Ethics

This question is at the vertex of the law and ethics.  What an institution may be positioned to do with archival images legally might not be what our society demands ethically.  And if the issue impacts real people with real feelings, this conflict can lead to legal claims—regardless of solid footing based on precedent and the law.[1]

When it comes to images of children, who can't legally consent to the use of their images, the ethical issues arising from agency, respect, and self-determination are all the more critical.

The member clearly knows this, and is seeking a direction for assessing how to access, catalog, and use them—if at all. The law is often too blunt an instrument to assess ethical questions, but in this case, I believe the legal steps for assessing the use of such such images can provide a framework for the deeper assessment of the ethical considerations[2] .

Below, I will list the "legal" steps an attorney considers when reviewing a museum or archive's acquisition, but focus on the ethical considerations connected to those factors, especially with regard to use of images of children.

1.  Ownership of the Physical Object

This stage is where an institution looks at the provenance of the object and, if that physical object is to be transferred to the institution, addresses the legal priority of making sure the title is "clear."

Ethical considerations: How did the physical object come into existence?  Was the creator a member of the community being documented, an academic, a journalist, or an "outsider?"  Does it appear that parents or guardians were present?  What was the original purpose of the object?  Does any of that information suggest coercion, exploitation, or invasion of privacy?

Or, as the International Council on Archives puts it in Section 7 of their Code:

Archivists...must respect the privacy of individuals who created or are the subjects of records, especially those who had no voice in the use or disposition of the materials.

 

2.  Ownership of the Copyright

This stage is where an institution looks at the original ownership of the copyright of the image, any transfers of those rights, the use of those rights, if the rights have expired or been transferred to the public domain, and if any of those rights are to be transferred to the institution.

Ethical considerations: Who "owns" the rights to the image?  Are the rights financially valuable?  Have they been put to non-academic, commercial use before, or are they likely to be?  Can your institution accept the rights in a way that limits future commercial exploitation of depicted minors?

Or, as the Society of American Archivists puts it in Section VI of their Code of Ethics:

Archivists may place restrictions on access for the protection of privacy or confidentiality of information in the records.

 

3.  Manner of Accession

This stage is where an institution looks at the overall package it is acquiring.  In this case, the member has pointed out that the data collection project may have over-stepped some (formal or informal) boundaries.  Other accession challenges can be donor-imposed conditions, environmental factors, and budget concerns.

Or, as the International Council on Archives puts it in Section 2 of their Code of Ethics:

Archivists should appraise records impartially basing their judgment on a thorough knowledge of their institution’s administrative requirements and acquisitions policies.

...and in Section 5 of that same Code:

Archivists negotiating with transferring officials or owners of records should seek fair decisions based on full consideration – when applicable – the following factors: authority to transfer, donate, or sell; financial arrangements and benefits; plans for processing; copyright and conditions of access. Archivists should keep a permanent record documenting accessions, conservation and all archival work done.

 

4.  Legal Considerations of Content

This stage is where an institution looks for specific concerns caused by the precise content in the materials.  When it comes to pictures of minors, this means assessing if the content is in any way criminal, contains evidence of a crime, if the information suggests they were a ward of the state, if it originated from sealed criminal records, and if the use will in any way be commercial (and thus require permission).

Or, as the Society of American Archives puts it in Section IX of their Code of Ethics:

Archivists must uphold all federal, state, and local laws.

 

5.  Identity of Person(s) Portrayed

This stage is where an institution looks at the depiction of the real person portrayed in the material and assesses if it poses any additional challenges.

Or, as the Society of American Archives puts it in Section VI of their Code of Ethics:

Archivists strive to promote open and equitable access to their services and the records in their care without discrimination or preferential treatment, and in accordance with legal requirements, cultural sensitivities, and institutional policies.

 

6.  Alignment with Mission

An archive or museum will always have a mission—or "charitable purpose"—at its core.  This is how it maintains a tax-exempt status, its charter, and its ability to operate.  Does the contemplated use of the content you are focusing on (the images of children) match up with that mission?  Or it is somehow at odds or unaligned with it?

This consideration warrants a repeat of Section 7 of the International Council on Archives Code of Ethics:

Archivists should take care that corporate and personal privacy as well as national security are protected without destroying information, especially in the case of electronic records where updating and erasure are common practice. They must respect the privacy of individuals who created or are the subjects of records, especially those who had no voice in the use or disposition of the materials.

 

7.  Alignment with Collection Purpose

Just as an archive or museum will always have a mission—or "charitable purpose"—at its core, so will a particular collection have a description that sets out its scope, methods, and purpose.  Does the contemplated use of the content you are focusing on (the images of children) match up with that description?  Or it is somehow extraneous or not quite consistent with it?  If sensitive material is not squarely within the scope of the collection, it shouldn't be there at all.

Or, as the Society of American Archives puts it in Section III of their Code of Ethics:

Archivists should exercise professional judgment in acquiring, appraising, and processing historical materials. They should not allow personal beliefs or perspectives to affect their decisions.

 

That's great...but what to do?!?

When faced with a sensitive decision like the one posed by the member, a subject-focused analysis based on the above factors is the right way to move ahead, in one of three directions:

• If there is a decision to accession the materials and facilitate access, a written protocol for handling the sensitivities should be made part of the policies of the collection.
• If there is a decision to accession but limit access (something archival values generally counsel against) there should be a clear path through the restrictions and a well-documented justification for the limitations.
• If there is a decision to decline accession, the basis of the decision should be documented in light of the factors impacting the decision.

In this particular case, any of the three above-listed options might be appropriate.  From the brief description provided by the member, it sounds like the photos were joyful documentation of a community by its own members—not exploitive or rooted in dubious practices. 

But even under a "best case scenario"[3] like the one provided by the member, it is appropriate to develop a checklist based on the mission of the institution, and the goals of the collection, to be assured any archival images with minors:

1) will not be subject to commercial exploitation by the institution or a third party accessing the collection (unless there is properly executed permission allowing such use);

2) were not created in a manner inconsistent with the mission, values, and ethics of your institution; or if they were, the collection parameters address those concerns;

3) are included in a manner consistent with the purpose of the collection; and

4) there is a process[4] for any individual or relative to request removal of an image of a depicted minor.  Since such a request would only come after there was a determination that the image was consistent with the values of the institution and fit within the scope of the collection, any evaluation of such a request should be made based on the reasons for the request.

 

The good news is, the same documentation that shows careful assessment of the ethical factors will help you with any future legal concerns.

And finally, there is one more option for this particular scenario, which is to ask each church to include in their weekly bulletin or routine outreach:

Our church has been selected for inclusion in the ABC institution's online archives. As part of this work, we have provided numerous photos of our events over the years, which include pictures of many of our congregants when they were children. If you have any concerns with your childhood image being included in such a collection, please alert us.  Otherwise, please know that our community records are being preserved for the future!

That way, the church as the original provider of the records can "claw back" any photos that a person might object to, and your archive will have another step in its own records to show it did everything it could to respect people's agency and privacy.

Thank you for a thoughtful question.

 

 

---

[1] A critical example of this issue—use of a person's image in ways that raise question of agency and ethics (to say nothing of basic human decency) is found in the saga of the images of people named Alfred, Fassena, Jem, Renty, Delia, Jack, and Drana, all subjected to enslavement in the 19th century.  The images are commonly called the "Zealey Daguerotypes" and the disputes about them start with how they come into being, as well as how they are used in the present day.  For a good summary of this saga, see https://www.nytimes.com/2020/09/29/books/to-make-their-own-way-in-world-zealy-daguerreotypes.html.

[2] "Established" by recognized authorities, not by me.  My go-to for this will be the Code of Ethics of the Society of American Archivists, found at https://www2.archivists.org/statements/saa-core-values-statement-and-code-of-ethics#code_of_ethics, and the Code of Ethics of the International Council on Archives, found at https://www.ica.org/en/ica-code-ethics.

[3] This "Ask the Lawyer" is only addressing the question about minors...I am not tackling the fact that the rights to the relatively recent photos may be held by still living people, or relatives!

[4] This does not need to be a flagrant "notice and takedown" process; it can be accomplished through a simple statement like: "The ABC Archive [is accredited by/follows the ethics of DEF]; if you are concerned that the depiction of any individual or the inclusion of certain content in this collection is contrary to those ethics, please contact GHI at ### to share your concern."

Every employer struggles with this issue: give employees enough access to electronic information to do their jobs, but protect that information from accidental disclosure, file corruption, and theft.

Solid practices like routine security updates, back-ups, password re-sets, and employee training can help a library avoid the worst IT disasters.  But what if someone in a position of trust simply abuses their access?  What if a scenario like the member's question should arise?

There is a process to address this type of scenario.  In order to ease an adrenalized mind,[1] it is presented below in grid form.

Upon suspicion that files have been removed or inappropriately removed by a former library employee, follow these steps to assess what recourse a board might have:

Action	Why you do this	Results
1.  Upon suspicion that files have been removed, if possible, do not take further steps alone. Create an "Initial Response Team" of at least two people to do the next four steps, and designate one of them as the note-taker and document-keeper. If your library's computer system is supplied or supported by a cooperative library system, one of these people should be from the system.[2] Organizing a time-line and take photos or screenshots of information showing the potential problem.	The facts you assemble and first steps you take may have far-reaching consequences for your library's response and recovery, as well as for the potential wrong doer. At this stage, however, you'll just be documenting what appears to be missing.  No deep-dive investigation.   It should only take an hour or two.[3]	Initial Response Team formed and responsibilities of team members made clear. Note-taker assembling information.
2.  Without letting it take more than an hour (or two) and without making any changes to your system, assess and create an informal list of what appears to be missing (file types, specific types of information, locations), when this was noticed, and what the first signs of the concern were.  This will be your "Initial Inventory."	You need to have a foundation for your next steps, so you're creating a quick description of the possible situation.	An Initial Inventory you will use in the next few steps. Note: The "Initial Inventory" is not an attempt to assess what happened, just to list what might be missing, and a few initial details.
3.  Look over the Initial Inventory.  Could any of the missing files contain personal/private information, such as: name, address, date of birth, ssn, library card number, credit card information, contact information, banking information, health-related information, computer use, passwords, or circulation records?	If the answer is "yes," add the phrase "…possibly includes loss or compromise of private information and/or library patron records" to the Initial Inventory.	This part of the Initial Inventory will help those assessing the issue quickly appreciate the possible privacy and confidentiality  implications of the situation.
4.  Contact the library's insurance carrier, and alert them that you may have had a loss of data related to "unauthorized computer access that may involve a former employee." If your Initial Inventory includes a "yes" to Step #3, also state: "The situation may have involve personal and confidential information." If your initial contact is by phone, confirm the notice via a letter or e-mail.	Depending on your library's insurance type, you may be covered for this type of event. Notifying your carrier and following up in writing will help the library determine if the carrier will provide coverage and/or assistance for the event.	Timely notice to the library's insurance carrier, enabling your carrier to let you know if you have coverage and if they can provide assistance in recovering from the event. NOTE:  If the event is covered, some or all of the remaining steps could be impacted by the participation of the carrier.
5.  With the Initial Inventory complete and the carrier on notice, the board (or director, if the board has delegated the right amount of authority to them) must decide who is in charge of next steps: the full board, a board committee, the Director and a team, or any combination of people needed to assess the matter.  This "Response Team" should have the power to appoint a qualified professional to assess the situation, to retain legal assistance if warranted, and to recommend a final course of action to the board. In no event should a report to the board (or Executive Committee) extend the timeline for arranging a response beyond 3 business days.	Unauthorized computer access involving a former director (or any employee) is serious enough to warrant board involvement, whether or not personal and confidential information. This is especially true since, in a worst-case scenario, the library may have to report a data breach, expend resources to re-create or retrieve the information, work with an insurance carrier to recover from the loss, consider if any aspects of the former employee's contract or severance apply (if there was either/or) and based on what is discovered, consider whether or not to file a report with law enforcement.	Clarity as to who is in charge, what level of authority they are working with, and who they will bring on to assist with the investigation and recovery.
6.  Alert the library's lawyer by sending them a copy of the Initial Inventory, and connect them to the Response Team, so they can assist at needed.	It will be the lawyer's responsibility to work with the Response Team and others to ensure the library is positioned to seek relief from the carrier or the former employee, to assess any relevant contracts (for instance, if the files were deleted from a cloud server), and to advise the board about filing a report with law enforcement, or pursuing civil remedies.	Attorney-client privileged input to help assess response options in the best interests of the library.
7.  The Response Team should retain a qualified IT/data security professional to assess and develop an "Incident Report" with a Final Inventory of what is confirmed as missing, a conclusion as to how it went missing, and if/how it can be recovered.	This should be done within 3 days of discovery and before there are any changes to the system.   Ideally, this work should only be performed after the library and the IT professional sign a written contract that is reviewed by the lawyer.	A contract with a qualified firm; A certificate of insurance from the professional firm; A written Incident Report from the firm.
8. Based on the value, sensitivity, and type of information in the Final Inventory, work with the IT professional and lawyer to assess any legal steps the library must take to recover or to give required notifications of data breach.	Depending on what went missing, the library could have concerns under any number of laws.	The final recommendation should be a memo to the board, regarding any necessary steps (or confirming not are needed).
9.  Based on the complete Incident Report's assessment of what is  missing, how it went missing, and if/how it can be recovered, and any relevant details about the employee, develop a course of action.	For more on this aspect, see the rest of this RAQ.	Recourse.

What happens as part of number "9," is the actual answer to the member's question.  But until a library follows steps "1" through "8," it can't fully know its options under "9."

And what can happen as part of "9"?  The range of consequences for unauthorized computer access and/or data destruction is vast, running from criminal penalties to civil remedies.  And if considered with solutions for how a library can recover from the loss, there are further possibilities.

If I was on the board where a former director removed all the library files from a library owned-computer that relate to the running of the public library, at the end of the day, here's what I'd want get out of "The Files Are Gone" process:

• Know if the files were simply removed, or if they were removed and accessed/disclosed beyond the library;
• If they were disclosed beyond the library, what the library must do to address that (including special considerations if personal or confidential information was accessed);
• If the files were only removed, know if they can easily be replaced, or if they were the library's only copy;
• If they can't be easily replaced, how much it will cost to replace them, and any negative impacts we'll experience until we do;
• How we have concluded the files were removed by the former employee, if they were an employee when they did it, and what the due process is for addressing that;
• If (based on all the information gathered, and more that will be specific to the situation), the board should contact the police, or consider a civil claim against the former employee.

By demanding solid, well-documented and qualified answer to these questions (What happened?  how does it impact the library?  What can we do?) a board member is being a good fiduciary, and positioning the library to identify the best recourse.

Now let's say that, in the grand scheme of things, the "missing files" appear to be pretty minor (and do not involve private information).  Let's say that, for whatever reason, the outgoing employee deleted all the library's "standard operating procedures." Not the policies--those are on the library's website and backed up in numerous places - but all the details about (as the question says) "running the library:"  How to organize the courier manifest.  The templates for the volunteer letters and community meeting notices.  The budget template and calendar for strategic planning.  Their own emails on their library account.  Nothing private, no circulation or credit card information, but a body of work that represent hundreds of compensated hours…lost.

This may seem like the kind of loss that isn’t dire enough to warrant the steps I have outlined above, but it absolutely is.  First, only a professional can say when data is truly "lost" (especially emails).  And even if, at the end of the day, there is a board decision not to pursue any consequences (privately, civilly or criminally), such (in)action must be based on good information--not just the result of a decision not to investigate in the first place.

The budget for such response, if planned carefully, can be very modest (under $1500).[4]  Reaching out to a library's system and regional council to find the professional you need might help the library get those services at a reasonable price (and again, depending on the system-library service agreement, much more).

Why am I adamant about this follow-through, even for a "small" incident?  Because sometimes a "small" incident is only the tip of a much larger iceberg.  Unauthorized data destruction by a former employee could be a serious breach of their duty, the law--and even their oath of office.  But it might not be.  The right response, and the fair response, can only be formulated through careful documentation and analysis.

This is what positions the board to know what recourse it can take, when presented with such a serious situation.

Thank you for trusting "Ask the Lawyer" with this sensitive question.

 

 

---

[1] If you are reading this while working on this type of issue, take a deep breath.  You've got this.

[2] There are too many types of IT supply/support arrangements out there for me to be more precise than this.  Some systems are essentially the IT department for their member libraries. Others are not.  This aspect will be governed by the System's member contract…but generally, a good place to start is on the phone!

[3] In keeping with the question, this chart addresses what to do if the person involved is former employee.  If the person is a current employee, the Response Team should include someone qualified to assess an appropriate response that ensures 1) due process for the employee; 2) security for the investigation; and 3) stability for ongoing operations of the library.

[4] Is this a low-ball figure?  Could it be much bigger?  Yes. But if it gets much bigger, that should be because it's actually a big problem that needs to be solved.

 

I am sure there is a very interesting set of facts, personal convictions, and conversations behind the stark facts presented in this question (there always is).  But we’ll address just the stark facts.

Because a library’s Code of Ethics, Conflict of Interest Policy, and Whistleblower Policy[1] are rooted in different areas of the law, a refusal to sign these documents creates an array of ramifications. We’ll explore each type in turn.

But first, it’s important to establish certain base factors.

Base Factors

In New York, most libraries (unless they are part of a larger institutions like a college or museum) are not-for-profit corporations chartered by the New York Education Department’s Board of Regents.[2]  This means that, just like other not-for-profit corporations registered with the New York Department of State, libraries are subject to the Not-for-Profit Corporations Law (the “NFPCL”).[3]  This includes school district public libraries.

Without getting too technical, this means that all libraries in New York are governed in accordance with not only their charters and bylaws, but the applicable parts of the Education Law and the NFPCL, too.[4]

This governance structure impacts questions related to conflicts of interest, whistleblowing, and codes of ethics. With the basic features established, let’s look at the different type of policy in the member question.

Conflict of Interest Policy

Here is what the law says about a refusal to participate in the “Conflict of Interest” policy, as governed by the NFPCL:

The conflict of interest policy shall require that prior to the initial election of any director[5], and annually thereafter, such director shall complete, sign and submit to the secretary of the corporation or a designated compliance officer a written statement identifying, to the best of the director’s knowledge, any entity of which such director is an officer, director, trustee, member, owner (either as a sole proprietor or a partner), or employee and with which the corporation has a relationship, and any transaction in which the corporation is a participant and in which the director might have a conflicting interest.[6]

So, to give a stark answer to the member’s question, per the law, no person should actually be elected to serve as a trustee until the nominee’s Conflict of Interest statement (the “COI”) is completed and submitted.  In other words, if the COI is not turned in, that person should never initially be elected as a trustee (we’ll pick that back up in a few paragraphs when we discuss the election criteria for school district public library trustees).

Whistleblower Policy

A requirement to “sign” the Whistleblower Policy is a slightly different matter.  Unlike the law related to conflicts of interest, the law requiring any not-for-profit with over 20 employees (or revenue in excess of one million dollars) to have a Whistleblower Policy[7] does not come with a requirement for trustees to sign any document. 

Of course, a refusal to abide by the Whistleblower Policy (for instance, a trustee failing to keep a report confidential), could result in a violation of the law, and the libraries’ bylaws, as well.

Code of Ethics

Public school boards must have Codes of Ethics,[8] but libraries—even school district public libraries—do not. There is no requirement in the NFPCL, nor the Education Law, nor any applicable regulations, that a public library have such a code.

That said, to clearly express and enforce a library’s values, a Code of Ethics is often built into a library’s bylaws or adopted as a stand-alone policy of a library’s board.[9]   The bylaws, or policy itself, could also require that it be signed.  Once it is a requirement of the bylaws or policy, it does not have the force of law, but it can be enforced by the board.

Refusal to Sign

Which brings us to: whether it a requirement of law or policy, the refusal to sign of a board member must be addressed under the library’s charter, bylaws, and the NFPCPL. 

Under NFPCL §706, a board is empowered to remove a board member per the procedures in its bylaws.  Therefore, if a board determines that failure to sign the Code of Ethics or Whistleblower Policy is unacceptable, or that a failure to sign a Code of Ethics makes the library non-compliant with the law, then that board member can be removed, provided the remaining trustees are careful to follow the bylaw’s procedures for doing so. 

This can be a divisive issue, since I imagine someone could present a debatable reason for not signing a Code or other policy,[10] but since a Code of Ethics or mission statement is something every board member must support as part of their service to the library, the root cause of the refusal might be just as serious as the refusal, and in any event, must be resolved. And that is, except for one wrinkle, the lay of the land.

School District Public Library

At school district public libraries, board members are elected per the requirements of Education Law §260. 

§260, and by reference, §2018 of the Education Law, include very precise conditions for the nomination and election of a school district public library board member—none of which is a pre-vote signature on a COI, or a signed acceptance of a Whistleblower Policy or Code of Ethics.

Of course, per Public Officers Law §10, all school district public library trustees must take and file an oath of office “before he[11] shall be entitled to enter upon the discharge of any of his official duties.” This means, somewhere in the “pre-term” area after the election but before the newly elected trustee starts working, there is a zone where they can, based on a refusal to take the oath of office, not be qualified to start the term.[12]

The consequences of a refusal to sign a COI are a little less well-defined, but it is clear that if a board tolerates a refusal, the organization is not in compliance with the NFPCL.  The refusal to sign a Whistleblower Policy is not controlled by law, but the failure to actually follow it is.  And the failure of a board member to sign a Code of Ethics is a matter to be decided by the rest of the governing board.

What Happens Next?

The refusal to sign and participate in critical board policy cannot simply be ignored.  It has to be addressed, and the rest of the board has to follow the rules as they address it.

Barring any obvious provision in the bylaws or wording in a particular policy, what does the board use as a playbook for dealing with this type of challenge?  Upon confirming the factors leading to the refusal, a board’s executive committee,[13] consulting with the library’s lawyer and working from copies of the charter and bylaws, must consider the facts, could develop a solution.  The solution could be a revision of a policy to address a particular concern, or, in the case of an incomplete COI, removal of the member.  In no event should this be done without the input of an attorney, since the stakes are high, and feelings may be strong.

Thank you for an important question.

I first heard about “ResearchGate” at a copyright training I was conducting for librarians. 

There I was, holding forth about Section 108 and Fair Use, when out of the blue, an academic librarian asked me: “What do you think of Researchgate?”[1]

This question triggered my number one rule for lawyering: never assume you know an answer; always do your research.  So even though my brain figured that “Researchgate” was a new scandal involving falsification of data,[2] I instead replied: “I have to admit, I am not familiar with that.” 

Good thing I followed rule number one!

Since that time, and in response to this question, I have had a chance to visit ResearchGate’s “About” page and their “Terms of Use” (for academics and students) page.  And I have developed some thoughts.

But first, here’s what I have learned:

Notably, as the member points out, ResearchGate’s “Terms” for submitters reinforces the rights of authors:

As a member, when you post full-text articles or supplementary materials on ResearchGate, you do not transfer or assign copyright to us. Rather, you make the content available to the public through ResearchGate.

…about encourages users to respect the rights of others:

If you choose to privately archive or publicly post content, we encourage you to first confirm your rights before doing so. … As we do not have any information about rights you may hold, or any license terms or other restrictions which might apply to such content, we necessarily rely on you to understand your rights and act accordingly. 

ResearchGate’s relationship with users is also governed by clauses on “Liability” and “Indemnification”—with ResearchGate attempting to pass all liability for a copyright infringement onto the users who supply content.

And finally, as also shown in their policies, ResearchGate also takes advantage of the “notice and takedown” provisions under the Digital Millennium Copyright Act to assure itself “safe harbor,” in the event a user posts infringing content.[3]

What I found at ResearchGate.com was what looks like a thorough attempt to dot all the “i”s and cross all the “t”s to respect intellectual property.  They probably have a very good lawyer.

But as I said, “always do your research,” so in addition to visiting their site, I also visited PACER to see if ResearchGate is being sued by anyone for copyright infringement.  And boy, are they ever.

ResearchGate GmbH (its corporate name in Germany, where it appears to be based) is being sued by Elsevier, Inc., Elsevier Ltd., Elsevier B.V. and the American Chemical Society (“ACS”).[4]  The basis for the suit, as set forth in paragraph “three” of the plaintiff’s complaint, is the ResearchGate’s use of “Published Journal Articles” (which the suit calls “PJA”s):

This lawsuit focuses on ResearchGate’s intentional misconduct vis-à-vis its online file-sharing / download service, where the dissemination of unauthorized copies of PJAs constitutes an enormous infringement of the copyrights owned by ACS, Elsevier and other journal publishers. The lawsuit is not about researchers and scientists collaborating; asking and answering questions; promoting themselves, their projects, or their findings; or sharing research findings, raw data, or pre-prints of articles.

And, just in case that doesn’t sound too bad, here’s the next paragraph:

ResearchGate’s infringing activity is no accident. Infringing copies of PJAs are a cornerstone to ResearchGate’s growth strategy. ResearchGate deliberately utilizes the infringing copies to grow the traffic to its website, its base of registered users, its digital content, and its revenues and investment from venture capital. ResearchGate knows that the PJAs at issue cannot be lawfully uploaded to and downloaded from the RG Website. Nevertheless, in violation of the rights of ACS, Elsevier, and others, ResearchGate uploads infringing copies of PJAs and encourages and induces others to do so. ResearchGate finds copies of the PJAs on the Internet and uploads them to computer servers it owns or controls. In addition, ResearchGate lures others into uploading copies of the PJAs, including by directly asking them to do so, encouraging use of a “request full-text” feature, and misleadingly promoting the concept of “selfarchiving.”[sic]  ResearchGate is well aware that, as a result, it has turned the RG Website into a focal point for massive copyright infringement.[5]

Yikes, that sounds dire, right?  And very akin to the member’s concerns.

So, with all that established, I’ll share my thoughts, and address the member’s questions.

Number one, should libraries be directing individuals to ResearchGate to ask authors for copies of their articles? Number two, should our document delivery service be providing copies of PDFs from ResearchGate to our library patrons?

Questions like this may be informed by law (and risk management), but must always start with ethics. 

The ALA Statement of Ethics[6] has very clear language regarding intellectual property: We respect intellectual property rights and advocate balance between the interests of information users and rights holders.

When it comes to a source like ResearchGate—ostensibly trying to operate within the bounds of the law, but alleged to have a seamier side—the ALA’s further musings[7] on this statement on copyright are also instructive:

Library workers are increasingly critical resources for copyright information in their communities. Consequently, they should be informed about copyright developments and maintain current awareness of all copyright issues. Library workers should develop a solid understanding of the law, its purpose, and the details relevant to library activities. This includes the ability to read, understand, and analyze various copyright scenarios, including fair use and other copyright limitations, using both good judgment and risk mitigation practices.

Library workers should use these skills to identify their rights and the rights of their users. Further, they should be ready to perform outreach surrounding copyright topics and refer users with questions pertaining to copyright to reliable resources. However, library workers should avoid providing legal advice. They may provide information about the law and copyright, but should recommend that patrons consult an attorney for legal advice. [emphasis added]

I can’t answer the member’s questions for any particular library. But based on the ALA Statement of Ethics, its further comments on copyright, and risk management principles drawn from the law, I can suggest a methodology for a library to apply when asking them.

First, if a librarian, using their own observations, and applying ALA ethics, believes a source to be dubious,  it is clear that they are ethically obligated to “us[e] both good judgment and risk mitigation practices” about “relevant to library activities,” and to work with decision-makers at their institution to develop a clear position on that source.

This is not a simple nor easy exercise.  Further (and frustratingly, for some) it may vary from institution to institution.  Some libraries dance on the cutting edge of copyright.  Others err on the side of caution.  The decision to do either should be based on an informed assessment that considers the library’s mission, insurance, tolerance of risk, and its comfort level with the status quo.  

The member is already applying personal experience and modeling this balancing.  Remember the last part of the question: I am personally very hesitant to refer anyone to ResearchGate, as I find most faculty researchers are not aware of who truly holds the copyright to their published articles.

To that type of informed concern, there are two considerations I would add for libraries making this type of determination:

1) Under Section 108 of the Copyright Act, a library’s exemption from infringement can turn on their lack of awareness of a scheme to make exploitive commercial copies.  Your library’s insurance may also deny coverage if a library is knowingly referring users to an infringer.  So, if your institution is aware that a source is an infringer (which is different from suspecting a source is an infringer), that is a factor to balance.

2) On the flip side, libraries should not be willing (and generally have not been willing) to roll over to support the unchecked dominance of traditional commercial publishers.  Without pushback, rates will continue to go up, while terms will get more onerous.   But there is a difference between thoughtful pushback (like the current, organized fight against the McMillan Embargo[8]), and systematic copyright infringement (like Napster).  

Questions like this one show that librarians are thinking about the difference.  

Thanks for a great question.  It will be interesting to see if the case against ResearchGate goes the distance, and to see libraries decide where they stand.

 

---

[1] When this question first put the name in my brain, the “g” was lowercase.  

[2] For over ten years, I was in-house counsel at a university, and had a reason to read “The Chronicle of Higher Education,” every week.  Every year the Chronicle reported on one research-based scandal after another; it’s a miracle I didn’t hear the term “ResearchGate” before this!

[3] As of December 8, 2019, you can see this on ResearchGate’s Intellectual Property Policy.

[4] Am. Chem. Soc'y v. ResearchGate GmbH, 2019 U.S. Dist. LEXIS 98372, 2019 WL 2450976.

[5] Yes, this is one monster paragraph within the law suit. 

[6] As of December 8, 2019, found at http://www.ala.org/tools/ethics

[7] http://www.ala.org/tools/ethics/copyright

[8] http://www.ala.org/news/press-releases/2019/09/ala-launches-national-campaign-against-e-book-embargo

 

To answer the member’s questions, we must start with the fundamentals.

When accepting a donation of culturally significant photos, an archive should have a donor agreement or other documentation that addresses the following things:

Does the donor solely own the physical photos?

Is physical ownership being given to your institution?

Who authored the pictures?  If not a company, what is their name and birthdate?

Does the donor solely own the copyrights?

Is copyright ownership being given to your institution? If not, what permission comes with the physical donation?

May the receiving institution license use by others (a “transferable license”)?

Were the copyrights registered?

Are there any reservations or conditions on this gift?

If donated as part of a will, obtain a copy of the will.

What is the value of the gift? (for tax purposes, if the donor wants to claim a deduction)

Confirming the scope of the donation, the conditions, and value of the gift creates a firm basis for future decisions, including how to address the potential risks of posting pictures of minors.

It is also helpful to get as much additional information as you can at the time of the donation:

To the best of the donor’s ability, what is the date, place, and identity of those in the pictures?  What else of significance is being depicted?

What type of equipment was used to product the images?

Why were the images gathered?

Who collected the images?

Why is this collection significant; why should it be preserved and made available to the public?

Why does this collection fit into the mission of your institution?

Knowing as much as possible about the provenance and purpose of a collection makes it easier to access the protections built into the law for journalism and scholarship.  And with that background, it is easier to assess the risks when the collection involves human subjects.[1]

Those risks include:

Will this content be used by the institution in a way that violates New York’s bar on use of names and likenesses for commercial use? [2]

Are there any ethical considerations that bar including these images in the collection?

Is this depicting any personal health information?

Are there special sensitivities we must consider and plan for?[3]

Will the names of those depicted be included in the metadata of the digital archive?  If so, why is that necessary?

When it comes to minors (those under 18), additional risks are:

Will this reveal a minor’s youthful offender status?

Will this reveal participation in the social services system?

Does this depict an illegal act?

If the answer to any of the last eight questions is “yes,” a consultation with a lawyer, and perhaps an an image-by-image review, may be warranted.  But while that may time time and resources, it may be worth it, since there still may be a way to digitize the photos and make them available via the internet…especially if they have sentimental, cultural, historical and academic value to our region and beyond.

 

---

[1] At an academic institution, if the images depict human subjects (of any age) consult the Institutional Review Board (“IRB”).  Depending on how you design your project, it could be important.

[2] Here is the actual text of the law: “§  50.  Right  of privacy. A person, firm or corporation that uses for advertising purposes, or for the purposes of trade, the  name,  portrait or  picture  of  any  living  person  without  having first obtained the written consent of such person, or if a minor of his or  her  parent  or guardian, is guilty of a misdemeanor.”

[3] Depictions of exploitation, enslavement, abuse, or images that could be considered an “illegal sex act” (as defined by §130 the penal law) for instance.  From the sound of it, that is not the case here, but at “Ask the Lawyer!” we try to be thorough.

Wow.  There is really just no hum-drum day for librarians, is there?

Okay, let’s take this in stages.

First, the member’s question starts with the premise that the alteration of certain documents is illegal.  That premise is correct.   And although there are any number of crimes such alteration could be (depending on the type of document), here in New York, the catch-all term would be “Forgery.”  

Forgery [1] is a crime that comes in many degrees, but whatever degree, it involves the act of falsely making or altering a document (meaning the forger invented it wholly, or—as in the scenario—somehow manipulates or alters the original).  However, it is important to note that a critical element of Forgery, no matter what degree, is the intent to defraud, deceive, or cause injury.

Second, the member raises the concern that, if library staff assist a patron who turns out to be a forger, they could risk being implicated in the crime—or feel an obligation to report what they have seen.  While I found no case law addressing this precise scenario, these are valid concerns.   

We’ll start with some good news: for staff to be (legally) implicated, they would have to be aware of the forger’s criminal intent.  In other words, the staff would have to know that the person was planning to defraud, deceive, or cause injury; the mere suspicion would not make them part of a crime [2].  

That said, if the content visible on the screen makes it difficult to ignore a crime in progress (for instance, the manipulation of child pornography) or the possibility of imminent harm to another (someone changing the checkboxes on a Power of Attorney, for example), both library operational integrity, and staff well-being, may require removing personal service, removing privileges, and/or alerting law enforcement.

Unfortunately, after looking at case law, guides from the ALA, and numerous policies in the field, I could find no graceful way for staff to simply discontinue service, without telling a patron why.  Since staff assistance is in many ways as much of a right (once it is routinely provided) as access to your collection and technology, withholding it without a clear basis is a due process concern (for public libraries) and a professional ethics [3]/best practices concern (for private libraries).

That said, I can offer the following steps to making sure staff are ready to address this difficult situation: 

First, every employee and volunteer assisting patrons should have the phrase “service to patrons, in accordance with established policies and procedures” in their employee handbook, job description or volunteer letter (the wording doesn’t have to be precisely this, but the requirement of staff to follow library policies should be express).

Second, an institution providing access to “maker equipment” (computers, scanners, 3D printers, recording devices, tools, etc), should have a posted, public policy forbidding use of library equipment for illegal activity.  Something like:

 “Use of library equipment for illegal activity is forbidden. Examples of illegal activity include  but are not limited to: manipulating illegal content, engaging in forgery (falsely altering documents), gaining unauthorized access to other computers or networks, and 3D printing of illegal devices.  Staff assisting you, who suspect illegal activity, are authorized to discontinue assistance, and the library may discontinue your library access and contact law enforcement.  Patrons using technology to alter official or signed documents should be aware that such activity may be perceived as potentially in violation of this policy.”

As with any library policy impacting access and privileges (including staff assistance), such a policy should have an established procedure, and at least one level of appeal. [4]

Third, staff and volunteers should be trained [5] on how to withdraw service while honoring the rights of patrons.  A very simple policy (coordinated with current bylaws and other institutional policies before implementation [6]), such as the generic one below, could assist with balancing staff well-being with patron rights:

POLICY

It is the policy of the library that, to promote the integrity of operations, and the well-being of staff, use of library equipment and staff services in furtherance of illegal activity is forbidden.  

Staff concerned that a patron’s use of library technology may violate the law shall withdraw their services and/or patron access to the technology, per the below procedure.

In making this policy, the library re-affirms that unless authorized by law, patron records, including those generated by the use of technology, are confidential, and that users of the library technology have a right to privacy. 

In making this policy, the library re-affirms that all patrons are entitled to excellent service and access, and that such service and access shall not be removed without due process.

PROCEDURE

A staff member identifies a potential violation, withdraws from the patron, and consults a supervisor to confirm that withdrawing service and/or access is appropriate.

If the supervisor, upon further assessment, agrees that the use violates the policy, and that withdrawing service and/or access is appropriate, the supervisor will initiate the removal, and provide in writing to the patron:

On [DATE], your access to [/SERVICE/TECHNOLOGY] was removed, on the basis that the use was barred under our posted policy (copy enclosed).  This removal may be appealed by sending a letter of appeal to [PERSON], at [ADDRESS] by [DATE].   The library respects your privacy and does not require you to appeal or to provide any further information regarding this matter, unless you choose to do so.

If an appeal is filed, the [PERSON TO WHOM APPEAL IS DIRECTED] shall consult leadership and legal counsel as needed, and shall notify the patron, in writing, as to the result of the appeal within [#] business days.

If there is concern that IMMINENT HARM may be caused by patron use of technology, staff shall immediately alert XXXX, who shall determine if law enforcement must be called, or if there are any additional immediate action take, per governing procedures.

I am sorry to not have a more graceful solution, but I cannot advise that staff simply withdraw services and not return to the patron.  I have designed the above generic policy to provide a “uh-oh” moment for the patron, when they can remove themselves from a situation, and the supervisor can choose to not pursue the matter further.  This is a delicate dance on the tightropes of confidentiality and operational integrity.

Further, I have added the final clause in bold so the person in charge at the time is reminded to use the “buddy system” when it comes to making tough calls about safety, inferring criminal intent, and assessing imminent harm.  These are decisions that, whenever possible, should not be made in isolation. 

This balancing, giving a situation time to breath, and due process, are the best way to shield library staff while honoring library principles.  I hope you don’t have to use it too often!  But with more and more people relying on libraries for service beyond the traditional quest for information, I suspect more institutions will be addressing this issue.

---

 

[1] NY Penal Law 170.00

[2] Of course, a prosecutor can pursue criminal charges if they believe they can prove such awareness…and they can try and prove it by using knowledge of the content.  And for certain documents, merely altering them is a crime.  So erring on the side of caution is wise.

[3] At the heart of this question is staff who don’t want to be implicated in wrongdoing, but honor their professional ethics, including the obligations to:

• Provide the highest level of service to all library users, and accurate, unbiased responses to all requests for assistance;
• Distinguish between personal convictions and professional duties;
• Strive for excellence via use of professional skills;
• Protect each patron’s right to privacy and confidentiality

[4] This is advised by the ALA at http://www.ala.org/advocacy/intfreedom/guidelinesforaccesspolicies, and of course is required for municipal institutions.

[5] As part of this training, staff should be alerted to the library’s policies about any signs of activity posing a risk of imminent harm (which may be a result of illegal activity).

[6] This coordination is critical.  Please don’t use any model language without considering your full suite of bylaws, manuals, policies, and procedures already in place.

Before I wrote this answer, I stopped to ponder the fact that there are over 20 library systems in New York, each with its own policy and approach to managing the information in its "ILS" (integrated library system).

The beauty of library law in New York--and it is beautiful--is that it uses a firm structure of laws and regulation to enable a sturdy but flexible array of unique library institutions.

All of which is to say: there is no single right answer to this question.

Every library system managing an ILS has the responsibility and right to set the terms for participation in that system. Among other things, that means every library system sets the terms for the use of the information access the system provides.

So, with that, can a library use the email addresses of its patrons from an ILS patron database to send a donation request for its annual fundraising drive?

The answer will vary from system to system. However, unless specific provisions have been made otherwise, the answer is most likely "no."

Here is why.

First, as always, we'll start with ethics.

The ALA and NYLA Code of Ethics provides: "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted."

While using the patron information in the ILS to populate a donor solicitation list does not in and of itself reveal "information sought" by the patron, it does raise the issue of how the patron's confidential library records are being used.

Second, we'll look at the law, [1] which requires: "Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state...shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library...."

While sending a late notice to a patron via email is certainly necessary for the proper operation of the library, using library records to solicit donations, without further consent by the patron, is again a dubious disclosure of patron information. I am not saying it is outright barred by law...but it gives me an icky feeling.

An "icky feeling," of course, is not admissible in court. So, let's dig a little deeper.

An ILS is a service each library participates in. The laws that govern ILS use are Education Law 255 and 8 NYCRR 90.3, and the bylaws of the particular system that library is a member of. Although a member library contributes information to an ILS, unless system bylaws or policies say otherwise, that information belongs to the system, who is just as ethically and legally bound to protect the information as a member library.

The default position for a library system to adopt is that patron information should only be used in furtherance of a patron's use of services from the system. This is the best way to stay on the right side of the law.

The "special position" a library system could adopt, if it wanted to facilitate special mailings based on library membership and use (not just for fundraising, but perhaps based on demographics or interest) could be to enable patron consent to such information use, perhaps by using an opt-in or express waiver. This too would ensure adherence to the law regarding confidentiality.

For a library whose system takes the "default" position of not allowing ILS information to be exported for fundraising purposes, the library also has a few options, including:

1. Creating a passive sign-up sheet for library news and fundraising efforts and maintain a spreadsheet outside of the ILS with personal information. Here is some sample language:

Do you want to sign up for newsletter information, event notifications, and fund-raising? We won't supply your information to any third party, and our mailings will come straight from the library! Please enter your name and contact information below.

2. Proactively asking patrons to voluntarily consent to the disclosure of their information for fundraising purposes during sign up and create your own list outside of the ILS.  Here is some sample language:

Per our patron confidentiality policy, the library considers records of your patronage confidential. Do you consent to the library using your name and address for newsletter information, event notification, and fund-raising? If so, please sign the agreement below. We won't supply your information to any third party, and our mailings will come straight from the library!

NOTE: This permission can be revoked upon request.

I agree for my information to be added to the library's newsletter, event, and donation solicitation list.

 

NAME:______________________________________

 

Signature:_____________________ DATE:_______________

 

3. Asking the cooperative library system to add a "library event notice and fundraising information disclosure checkbox" so the information can be exported from the ILS. Of course, such "checkbox" would depend on the ILS technology (and might be impossible to add). But it would be work exploring.

Thank you for a thought-provoking question.

---

[1] New York State Civil Practice Law and Rules Section 4509.