Submission Date
Question
According to the RAQ: Using Emails from ILS Patron Database: “Although a member library contributes information to an ILS, unless system bylaws or policies say otherwise, that information belongs to the system, who is just as ethically and legally bound to protect the information as a member library.”
However, there was a question during a session at NYLA regarding system ownership of library records that seemed to contradict this.
If the system owns the ILS and therefore the library records, wouldn’t that mean that policies pertaining to accessing/creating/modifying/deleting records for the ILS should be governed by system policies that are also approved by each member library board?
I’m specifically thinking of such policies as Confidentiality of Library Records / Inquiries from Law Enforcement - where if the system owns the records then wouldn’t both these policies just be a system one? Also with having consistency for Library Card Applications. A patron can go to one of our libraries and have to show many forms of identification - but the same patron could see us at an outreach event and not even have to show their ID to get a card.
Answer
This submission has it all—attention to detail, a blend of law and policy, and a reference to a past ATL.[1]
It also shows what’s at stake for libraries when we ask these two questions: who “owns” all that data on an ILS? Who sets the terms of cardholder access?
As the members questions point out, uncertainly about these issues can cause complications
Before we jump into the details, there is a critical take-away: while there is no one right answer to these questions, every library and every system should know their particular answers.
To make this answer as helpful as possible, we’ll spend a little time on why there is no single right answer to this issue. After we review the “why,” we’ll review the spectrum of approaches. And after all that, I’ll provide a diagnostic form so your library or system can assess where it stands.
The “Why”
Why is there “no one right answer” to who owns ILS data and who sets the terms of cardholder access? Because the law and its regulations give library systems and members infinite flexibility on those topics.
That flexibility means there is no prescribed model of ILS.[2] Instead, the law[3] simply conditions certain state aid on a system having “an automation program to support bibliographic control and interlibrary sharing of information resources of member libraries, and to coordinate and integrate the automated system or systems of such member libraries consistent with regulations of the commissioner.”
Those “regulations of the commissioner” state: “The plan of each public library system shall provide for coordination of the reference and interlibrary loan programs and functions of the public library system with the approved plan of the reference and research library system of which it is a member.”[4]
That’s it. There are no laws or regulations saying how that must be done.
Because of that, the “rules” of an ILS and its impact on cardholder access come from charters,[5] bylaws, contracts, and policy—all of which are set by a system’s board of trustees and then accepted by the member libraries.
This approach has led to there being a spectrum of ILS policies in New York State.[6]
Let’s explore this spectrum.
The ILS Spectrum
Library systems are formed to offer “improved and expanded”[7] library service.
To qualify for certain state aid under Education Law Section 273(d), systems must implement an “automation program to support bibliographic control and interlibrary sharing of information resources of member libraries, and to coordinate and integrate the automated system or systems of such member libraries consistent with regulations of the commissioner…”
How a system meets those requirements is up to the system. To illustrate how differently systems can do that, here is a range of solutions:[8]
One system puts major rules for ILS right in its bylaws, including that all ILS contracts and policy must be approved by the board. This is an “ILS by Bylaws and Board” model.[9]
Another system has bare-bones bylaws, but ILS policy, pricing, and contracts can only be approved by the board of trustees. This is an “ILS by Board Only” model.
Another system wants more “on the ground” input, and it wants that input to have power. It creates a council to assess ILS policy, pricing, and contracts, and those things can only be changed by the board of trustees after approval by the council. This is a “Two-Step Approval ILS Policy” model.
Another system finds bylaws and policy revision cumbersome and puts all the terms for the ILS in an “ILS Participation Contract” that must be approved by the system board and then by the board of each participating library. This is an “ILS by Contract” model.[10]
Another system wants to have ongoing stability, so it puts part of the ILS process in the bylaws, some in board-approved policy, and then outsources more mutable aspects (like pricing and desired tech functions) to a committee (or committees). The system believes in the power of shared governance, so it asks another group (usually of directors) to assess ALL changes to policy before approval by the board. And finally, it uses an annual contract process to confirm pricing and updated security measures. This is an “ILS By Everything” model.
See what I mean about diversity?[11] And these five models only illustrate a broad range of approaches; within this range, any number of permutations exist.[12]
Where your Library/System Stands
All this diversity and flexibility means it can be tough to sort out answers to the questions raised by the member:
- Who “owns” all that data on an ILS?
- Who sets the terms of cardholder access?
To answer them—because as was said at the beginning, no matter what the answer is, it must be clear—it is helpful to review certain documents while asking certain questions.
Here they are:[13]
| Question | Why it’s important |
|---|---|
Does your library have a policy governing the terms of getting a library card? NOTE: Libraries can have a policy of issuing cards only to “resident” borrowers, even though they must honor the cards of nonresident borrowers issued by other member libraries and the library system. If so, attach the policy. | If your library doesn’t have a policy, the only terms will be those on the application form and those in the policy of the system. |
Does your library have an application form governing the terms of getting a library card? NOTE: Libraries can have a policy of issuing cards only to “resident” borrowers, even though they must honor the cards of nonresident borrowers issued by other member libraries and the library system. If so, attach the form. | If your library doesn’t have a form, you might not be informing the patron of your library’s conditions for getting a card.
|
Does your system have a policy governing the terms of getting a library card? If so, attach the system’s policy. | The system’s policy should be a “floor” that sets the base terms. Your library can add additional terms, so long as they don’t restrict the direct access of non-resident borrowers. |
Does your system have an application form governing the terms of getting a library card? NOTE: Unless a charter, bylaws, or policy says otherwise, systems can issue cards without the person being served by a member library. If so, attach the form. | The system’s policy should be a “floor” that sets the base terms. Your library can add additional terms, so long as they don’t restrict the direct access of non-resident borrowers. |
| Attach the system’s charter and bylaws. | They most likely don’t address the issue of ILS, but never say never in Libraryland! |
| If the system has an ILS Policy, attach the system’s ILS policy. | NOTE: Some systems have multiple policies that address different aspects of ILS (operations, privacy, security, costs, routine assessment, etc.). Attach them all. |
Is there a contract (or other written agreement) between the system and the Library governing ILS services provided by the system? If yes, attach the contract. | NOTE: While a contract approved or acknowledged by the board of a member library is the most formal method, some systems may use an “MOU” or other less formal instrument. |
Looking at the documents you’ve assembled, answer this question: Whose privacy policy governs a cardholder’s data? | The answer must be: 1. Both the library’s and the system’s 2. Only the library’s 3. Only the system’s If the answer is “both,” that’s okay! Privacy can stack. Just make sure that the library and system are actually doing what has been assured by the policies and that they don’t contradict each other. |
Looking at the policies and forms, answer this question: Whose data security policy governs the cardholder’s data? | The answer must be: 1. Both the library’s and the system’s 2. Only the library’s 3. Only the system’s If the answer is “both,” that’s okay! Security can stack. Just make sure that the library and system are actually doing what has been assured by the policies and that they don’t contradict each other. |
Looking at the policies and forms, answer this question: Whose policies did the cardholder agree to follow to get a card? | The answer must be: 1. Both the library’s and the system’s 2. Only the library’s 3. Only the system’s 4. Every participating library’s If the answer is “both” or “every participating library’s,” that’s okay, unless the terms don’t harmonize. For instance, if a library’s policy says that cardholder privileges will be suspended due to a Code of Conduct violation, is there clarity about how that suspension will impact system access or access at member libraries?[14] |
Looking at the bylaws, policies, and contracts, answer this question: Who sends the patron a notice if there is a data breach at the library involving their patron data? | The answer should be “the library”, although the system (which may have more technical capacity) can agree to help (up to and including doing it). |
Looking at the bylaws, policies, and contracts, answer this question: Who sends the patron a notice if there is a data breach at the system involving their patron data? | The answer should be “the system,” and there should be a clear process for the Library to get notified about the impact on it patrons. |
Looking at the bylaws, policies, and contracts, answer this question: Who must preserve evidence on the ILS if there is a directive to do so? | The answer must be: 1. Both the library and the system 2. Only the library 3. Only the system |
Looking at the bylaws, policies, and contracts, answer this question: Who must disclose patron data on the ILS if there is a proper subpoena, warrant, or court order? | The answer must be: 1. Both the library and the system 2. Only the library 3. Only the system |
Looking at the bylaws, policies, and contracts, answer this question: Whose insurance covers loss of a library’s data on the ILS due to natural disaster, negligence, or criminal activity? | The answer must be: 1. Only the library’s 2. Only the system’s |
What record retention policy governs the retention of the patron’s records on the ILS? Follow-up question: How are the records disposed of when the retention period is over? | The answer must be: 1. Only the library’s 2. Only the system’s Public libraries are obligated to retain certain records for prescribed periods (See the LGS-1). |
| Are there any technical functions of the current ILS system that complicate the above factors or make them impossible to sort out? | The answer will be: 1. No 2. Yes If “no,” that is great news, because such complications are a true pain. If “yes,” the complications should be continuously documented and then addressed when the ILS contract is next assessed for renewal or termination. |
And that’s it!
Who “owns” all that data on an ILS? It depends, but the rights and obligations of ownership should be clear between a system and its members.
Who sets the terms of cardholder access? It depends, but the rights and obligations of cardholders, member libraries, and the system should be clearly set in guidance, forms, contracts, and policies.
Thank you for submitting such a great question.
[1] If I was “Stefon” from SNL, I’d add “library cart axle grease, book club groupies, and book signings in a hot tub,” but I am not.
[2] Flexibility means diversity! This is a strength, unless the lack of prescription leads to uncertainty.
[5] Charters don’t typically speak to ILS terms, but they are so fundamental, it feels wrong to omit them from this list. Like a grumpy fairy, if they are left out, it could result in mischief.
[8] None of the models in this answer are from particular systems I am familiar with. So, if you are at a system and feel seen, that’s great, but I am painting with a broad brush here!
[10] Such models can be annual or for longer terms. Generally, at least one fiscal year’s worth of notice is needed to leave.
[11] Further complicating things is that ILS is often lumped in with web services, e-mail, delivery, and other services systems offer to help libraries maximize services.
[13] It is none of my business how a library or system does this, but I advise using a buddy system. While the friendly table above makes this look simple, much of this requires a “search” function, a highlighter, and a calming herbal tea.
[14] This is especially important to coordinate when it comes to public safety. A system should have a policy to ensure that if a person loses privileges at one library, there is clarity about how that impacts access to other member libraries. Simply posting an unofficial warning via an ILS puts you at risk of a civil rights violation claim by the barred patron. This is also a priority to ensure worker safety.