacity, decide to take a dim view of a library trustee who is suing their district, and try to punish the library?  They shouldn't, but as individuals, speaking just for themselves, they could...they absolutely could.  And even though their negative actions couldn't block the budget vote, it could influence a vote in non-official ways.

That said, the possibility of such personal vengeance in no way creates a legal conflict of interest.  So, for the reasons set forth above, a board doing an assessment of this situation--unless their policy specifically includes a unique definition or example that bars trustees sowing bad PR, even incidentally--would likely not determine that it constitutes a forbidden conflict.

Of course, a trustee may decide that they have enough on their plate, just being a plaintiff in a stressful lawsuit, and resign to avoid the (real or possible) stress of the situation.  Or the board and trustee may engage in some practical "risk management" and mutually agree that, given a high likelihood it could impact the board-to-board relationship, it is best if the trustee steps down for a time.  But such an option would not be required by law and would be based on pragmatism...and it could only be effected with the consent of the trustee.

And THAT is my answer to this very important question. 

I wish the trustee who posed it both 1) a thoughtful and supportive library board, and 2) a school board with the ability to maturely and completely compartmentalize legal issues from diplomatic ones.

Thank you.

[1] For purposes of this question, we'll assume that the only "support" the district provides to the library is the budget ballot (there is no MOU or even informal agreement for other assistance, like overflow parking, or hosting the annual fund-raiser).

[2] Public or association, in this case.

[3] There is no case law that picks apart how the commas in the sentence impact the interpretation and inter-relation of its required elements; that would be a dream case of mine (not that I wish the need to make that argument on any client of mine).

[4] "Related party" means (i) any director, officer or key person of the corporation or any affiliate of the corporation; (ii) any relative of any individual described in clause (i) of this subparagraph; or (iii) any entity in which any individual described in clauses (i) and (ii) of this subparagraph has a thirty-five percent or greater ownership or beneficial interest or, in the case of a partnership or professional corporation, a direct or indirect ownership interest in excess of five percent. "Relative" of an individual means (i) his or her spouse or domestic partner as defined in section twenty-nine hundred ninety-four-a of the public health law; (ii) his or her ancestors, brothers and sisters (whether whole or half blood), children (whether natural or adopted), grandchildren, great-grandchildren; or (iii) the spouse or domestic partner of his or her brothers, sisters, children, grandchildren, and great-grandchildren.

[5] In this case, the "corporation" is the library.

[6] I have not read every law passed in New York State, but I am willing to go out on a limb for this one.

[7] As you can see in the NFPCL, not-for-profit corporations have the right to define their own notion of "conflict," so long as the policy meets the requirements of the law.

[8] Only an association library might need to consider this, since the oath required of public libraries does not add to the obligation to be free of conflicts of interest (although it does undergird it).

[9] For instance, if the strategic plan called for the library to enter into a contract with the district in the future.

[10] That's right. The next time your board has to assess if the board chair's cousin getting the winning bid to the parking lot resurfacing job is a conflict, just envision being handed a fragrant mass of lilies and roses!

[11] Education law Section 259, found at https://www.nysenate.gov/legislation/laws/EDN/259.

Many libraries, for a variety of good reasons, have security cameras.  Some libraries control those recording systems; others do not.  But no matter how they get there, when cameras are in a library, the questions posed by the member are critical.

Here is why: every library in the State of New York is bound by ethics and law to safeguard patron privacy.  Those obligations start with the ethics of the American Library Association[1] and the New York Library Association,[2] assuring patron privacy; these ethics find legal teeth in New York Civil Practice Law and Rules[3] and the Public Officer's Law.[4]

At the local level, patron privacy is often reinforced in a library's ethics statement, bylaws, and policies.  The practical duties of patron privacy are found in job descriptions (particularly of directors and IT professionals), and in membership terms between libraries and systems.  And it is part of every new employees' on-boarding.[5]

Because librarians and library leadership are so aware of this privacy obligation, and because assurance of patron privacy is a key component of information access, protecting patron privacy is often referred to in the library community as nigh-unto-sacred duty. So sacred, in fact, that I have met more than one librarian willing to go toe-to-toe with law enforcement seeking unauthorized access to patron data.[6]

While it takes a certain type of gumption to stand up to law enforcement, it takes another type (equally critical, but not as concentratedly defiant) of gumption to think about patron privacy in the context of software, landlords, and security cameras.  One takes a willingness to take a stand in the moment.  The other takes a willingness to think about details, to leave nothing to chance, and to ask a lot of very specific, very persistent questions.[7]

Both of these types of gumption are critical to the modern librarian, but only one gives you an easily dramatic answer to the question "how was your day?"

We'll leave the dramatic aspect of this for another time.[8]  Below, please find a boring--but vital-- checklist of steps and language to help a library answer the questions posed by the member, when a landlord is using cameras trained on library premises:

Step 1: Assess what the library's lease says about security and use of cameras

For libraries with landlords (remember, your library has a landlord even if you only pay a token amount of rent,[9]) it is important to have a written lease. 

Why?  Because, among other critical things,[10] that lease can provide clarity about who provides the on-site security (including a camera system) and set the stage for how the landlord and the tenant will manage security-related details.

In this case, the member has clarified that the security system will be controlled by the municipal (county) landlord.  Here are the details posited by the member:

These cameras will not be regularly monitored unless there is a reason to consult them. We will not be viewing the footage per a patron’s request. They will be maintained by our county facilities staff and consulted only in cases where a criminal act was committed.

These details, upon which the library will base its own actions, should be confirmed in the lease.  Such confirmation should include, whenever possible, a marked survey or map of the property, showing the limits of the camera's line of sight.

Step 2:  Assess if the lease terms and security camera arrangements promote the privacy commitments of the library

Just a note: while a municipality may procure and install a camera system with the intent to only monitor it "in the event of alleged criminal activity," in my experience, there is no way to enforce such a restriction, and some risk that the use of the cameras could change over time.

For instance:

• The recordings could be subject to disclosure under the Freedom of Information law;
• The recordings could be accessed via subpoena in the event of an alleged personal injury or other civil claim;
• The temptation for a town, city, or county to use the recordings internally (even for something as innocent as using them to check if a snowplow crew did a good job, or if a worker is arriving on time) might be hard to resist.

A library can't control this.  That said, when a camera system is installed, a library can request assurance that the municipality's internal policy, governing the cameras, include language:

• Alerting the users of the system to the sensitivity of patron records at a library;
• Confirming that the footage showing people entering and leaving the library is not regarded as a "library record" by either party; and
• Confirm that under no circumstances should the security cameras enable recording of information reflecting patron use of services.[11]

Once a library performs these two steps, it can answer the member's two questions:

First question: What type of permanent notification do we need to post about the use of cameras?

Once the library has written assurance that the landlord's use of recording technology will not result in the creation or disclosure of a library record, it is up to the director and board if, or how, your library should alert the community.

Personally, as a patron, I would appreciate a "courtesy notice" such as: "Your library records are confidential.  Please know that while our landlord has security cameras in [ZONES], the library does not allow recording that could impact patron privacy inside the building."[12]

OR (if the library makes use of its own security cameras): "Your library records are confidential.  Please know that our landlord has security cameras in [ZONES] and may use those for security purposes, but any security camera record maintained by the Library that shows use of library services is considered confidential and is used for library purposes only."

Second question: What major points do we need to ensure we include in our privacy policy?

The privacy policy of the library, or in the alternative, the minutes of the board, should reflect the details and privacy safeguards confirmed through the two-step analysis above. 

For instance, after the analysis is done, the board can note in the minutes: "Regarding the landlord's use of outside security cameras: As of DATE, the Library's landlord, NAME, will have security cameras observing certain outdoor areas, including library property.  The Library has verified that its lease, and the landlord's internal policy, prevent the landlord's security cameras from generating or disclosing confidential library records.  The public will be notified as to where the cameras are recording, and that such recordings are not confidential library records."

I appreciate that this review/confirm process can be a bit clunky.  However, it is also an opportunity to alert a critical partner (a landlord, and sponsoring municipality) to the importance of library-patron confidentiality, and to assure the public that privacy is a priority.  By seizing the moment to confirm that privacy is being properly considered and enforced, a library not only assures its ethics and legal compliance, but can create an ally in that eternal (and important) fight.[13]

I hope this approach is helpful.

[1] ALA Code of Ethics.

[2] As found in the NYLA Code of Ethics: " III. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted."

[3] CPLR 4509 states: “Library records, which contain names or other personally identifying details regarding the users ...including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute.”

[4] https://docs.dos.ny.gov/coog/ftext/13308.htm

[5] If it's not, it should be.

[6] You guys are so cool when you do that.

[7] Like the member is, here.

[8] Actually, we address it here: RAQ #26.

[9] Generally, this token rent is placed at $1/year.  Just once it would be fun to see a more random number, like $1.26/year.

[10] Such as insurance, hours of operation, emergency procedures, notification in the event of injury, protocol for repairs, capital improvements, etc...  For more commentary on this, see RAQ #166 about having any MOU with a sponsoring municipal entity.

[11] If security cameras are aimed at a curbside pick-up location, the library should consider if the recording is a library record.

[12] Forbidding recording in a public library is a controversial topic, I know.  This language is written to address recording that can impact patron privacy.

[13] Hey, I managed to make careful attention to minutia sound dramatic!

This...is a big question.  It's only three short paragraphs.  But it's BIG.

It's "BIG" because the risks of getting this topic wrong are immense--from not only the obvious risks involving legal concerns, but risks involving ethics, privacy, and the goal at the heart of the issue: safety.

It's also BIG because the phrase "background check" is not tied to a precise or static definition.  When someone says "background check" in the context of employment, here are just a few of the things it could mean:

• Criminal background check
• Credit check
• Military service separation check (form "DD 214")
• Motor Vehicle Records ("MVR") check
• Transcript and education records check (including student disciplinary records)
• Licensing/professional oversight body (medical board, bar association, etc.) check/confirmation of good standing
• Civil litigation history review
• Reference check
• Previous employment verification
• Social media/publications check

Each of these "checks" comes with a wide array of legal requirements--or typical legal cautions--governing its use.

For instance:

• A criminal background check should only be used by an organization if it has an up-to-date "Criminal Background Check Policy," because in the state of New York, denying employment based on a criminal conviction requires the employer to do a precise analysis (of which the denied applicant can request a copy).[1]
• A credit check should only be used by an organization if it has an up-to-date "Credit Check Policy" to ensure the regulations in the Fair Credit Reporting Act ("FCRA") are being followed.[2]
• A MVR should only be used by an organization if it has an up-to-date "MVR Check Policy" that clearly sets out the types of moving violations and other records that would flag a basis for non-employment.[3]

For all types of checks, the institution using them should have a clear policy governing what jobs require them, and how such records are evaluated, maintained, and disposed of.

And finally: when developing, implementing, and routinely using any type of background check policy, an organization is wise to take care that it is not incorporating factors that can be shown to disproportionately negatively impact (i.e., discriminate against) a particular category of applicant.   

Okay, with all that off my chest, let's answer the actual questions.

First question:

Do background checks, fingerprinting, etc., need to be done for all positions?

The degree to which background checks and documentation of identity must be performed are governed by two things: what is legally required, and what the risk management practices of an institution dictate. 

These two factors mean that practices will vary from place-to-place.  A librarian working within a public school district in the state of New York will be subject to a criminal background check and must be fingerprinted[4] just as any other regular employee within their district. A librarian at a public or association library is not required by law to have a criminal background check, nor to be fingerprinted,[5] but an institution could decide, for risk management purposes, that a position requires that level of scrutiny for safety and security.  

Second question:

Does it need to be posted in the job advertisement that there will be a background check for the successful candidate or all finalist applicants?

There is no requirement in the law that a job advertisement has to disclose a background check in the job advertisement.  However, prior to obtaining and using any information from a third party whose business it is to provide background information, an employer must notify an applicant; this notice must be in writing and in a stand-alone format.  Further, before a negative decision is made based on such information, it must be disclosed to the applicant.  A good resource on this is the Federal Trade Commission,[6] but the third party provider, if they are a true professional, will provide the forms for each of these steps.

Now all that being said, it may be that some local hiring procedures or collective bargaining agreements require the disclosure of background checks in a job notice.  Further, some employers may want to disclose their intent to use a background check to avoid surprising candidates further into the process.  There is no bar to making such an early disclosure, but if given, such notices should be carefully drafted to avoid implying that those with arrests or criminal convictions[7] will not be considered for the position.

Third question:

Can the background check need to include a financial check and a legal check?

Yes, absolutely. A background check can include a credit check, a search for liens and other debt instruments, a review of criminal history, a consideration of driving record, and any combination of the items I listed at the top of this reply.  Just be careful: if your library or system relies on a third party to supply that information, it must follow the guidance from the Federal Trade Commission (see that link in footnote 6).

Okay, at this point, I have to re-emphasize: before using any type of check, a library should have a policy covering that type of check, and that policy should cover all check-specific legal compliance, as well as: when the check is conducted, how it is conducted, how the information is used, and how the documents related to it are disposed of/retained. [8]

When developing such a policy, a good rule of thumb for an institution considering any type of background check is to be able to clearly answer the question: "Why are we doing this check?"  While the reasons will vary, the answer should always relate to the essential functions listed in the job description, and the nature of your library.

For instance: if a position will create opportunities for a person to spend unsupervised time with vulnerable populations, a criminal background check and rigorous prior employer check is wise.  If a position requires a particular credential, verification of that credential makes sense.  And if you are hiring someone who will frequently have to drive the bookmobile, a motor vehicle records check is almost always imperative.

On the flip side: if a person is being hired for a job that doesn't require driving, a "current driver's license" should not be required. If a person will never have access to financial information or fiscal resources, a credit check is likely not necessary. And if a would-be library clerk has a DWI that is 20 years old--and no other criminal history--it is likely the conviction is not a basis to eliminate them from consideration.

Last question (and it's another biggie):

And tangentially, am I correct in my assumption library staff are not considered mandated reporters? Are there guidelines for this as well?

"Mandated reporters" is a legal term under Section 413 of the NY Social Services Law.  Professionals listed in that section are required to make a report when they:

 "...have reasonable cause to suspect that a child coming before them in their professional or official capacity is an abused or maltreated child, [OR] when they have reasonable cause to suspect that a child is an abused or maltreated child where the parent, guardian, custodian or other person legally responsible for such child comes before them in their professional or official capacity and states from personal knowledge facts, conditions or circumstances which, if correct, would render the child an abused or maltreated child."[9]

I have placed a list of the "Mandated Reporters" set by Section 413 below this answer. As you can see by reviewing the (long) list, library employees (unless their function also fits into one of the categories listed in 413) are NOT Mandated Reporters.

Of course, a library--or an institution that hosts a library--can decide and enforce via policy that its employees have an affirmative duty to report observed or suspected child abuse (or any abuse) that occurs on their property or in their programs.  Many insurance carriers actually require their insureds to have such a policy.[10]

[NOTE: If an employer has any type of "report abuse" policy, employees should be trained on how to make such reports no less than annually.  The average person can have a trauma response to witnessing abuse, which can impact their ability to report it, as well as negatively affect their well-being.  Routine training on how to recognize and report concerns, and experienced support for reporters, can help with this.]

Thank you for an important series of questions.

List of "Mandated Reporters" under Section 413 of the Social Services Law (also called "human services professionals[11]"):

...any physician; registered physician assistant; surgeon; medical examiner; coroner; dentist; dental hygienist; osteopath; optometrist; chiropractor; podiatrist; resident; intern; psychologist; registered nurse; social worker; emergency medical technician; licensed creative arts therapist; licensed marriage and family therapist; licensed mental health counselor; licensed psychoanalyst; licensed behavior analyst; certified behavior analyst assistant; hospital personnel engaged in the admission, examination, care or treatment of persons; a Christian Science practitioner; school official, which includes but is not limited to school teacher, school guidance counselor, school psychologist, school social worker, school nurse, school administrator or other school personnel required to hold a teaching or administrative license or certificate; full or part-time compensated school employee required to hold a temporary coaching license or professional coaching certificate; social services worker; employee of a publicly-funded emergency shelter for families with children; director of a children’s overnight camp, summer day camp or traveling summer day camp, as such camps are defined in section thirteen hundred ninety-two of the public health law; day care center worker; school-age child care worker; provider of family or group family day care; employee or volunteer in a residential care facility for children that is licensed, certified or operated by the office of children and family services; or any other child care or foster care worker; mental health professional; substance abuse counselor; alcoholism counselor; all persons credentialed by the office of alcoholism and substance abuse services; employees, who are expected to have regular and substantial contact with children, of a health home or health home care management agency contracting with a health home as designated by the department of health and authorized under section three hundred sixty-five-l of this chapter or such employees who provide home and community based services under a demonstration program pursuant to section eleven hundred fifteen of the federal social security act who are expected to have regular and substantial contact with children; peace officer; police officer; district attorney or assistant district attorney; investigator employed in the office of a district attorney; or other law enforcement official.

[1] This is why the phrase "Must have no criminal history" or the like must not be included on a job notice.  For more information on this, visit https://dhr.ny.gov/protections-people-arrest-and-conviction-records.

[2] More info on this further into the answer.

[3] For some employers, this criteria is set by the provider of the organizations’ automobile and/or general liability insurance; this is especially true for organizations that use "company" vehicles.

[4] As listed here: http://www.nysed.gov/educator-integrity/who-must-be-fingerprinted-charts.

[5] Unless there is a very obscure local law I have been unable to find.  If you are aware of one, please email me at adams@losapllc.com.

[6] More information on how/when to give this notice is here: https://www.ftc.gov/tips-advice/business-center/guidance/background-checks-what-employers-need-know.

[7] Or other categories protected by law.

[8] That's right: I put that in italics, bold, and underlined it!  An "Ask the Lawyer" first.  No organization should ever "wing" a background check--of any kind.  There is too much at stake.

[9] I know, there is a lot of room for interpretation in this language; when in doubt, seek guidance.

[10] I think of this as the "Penn State Victims Requirement."

[11] 18 NYCRR § 433.2

This is a cool idea—aggregating and cataloging drone shots.   Someone fifty years from now will be very, very grateful for that type of work!

But as the member points out, there could be some technical or legal issues, namely: copyright, privacy, and security.  How does the library make sure none of those concerns negatively impact the project?

Let's take those in order.

Legal Concern: Copyright

This one is pretty simple: with one exception, the copyrights to pictures taken by a drone are owned by the operator(s) of the camera, who usually (but not always) is the same person/people flying the drone.  They are never the property of the area photographed (unless the property owner is also the photographer).

What is the "one exception" to that ownership?  If the photographer is taking the drone images as part of their regular job,[1] the copyright will belong to their employer (for example: if the drone shot was taken by the photographer to illustrate a story in a newspaper).[2]

Once the library establishes the copyright owner, the only copyright-related impediment to including the images in the catalog would be if the owner had sold the copyright, or given someone else "an exclusive license," since that would mean they could no longer license the images to your library.  Other than those complications, with the right agreement,[3] permission and use should be simple.

Legal Concern: Privacy & Security

The "copyright" section, above, is fairly simple.  Things are a bit more complex when it comes to privacy and security.

There is a huge array of drone-shot content that I could see risking a violation of privacy or a threat to security.  Here are the most common I could rattle off at a cocktail party:

• The risk of the images being the result of "Unlawful Surveillance,"[4] which is an “E” Felony in the state of New York.  "Unlawful Surveillance” is (among other things) taking a picture of a person dressing (or undressing) in a place where that person has a “reasonable expectation of privacy” (and they haven't agreed to pose for the picture);[5]
• The risk of the images being a violation of a person's "right of publicity,"[6] which is using someone's image for commercial purposes without their written authorization.  For instance, if the images were found on a site where they were being used for a commercial purpose.
• The risk of the images being the result of, or evidence of, trespass, harassment, and other criminal law violations that could result from a person deploying a drone over a residence, business, or area near an airport.

In addition to my "rattle it off" list, I did some research.  If we leave out the restrictions of reconnaissance and targeting drones, there is one other drone-related “no-no” to be wary of:

• The risk that the images are the result of harassing sea otters.[7]

In most of these concerns, it is not the act of including the images in the catalog that would be the legal issue--but rather, that the images themselves could be proof of a legal violation.  We’ll address that more in the last section.

Legal Concern: FAA-restricted Areas

The Federal Aviation Administration’s rules for academic, hobbyist and other forms of non-military drone use are here:

https://www.faa.gov/uas/public_safety_gov/media/FAA_UAS-PO_LEA_Guidance.pdf. [NOTE: This link was confirmed as no longer active and removed on 02/25/2022  as part of the routine review of "Ask the Lawyer" materials.]

I won't re-hash them, but the FAA does not bar taking pictures—just flying at certain locations and times.[8]  However, all operators--whether hobbyists or professionals--have to avoid certain areas at certain times. 

The FAA maintains a list of those areas, as well as a list of designated recreational UAS flight zones, available here:

https://www.faa.gov/uas/recreational_fliers/where_can_i_fly/airspace_restrictions/

This was so cool, I looked up my part of the state:

And now I know where not to fly the drone I don’t own.

Sample License for Use of Drone Pictures

Once you have confirmed that any drone shots your library would like to use are not: the result of or evidence of a crime, taken in forbidden air space,[9] or otter harassment, here is a sample license for securing permission to include them in an online catalog:

IRREVOCABLE, NON-EXCLUSIVE LICENSE

[NAME] ("Photographer"), an individual residing at [ADDRESS], and at least 18 years of age, hereby gives the [NAME LIBRARY] (the "Library") an irrevocable, non-exclusive, transferable license to use an image entitled [TITLE], a copy of which is attached hereto as "A" (the "Image"). The permission to use the Image includes unlimited use in any format now existing or later developed.

Photographer represents and warrants that the Image is their original work and that to the best of their ability to determine the rights of no individual or entity were violated by the creation of the Image.

In consideration of the rights granted herein, Library shall at all times credit Photographer with authorship and ownership of the photo as follows: This image is © [NAME], [YEAR], and is used by the [NAME LIBRARY] with permission from the photographer, who may be reached at [email address].

Signed by Photographer: _________________________.

Signed on behalf of the Library: ___________________________.

A Final Word on Getting "Permission"

This question was pre-packaged to consider issues of permission/legal concern related to images generated via drone, so I have structured it to give primary consideration of those issues.

However, I would be remiss if I didn't stress that when assembling an archive or image collection, worries about permission shouldn't always be a threshold consideration.

Why is that?  If a library or archive crafts the parameters of an image catalog around the purpose of that catalog—around why it is important to gather a certain type of content, within a certain range of criteria—permission might not even be necessary. 

Concerns about permission and legality should not prevent the assembly of a resource that has academic, documentary, or investigative value.[10]  And the more a collection or archive is shaped as a documentary, academic, or investigatory endeavor, the less the subject matter and content can pose legal concerns...or rather, the more protections[11] the project will be able to avail itself of.

Taking advantage of those exemptions starts with having a very clear scope for your project, a written set of ethics, and a statement of purpose for the endeavor. [12]

My takeaway in this final part of the answer?   If your project is of academic, historical, or social value, don't let lack of permission be a roadblock.  Instead, just like the member does in this question, set up a clear scope for your project, and then tackle any reservations head-on.  This will lay the groundwork for a strong archive or catalog.

Posterity will thank you.

[1] Head Photographer at "Drone Shot Weekly?"

[2] Here is the FAA guidance on media use of drones for newsgathering: https://www.faa.gov/about/office_org/headquarters_offices/agc/practice_areas/regulations/interpretations/Data/interps/2015/Williams-AFS-80%20-%20(2015)%20Legal%20Interpretation.pdf [NOTE: This link was confirmed as no longer active and removed on 02/25/2022  as part of the routine review of "Ask the Lawyer" materials.]  It’s interesting: even if using a small drone, such use doesn’t qualify for the “hobby” exception, and the drone should be registered.

[3] Do you need the “right agreement?” See the section of the answer called "Sample Agreement" for an example.

[4] NY Penal Law 250.45

[5] JUST TO BE CLEAR: I have 100% confidence that if a library comes across a creeper nude drone shot, they will not include it in an online catalog!  I am just being thorough.

[6] New York Civil Rights Law Section 50.

[7] Per 50 CFR 18.137: "Unmanned aerial systems or drones must not cause take by harassment of sea otters. Measures for avoidance of take may be required in an LOA, and may include maintaining a minimum altitude and horizontal distance no less than 100 m away from otters, conducting continuous visual monitoring by PSOs, and ceasing activities in response to sea otter behaviors indicating any reaction to drones."

[8] Thank you, THANK YOU to the member who sent this question.  Because of you, I got to read the FAA's guidance to local law enforcement for drone-related incidents, which includes this practical guidance "NOTE: Battery life is typically 20 to 30 minutes." 

[9] By the way, it might not be precisely forbidden for your library to post such images, just as a newspaper or academic publisher might reproduce them for purposes of news or scholarship.  But since those categories come with some higher risks (particularly of being told to cease and desist), it is wise to consider consistency with the purpose and ethics of your archive before including them.

[10] I am not saying to not consider them...just don't let them be project-killers.

[11] Such as fair use, journalism privileges, and recognition of the non-commercial nature of the use.

[12] Links to further "Ask the "Lawyer" content on this specific consideration (ethics as a key component to rock-solid archives) are here: RAQ #172 and RAQ #178.

Before I answer, I want to share a story.

A few years ago, I worked with a museum as they addressed the criminal prosecution and sentencing of a man who--in the guise of a volunteer--violated the trust of the institution, and later, when called into account for his behavior, initiated a campaign of verbal/written intimidation against the museum's employees (and trustees, and lawyers, and even his own lawyers).

As part of the former volunteer's sentence, and then his parole, he was restricted from any place with an archive.  During that time, I worked with the parole officer to make sure they had a good working understanding of what "with an archive" meant.

After the sentence and parole period expired, the person was returned to society, where state law requires that a past conviction can NOT be used to peremptorily deny a person certain opportunities (although after a careful analysis of precise factors, conviction can be considered before offering employment or a volunteer position[1]).

As the story and criminal conviction were widely reported in the news media, alerting other potentially vulnerable institutions to this cautionary tale was very easy; simply sending a link with "FYI" was enough to put an institution on notice of the past occurrence and position them to make a well-informed decision.  Any person who wanted further information could dig right into the court record, rather than rely on a second-hand account.

This ability to refer to the public record reduced, but didn't eliminate, the legal risks created when one institution "warns" another about troublesome visitors/customers/patrons.

Those legal risks include:

• The risk of a defamation claim;
• The risk of a civil rights claim;
• The risk of a claim called "interference with contract."

But what about when problematic behavior does not come with any media coverage or court filings?  What if it is confined to findings under a library code of conduct?  Can libraries within a regional system share information about particular patrons?

Yes, they certainly can, but just like applying a code of conduct within a library, certainly ethical and legal considerations apply.

To bar a patron, a library must follow its Code of Conduct, ensure the patron accused of wrongdoing gets due process ("due process" will vary a bit from library to library), and ensure the process and decision are properly documented and communicated to the patron.

As library professionals throughout the state of New York know, library patron records (which include Code of Conduct findings and consequences) are confidential, both per the ethics of the profession, and the law.

The law provides:

Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state, including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute.

If a library determines that the "proper operation of such library" is served by including the fact of the bar or restriction, then, so long as it is consistent with System policy[2], the information may be included in the notes as described in the member's question.

Of course, a patron of the System who is so designated has several avenues to challenge an inaccurate or unfair entry, including the type of claims I list above.

To avoid that, individual libraries making such entries should take care that:

• Any ban or restriction is the result of a policy decision;
• The patron was accorded all due process throughout the decision-making process;
• The decision-making and due process were well-documented;
• The entry into the system is minimal (effective date, sanction, and end date), with no color commentary/personal details.

Libraries wishing to document such determinations in their System should limit the information to "Starting DATE, Patron barred from ABC library until DATE" or "Patron privileges suspended at ABC library until DATE."

If a patron's behavior results in a criminal report, conviction, or other legal documentation, reference to the documentation is also a good idea (for example, "See ABC Policy Department Report #XXXX).

For patrons whose behavior is threatening or abusive to such a degree it warrants pro-active action (access restriction) beyond one library, a cooperative library System may, through policy and due process, effect System-wide restrictions. 

So, to answer the question:

 ...This will make the information available to all library staff within the library system. Are there privacy concerns?

...the answer is yes, but with care, those concerns are only priorities, not problems.

That is the benefit of being part of a cooperative system.  By using policy to consider both the civil rights of patrons (including privacy concerns), and the safety of workers and operational needs of each member library, the right balance can be achieved, and documented.

[1] For more information on this important civil rights protection, see this guidance from the NYS Division of Human Rights: “Protections Under the Law for People With Arrest and Conviction Records” (https://dhr.ny.gov/system/files/documents/2022/05/arrest_conviction.pdf).

[2] This is important...a System may decide that such entries are not consistent with System operations.  Individual libraries should take care that the upload of any information is consistent with their System's policies and standard operating procedures.