Privacy

Before I dive right into the answers (we are going to address every question), let me say what a lot of readers are probably thinking: most tech-savvy people know how to modify their phone so a recording they made doesn’t show up in their files. So, this answer will not only review the questions about sensitivity and liability but also discuss the practical concerns of enforcing a Code of Conduct when a decision turns on dubious evidence.

First, let’s talk about a policy on recording.

Any public library should feel confident adopting a policy limiting use of recording devices in areas where privacy of library users is assured.

For some libraries, this rule may be limited to the service desks and common rooms where people are reading, using computers, and accessing other specific library services and programs. For others, this rule may apply to the entire interior of the library.

Some libraries may even want to bar recording in their parking lot and grounds (a factor relevant to the member’s questions), but this may be harder to justify on the basis of privacy, as there is no guarantee of privacy when walking out in the open.

So, for argument’s sake, let’s say the member’s library does have a policy, but it doesn’t extend to the outside. What else could help with the situation presented here?

In addition to a policy on recording in the library,[1] any library can use its code of conduct to prohibit the deliberate antagonism[2] of one person by another on library property.

Once a person reports such a violation, it is up to the director of the library (or librarian in charge) to ensure the policy for evaluating a code of conduct violation is followed.

Library codes of conduct vary from place to place, but a good policy will always follow this pattern: notify the person of the accusation in writing, let them know the penalty that could be imposed, and provide a reasonable opportunity for the person to respond prior to that penalty starting. If the matter involves a very clear risk to safety or compliance (a physical threat, sexual harassment, etc.), the person can also be temporarily barred from the library while the matter is pending, if the policy allows it. After a decision is made, there should be one level of appeal (usually to the board of trustees after a decision by the library director, but in a larger organization, the final appeal can be to the director after a decision by another employee).

If the matter is being handled by law enforcement, the library should still follow its own policy before removing library access and privileges (this is true even if there is an order or protection put in place).

When the accused person is a minor, that person’s parent or guardian should be notified to the degree consented to by the minor (possibly as part of getting a library card) or as stated by the policy.

If, after being accused in writing, a person volunteers to “prove” their innocence by showing their phone, the library should consider if the risk of intrusiveness[3] is worth it; likely it is not. Far better is to hear from the complaining person and the accused person a recital of what happened, decide what is most likely to have happened, and if a violation did occur, decide what penalty will help create assurance of respect and safety going forward.

This is particularly true in a case like this, where unless some other aspect makes the recording harmful (Has it been shared on social media?[4] Was the person being bullied at the time?), the consequences for doing what the youth was accused of will likely be a warning.

How would this “due process” roll out? After getting the complaint, it would start with a letter stating:

On DATE, a library user reported that she was concerned that you were recording her on library property (outside, at TIME), after she requested not to be recorded. If this happened, this is against the Library’s Code of Conduct, which prohibits INSERT.

The Library will be reviewing this report, and we invite you and your parent/guardian to provide a statement in response. You may also come in at DATE/TIME to discuss this with me.

Because it is important for library users to feel safe and respected at the library, if this did occur, it may result in a warning, or a temporary loss of library privileges. If we impose a temporary loss of privileges, you will be able to appeal it before it goes into effect.

Although the situation in the member’s question does not require it, if a reported violation is more serious (a threat, an injury, property damage, etc.), here is the language for a temporary bar on access to the premises:

Because this report relates to [a threat to safety, serious injury, etc.], until this is resolved, you are barred from library premises. You may still use library services remotely. If you need assistance to arrange services remotely, please call NUMBER to work with POSITION[5] or e-mail PERSON.

Taking this careful, deliberate approach does more than assure due process; it also slows things down and gives an accused person and their accuser time to think. It makes sure both parties can be heard. If the people involved are minors, it provides adequate notice and opportunity for parents and guardians to be involved.

Just as important: it is gentler on library workers, who should not have to serve as the sudden judge and jury of disputes between patrons (but of course, often do).

This brings things full circle to the original question: Is the library at risk if a teen patron volunteers to share contents of a cell phone?

The answer to that is YES. That risk includes everything from the simple optics of invading the privacy of a minor to compromising their rights without their parent or guardian present. It is a situation that begs for a formal complaint to a board and/or for public relations fallout. When you consider that the evidence to be provided is probably of dubious value, these risks completely undermine the worth of such access.[6]

While it can take more time, addressing things in a calm, formal manner can teach people (particularly young people) that they have rights. For certain disputes,[7] if the library identifies a way to mediate the issue[8] and help the young library users reconcile their differences, that is fine, too.

Thank you for a thoughtful array of questions.

When advising on a policy or set of terms for a library or library system to adopt for children’s library cards, I ask for the following information:

• What are the key objectives of offering a child their own card at your library or library system?
• Does your library need to enforce fines and/or replacement fees?
• Is there anything accessible via an “adult” card that your library would not offer access to via a “youth” card?
• How does your library like to work with parents and guardians?
• Does the card enable more than borrowing materials from the library? (Is it used for computer access, printing, maker space, etc.?)

I ask these questions because in New York State, children can’t enter enforceable contracts, which makes it hard to collect fines and fees. In addition, a lot of the tomfoolery that can lead to a kid losing library privileges can be more easily addressed if the library is in a position to contact that kid’s parent or guardian, but since library records are confidential, the only way to share the information is with informed consent.

“Informed consent” means that when a person signs up for a card, they are informed of the terms (like their parent being a co-signer who is responsible for their replacement fees), and they expressly consent to them.[1]

With that all out there, let’s tackle the member’s questions, starting with the practice of requiring parents/guardians to sign their child’s agreement for a library card.

QUESTION: Is the signature to allow for “parent permission” to access the library?

ANSWER: No, unless the library’s policy[2] sets things up this way. There is no default federal or state law that expressly denies minors access to a NYSED-registered public library.

QUESTION: Are public libraries legally obligated to obtain parent permission before a child of a certain age accesses library materials or services?

ANSWER: There is no default federal or state law that expressly denies public library access to minors.

CAVEAT: Local laws are often oddly specific (and outdated, and unconstitutional) on things like this, so it is possible a local law could require parental consent to get a library card. Whether such a local law would stand up to a legal test is another matter.[3]

QUESTION: I’m assuming that the library would not be liable if, for example, staff allowed an 11-year-old without a library card to read any book they liked within the walls of the library?

ANSWER: “Liability” is a broad word; it covers both criminal and civil (including financial) liability. But if a library is providing an eleven-year-old with access to library materials that were acquired, cataloged, and accessed per library policy, your assumption is correct: there should be no liability.

QUESTION: Does this apply to a child of any age? (I realize unaccompanied minors will eventually come into play).

ANSWER: Yes, regardless of age, there should be no liability for providing access as allowed by the Education Law and library policy.

That said, the younger the child, the more the law will expect that library policy is being used to not create an active hazard. But as the question alludes to, there is a difference between toddlers running amok in the Rare Books room creating physical havoc and a child of any age accessing a print or online copy of American Lion (a Pulitzer Prize-winning book that discusses genocide, slavery, and violence, because it is about the presidency of Andrew Jackson)[4]. One is a physical hazard and a property risk; the other is a simple exercise of the right to read.

QUESTION: So, by extension, is granting an 11-year-old a library card without parent consent legally permissible?

ANSWER: I wouldn’t say “by extension” because that implies an argument needs to be made to provide library privileges to minors. There is NO requirement for parent/guardian consent for a library card unless the library has included it in their own policy (or an oddball local law requires it, which should probably be challenged).

QUESTION: Is the signature [of a parent] an acknowledgement of responsibility for the library materials on behalf of the child?

ANSWER: In and of itself, the signature is simply proof that the adult signing the card agreement accepts whatever terms are in the agreement. So, as reviewed above, if the library or library system issuing the card has made an adult’s acknowledgement of their responsibility a conditions of their child getting a card, then yes.

Along with that accountability, the signature of the parent, along with the informed consent of the child, can be used to put in place things like:

• Sharing a child’s library records with a parent (being able to answer the question “What books does my kid have out? I have to help him return them.”)
• Sharing a child’s fine/replacement fee information with a guardian (being able to answer the question “My granddaughter shoveled the walk yesterday so I would pay for the book she lost. How much is it?”)
• Disclosing and discussing loss of privileges/access (being able to say “As you know, your child doesn’t have computer privileges right now, because he put gum in the all the ports. We look forward to him being back at the keyboard in six months.”)

Many library card applications prompt for this specifically, but according to NYS law, is a parent/guardian responsible for library materials checked out to a minor in their care regardless?

ANSWER: No, except for in cases of extreme intentional damage, where General Obligations Law 3-112 might create that civil (not criminal) liability.[5]

That said, there could be a rogue local law out there. New York is a big place with many odd local laws on the books.

QUESTION: If a 15-year-old minor lost library materials or incurred fines or fees, would their parents still be legally responsible even without giving permission for the card?

ANSWER: No (and not even if they gave permission for the card, unless they also took accountability for fees); the sole exception to that is if the money was due to damage so extreme that a claim could be made under General Obligations Law 3-112.

QUESTION: COPPA and the collection of PII (for online library card signup). Though not required as a non-profit, our library chooses to comply with this policy, requiring parent/guardian consent of online card signup for children 12 and under. Does this mean that a child aged 11 could still, within legal boundaries, apply for a library card in person without collecting consent?

GRATUITOUS COMMENT: In general, public libraries should avoid complying with laws that they don’t have to comply with. COPPA was adopted to protect minors from predatory online commercial behavior; libraries have a completely different (and more rigorous) set of ethics and laws to guard against that concern. That said, it is essential for a library to require and confirm that any commercial vendor or affiliate being used to provide library services is following COPPA.

AND WITH THAT OUT OF THE WAY, HERE IS THE ANSWER: In New York, there is no law barring any person of any age from getting a library card. This means:

1. anyone from 0 to “whatever” can get a library card; and
2. no one can tell them “no” (except on a neutral and rational policy basis, like, “We only give cards to people who live in or work in Buffalo,” or, “We require card holders to be able to be held accountable for fines and fees.”).

That being said, libraries that want to impose conditions on youth and require the agreement of a parent/guardian can do so; the trick is to make sure the reason for the adult’s signature, the conditions it imposes on them, and the rights of the youth involved all line up.

Here are just a few examples of how that can be done:

• Issuing a “Simple Borrowing Card” that enables borrowing at any age, but due to lack of informed consent and no parent/guardian signature of minors, and perhaps lack of additional information (like address), can’t enable certain things (record sharing, fees, fines). For that reason, borrowing privileges might be limited by number of items, to e-resources, or temporary access.
• Issuing a “Full Privileges Card” that enables full range of privileges for adults or youth, but for those under 18 (and thus harder to hold to account), only given with the cardholder’s informed consent and parent/guardian’s acceptance of fiscal responsibility. Could be set up so the accountability accepted by the co-signing adult disappears at 18.
• Issuing a “Supported Borrowing Card” that enables full library privileges but, with informed consent of the cardholder, one or more supportive adults agree to help out with managing returns and other responsibilities that require access to confidential library records. This option could be helpful for cardholders who are bad at returning items,[6] adults who may need extra help for any reason, and youth at libraries that don’t need to have an adult on the hook for fines/fees.

Closing thoughts

This topic elicits much passion and strong feelings from many perspectives.

Many parents, of course, want to be engaged in their child’s selection of media, and being a required part of the library card process is one way for them to play that role. Some libraries might choose to encourage this engagement through policy, while other libraries might simply facilitate it as a by-product of requiring a responsible adult on the card to address concerns related to behavior and borrowing.

At the other end of things, children have a right to read and see the world that by nature is beyond the scope of what many parents/guardians envision, while libraries have an obligation to not discriminate on the basis of age when it comes to library access.[7] So while conditions that enable parental engagement can be imposed and parental engagement can be encouraged, such conditions should never do so in a way that unduly burdens library access.[8]

It is a balancing act, but by having clear reasons for requiring parent/guardian signatures and asking for no more than what is required for those reasons is key.

Thank you for a powerful array of questions.

Here are the state and federal laws specifically barring an employer from disclosing why an employee is out on sick or personal leave.[1]

• New York State Human Rights Law (NYSHRL), whose regulations require that employers maintain the confidentiality of medical information disclosed as part of requesting disability accommodations. 
• The New York State Workers’ Compensation Law, which requires employers maintain the confidentiality of medical records used to assess benefit claims.
• The Americans with Disabilities Act (“ADA”), which imposes very strict rules for handling information obtained through post-offer medical examinations and inquiries. 
• The Health Insurance Portability and Accountability Act (“HIPAA”), which requires employers to protect the privacy of employees' personal health-related information in relation to health insurance benefits.
• The Genetic Information Nondiscrimination Act (“GINA”), which prohibits employers from requesting or using employees’ genetic information.
• The Family and Medical Leave Act (“FMLA”), which requires that all records and documents relating to medical histories of employees or employees' family members created for purposes of FMLA be kept confidential.

This sounds straightforward, but of course, it isn’t, since only the first two laws (NYSHRL and Workers’ Compensation) apply to all employers in New York State, and not all disclosures related to sick or personal leave are “medical information” or private health records.

Here are some examples of disclosures that could be forbidden by law, if the law applies to the employee in question.

• A library employee temporarily reduces their hours using FMLA leave to address a personal health issue; when the library’s board of trustees approves a budget item to hire a temp to fill the extra hours, a board member says at an open meeting: “This is to help with consistent service as [NAME] deals with [DIAGNOSIS].”
• A museum employee is absent from work as a disability accommodation under the ADA, and the co-workers covering her shift are told that the schedule change “is because of [NAME] has [DIAGNOSIS].”
• A warehouse employee who was injured on the job is on leave covered by Workers’ Compensation, and his supervisor schedules a time to go over the accident and review safety precautions with co-workers.
• An office employee who needs disability accommodation provides proof from a treating physician and the documentation is left on the table in the break room for all to see.

Here are some things that could be gross violations of privacy, but without additional factors, would not be legal violations.

• An employee is out on paid sick leave, and although an employer can’t require confidential medical information to use paid sick leave, the employee lets his supervisor know that he has the flu; the supervisor then tells everyone else they work with to “be on the lookout for flu symptoms, since [NAME] is out with a pretty bad flu.”
• An employee is out on New York State paid family medical leave (not FMLA leave, due to the size of the employer) to help her spouse with a serious medical issue. Although the employee has not shared the reason for the leave with co-workers, the HR director organizes signatures on a sympathy card that alludes to the reason for the leave.
• An employee is on discretionary unpaid personal leave to help out a friend who is ill and the reason for the leave is referenced throughout the workplace frequently.
• An employee tells a coworker outside of work time that they can’t take on more hours due to issues with anxiety and depression, and the co-worker shares that information with colleagues.[2]

That said, the answer to this question really is: if an employee is concerned that their information may have been improperly shared or used, or if an employer is concerned about properly safeguarding employee information, consult an HR specialist or at attorney to confirm compliance. 

For employees, there are often legal clinics that can address a question of this nature; check with your county bar association. For employers, there is “Ask the Lawyer” and your local employment and labor law attorneys.

This is a good one to get right, from the start, for everybody. Thank you for trusting me with this question.

The answer to these highly specific questions will assume readers have reviewed the ALA's excellent general guidance at https://www.ala.org/advocacy/privacy/guidelines/videosurveillance and the "Ask the Lawyer" guidance here: https://wnylrc.org/raq/patron-privacy-and-police.

With that background taken as read, let's address these questions related to a closed-circuit camera with audio recording at a school district public[1] library:

Is it legal to record sound [and/or] it is a violation of patron privacy?

In New York, recording third parties without their permission[2] is illegal "Eavesdropping" per Penal Law Section 250.05: a class E felony.

Section 250.05 is part of Penal Law Article 250 "Offenses Against the Right to Privacy," so from both the legal and ethical perspective, such recording is a violation.

Can board members review the tapes?

Assuming the tapes are visual only (and not illegal Eavesdropping), from the legal perspective, a board member could view a security camera recording, but from the ethical and risk management perspective, such viewing should only be per an established policy.

How does this all play out in the real world?

Put plainly:

A non-association library board in New York State considering use of a security camera system should ensure such a system is only used once there is a policy in place, and that policy should address the following questions:

• What is the purpose of the cameras?
• Where are the cameras pointing?
• How does the library ensure use of them is consistent with applicable ethics?
• Are any of the generated recordings patron library records?
• How long are the recordings kept for?
• Once the retention period is past, how are the recordings disposed of?
• How are the records secured against data breach or misappropriation?
• Who gets to view the recordings, and why?
• How will FOIL requests for the footage be handled?
• How will other requests for the footage be handled?
• When the library deems it necessary to retain recordings past their retention term, how are the recordings saved?
• Will any of the records be archived?

Below is a template policy for a non-association public library addressing the above questions.  Areas in yellow may be customized for the needs of a particular library (make sure you remove the footnotes).

Thank you for an important array of questions.

 

NAME Library Policy Regarding Use of Security Cameras and Recordings	Adopted by the board on: DATE
Position responsible for coordinating compliance: Director[3]	Reviewed by the board: Annually

 

POLICY

To achieve the desired balance user privacy assurance and on-site security, any use of security cameras and of records generated by such cameras ("Security Recordings") in the Library will follow the below provisions.

A. Limited Use

Cameras will be used to generally monitor the areas noted on the floor plan or survey attached as "A."[4]

Cameras will never be used to monitor the following: [insert specific areas or angles to affirmatively be excluded; common examples are bathrooms, reference desk, check-out desk].

Cameras will be set up so they do not record the content of media accessed by patrons.

B. Notice

In all areas subject to security camera recording, the Library will post a sign: "The Library values patron privacy and security.  This area is monitored by security cameras."[5]

C. Patron Records

Security Recordings showing people are considered to be patron records and the Library will not release such recordings to third parties without a court order or subpoena.[6]

D.  Viewing and Use of Security Recordings by the Library

The Library will use Security Recordings to address general and specific security needs, including but not limited to:

• Assessing safety concerns
• Addressing Code of Conduct-related incidents
• Assessing operational and facility needs
• INSERT

When footage must be reviewed by the Library, such review must be authorized by either the Library Director or by a resolution of the Library’s Board of Trustees.[7]

When a Security Recording must be retained past the period set by Section G of this policy, for any reason, the basis and plan for the retention must be authorized by either the Library Director or by a resolution of the Library’s Board of Trustees.

E.  FOIL Requests

Request for Security Recordings generated at a particular date and time shall be evaluated by the Library per its FOIL policy.

In keeping with the applicable laws, Security Recordings featuring Library users shall not be made available in response to FOIL requests.[8]

F.  Warrants, Subpoenas, Litigation Hold

Requests to disclose copies of or to retain Security Recordings per a warrant, duly issued subpoena, or "litigation hold"[9] demand will be evaluated by the Library Director or designee with advice of legal counsel as needed.

G. Retention & Data Security

The Library retains Security Recordings for [period decided by Library], unless a specific segment is required to be retained for operational purposes, in which case, such segment is retained for three (3) years as required by the Retention and Disposition Schedule for New York Local Government Records.

The Library may also identify certain footage it decides is worthy of being retained in permanent archives.

H.  Budget and Capacity

The board shall no less than annually review of the budget and operational capacity needed to assure that the retention, disposal, and security of Security Recordings may remain as required by this policy.[10]

The day this story really broke (August 7, 2023, a day that will live in minor infamy), Nathan in my office pointed this issue out to me.

"Did you see that Zoom is going to use customer content to train AI?" he asked (this is what passes for casual morning conversation in my office).

My eyebrows went up, mostly because Zoom was being upfront about it, rather than because it was being done at all (because yes, this is the way of the world now).  That said, there are some tricks libraries and educators—and any business that cares about use of personal data—can employ to resist it.

Not surprisingly, this comes down to two simple things: awareness, and language.

We'll use the recent Zoom scenario to illustrate:

I am not sure how awareness of the new clause first broke (I am going outsource that research to Nathan, and if he finds out, he'll put it in a footnote, here[1]).  But it is clear that fairly soon, consumers were unambiguously aware of the privacy and use concerns posed by the "we'll suck you into our AI" Terms of Use.

Here is the language Zoom used[2] (and has since retracted) to announce it would use our conferences, etc. to train AI:

"[You agree Zoom can use your Content] ... for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom's other products, services, and software, or any combination thereof..."

This is where language comes in.

As the world soon knew, this "old" language listed "artificial intelligence", as well as "training", (although the Terms' dubious use of commas suggests to me that Zoom could use our Content for not just "training" AI, but humans, too... actually an even more terrifying prospect, from some perspectives).[3]  So yes, lots to be concerned about when it comes to "Customer Content" (which is Zoom’s term for the recordings/data/analytics that come from "Customer Input", which is the raw content you put into Zoom[4]).

 Now let's use our awareness of the current Term of Use (current as of August 24, 2023, at least), and see what the language says:

"10.2 Permitted Uses and Customer License Grant. Zoom will only access, process or use Customer Content for the following reasons (the “Permitted Uses”): (i) consistent with this Agreement and as required to perform our obligations and provide the Services; (ii) in accordance with our Privacy Statement; (iii) as authorized or instructed by you; (iv) as required by Law; or (v) for legal, safety or security purposes, including enforcing our Acceptable Use Guidelines. You grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary for the Permitted Uses."

Although not as stark as the old language, there is still a lot of wiggle room to squeeze a blending of Customer Content with AI there.  What if Zoom is "obligated" to provide a service, and decides to use AI to do it?  What if Zoom decides AI is needed for "enforcing Acceptable Use Guidelines?"  What if Zoom decides that AI is needed for your safety, and that, also for your safety, Customer Content must be used to train that AI?

Of course, right now, the Terms also say (in bold, so you know they mean it[5]):

"Zoom does not use any of your audio, video, chat, screen sharing, attachments or other communications-like Customer Content (such as poll results, whiteboard and reactions) to train Zoom or third-party artificial intelligence models".

So can this assurance be trusted?  This brings us back to language.

Back in the day, of course, computer systems were not "trained" (as one would train a dog, or a small child to use the toilet) but rather, "programmed."

However, even in the (relatively) slow-moving world of the law, this is no longer the case.

Here is an excerpt from a recent case[6] where lawyers were squabbling over how to gather "Electronically Stored Evidence" ("ESI"):

Defendants propose the following method for searching and producing relevant ESI:

1) Narrow the existing universe of approximately 27,000 documents...

2) Undersigned counsel reviews a statistically significant sample of the remaining e-mails at issue and marks them relevant/irrelevant to create a "training set;"

 3) That training set is then used to "train" the eDiscovery vendor's artificial intelligence/predictive coding tool, which "reviews" the remaining e-mails and assigns each a percentage-based score that measures likelihood to be responsive...

So even in the law, computer systems are being "trained", and there is a precise meaning to the term (which in plain[7] terms is "repeatedly using data and parameters to create patterns desired by the user").

So, with all that said, let's look at the member's questions:

Question 1: I am wondering if there are any privacy or FERPA concerns that librarians and educators need to be worried about since Zoom is still used heavily in both library and school worlds.

The short answer is: yes.

Question 2: Should we be looking for alternatives or is this just the way of the world now?

The short answer is: yes.

Here is the reason for my first short answer:  Many contracts have what I call a "we were just kidding" clause that allows the contractor to change their terms at will, and without notice.  Here is the one in the current version of Zoom:

15.2 Other Changes. You agree that Zoom may modify, delete, and make additions to its guides, statements, policies, and notices, with or without notice to you, and for similar guides, statements, policies, and notices applicable to your use of the Services by posting an updated version on the applicable webpage. In most instances, you may subscribe to these webpages using an authorized email in order to receive certain updates to policies and notices.

What does this mean?  Even though they are in bold, Zoom can change its assurance on AI at any time.

The reason for my second short answer is this: Libraries and education institutions have incredible commercial leverage when they work together.  For this reason, libraries and educational institutions should always be using their awareness of data, ethics, use, and privacy issues to demand contract language that meets their expectations.

Those expectations will change from product to product. With a product like Zoom, which can generate audio/video/text/analytics/+, including content that later may be part of a student file (FERPA) or a library record (various) the assurances should be:

• All content entered is property of the customer (library or school);
• At all times, all content entered into the service, or content generated with the use of customer-supplied content, may only be used to provide the current service(s) specifically authorized by the customer;
• Any other use of data (for product improvement, for marketing) must be via a specific opt-in;
• Terms cannot change without notice and terms in effect at the time content was generated will govern such content, regardless of future changes;
• Customers can receive assurance that all data is purged upon request.
• Customers can verify that they can enforce and comply with all their own internal policies and obligations regarding data creation, use, and storage.

In addition, libraries and educational institutions should have a clear set of policies for how they, as the potential owners of recordings and other data associated with the use, will use their ownership and control of the content.  It would be unfortunate, to say the least, for a student to find that their college disciplinary hearing for underage drinking is now available on YouTube.[8]

Many public library groups and academic consortia are already working to develop this type of criteria[9] (which should focus more on isolating aspirations and expectations than on legal wording, since legal wording will vary from state to state). And some institutions are designing their own services[10] in order to avoid contract terms that don't meet their criteria.

At the individual institutional level, this means building assessment of such services, and bargaining time, into the procurement process.  It also means thinking through that institution's own particular ethics and responsibilities and developing internal policies to promote them.

So, while this is the world we live in, libraries and educational institutions are well-situated to make a better one. 

Thanks for an important question.

 

For a person who hasn't run into this concept yet, a so-called "First Amendment audit" is an increasingly popular trend where people visit government buildings and demand access to information--along with the privilege to film on site--all in the name of the law, democracy and transparency.

As a lawyer and U.S. citizen, I am all for the law, democracy, and transparency.

The concern raised by the member is that so-called "First Amendment auditors" don't just pop by their local town hall to live out a civics lesson.  Most of these folks are "monetized", meaning they post their recordings on YouTube...for money.  And since nothing draws in viewers like controversy, in the quest to get tens of thousands of hits, "First Amendment auditors" often[1] swap law, democracy, and transparency for rhetoric, bullying...and borderline harassment.

How do these YouTubers[2] create this concern?  As can be seen in their videos, they often come out swinging: filming or streaming while walking around as if "casing" a civic building, knowing that for some workers, this will cause concern.  Further, if/when confronted about what they are doing (usually some version of "Can I help you?") the best YouTubers are masters at using standoffish nonchalance, or passive-aggressive behavior, to trigger suspicion and fear.

Sadly, however, it is sometimes the fearful or angry reaction of those being filmed (town clerks, other employees) that tips things into a legal quagmire...and creates "click-worthy" material.

While mainly focused on municipal buildings (town halls, village halls, etc.) a growing sub-set of "First Amendment auditors" are visiting public libraries. I'd put a link in to some of the more egregious examples that have been created in New York in the last year or two, but I don't want to make money for these folks (they are doing just fine without me).  Let's just say that when the YouTuber is able to hit all the right pressure points, they can really tick off a civil servant--including a librarian.

The frustrating thing is that this doesn't have to happen.

Libraries--even those wholly housed within a municipally-owned structure--are, as the member says, "limited public forums" meaning that the library gets to set policy and rules imposing reasonable, operationally-related parameters on speech ("speech" in First Amendment jurisprudence, includes the right to film and access information).

Among other things, this means that libraries can totally bar or limit filming to certain areas of the library.

Of course, such a bar or limit can't be arbitrary--it must be "rationally related" to the operational needs of the library.  But so long as there is a "rational relationship" between the policy and the needs of the library, such a bar can be enforced.[3]

This means that through policy, a library can decide that patron confidentiality, information access, and the library's overall service to the public require limiting recording and/or streaming on site--a rule that can be enforced just like rules to be quiet in certain rooms, to not eat in certain areas, and to not deface any of the books.[4]

This means that the confident swagger many YouTubers bring to their "audit" game can be met, in the field, with a series of rules restricting their behavior--something (from what I've seen) that many YouTubers are not emotionally nor intellectually ready to honor in the moment.  In other words, just because your policy is legal, doesn't mean a YouTuber will magically turn their camera off!

So enforcing such policy requires forethought...especially since most YouTubers know that if they can get in an argument with a librarian, they will double (or triple) their number of hits.

So, as the member asks: "[H]ow can we stop the filming, as quietly as possible without causing a social media frenzy?"

Here are 10 different tactics[5]:

Have a Policy

Have a policy regarding filming in the library, and make sure that any decision to bar filming is rationally related to library priorities such as protecting patron confidentiality, respect for employees, and smooth operations.[6]

Use Good Signage

However your library decides to exercise its rights as a limited public forum, once it is confirmed in a policy, use prominent and effective signage to inform the public about the rules.

Transparency through FOIL

Since claiming the right to film anywhere in a public library is only part of the YouTuber package, make sure your library has a clear policy and process for requesting library records through the New York State Freedom of Information Law (or "FOIL").[7]

Designated Non-Public Areas

All staff rooms, break rooms, and other areas not accessible to the public should be designated as "No Public Access", with appropriate means of securing the area.  Give your employees a place of refuge (and a place for private information to securely reside).

Select Your Library's Response and Non-Escalation Method

As we've discussed, if you argue with a YouTuber, you might as well just hand them money.

So, while there is no one "right" way to resist escalating a situation, each library should pick its own particular brand of how to keep interactions with YouTubers civil, non-confrontational, and above all very, very, very boring.

For those libraries that do allow filming (whether without restriction,[8] or with some limits), but want to be part of the narrative, I like the idea of chatty engagement about the library's mission, services, and budget (and fundraising).  After all, the YouTuber is there to get information...why not provide it?  Think of the YouTuber's visit as a chance to inform the public of the history of the library, to showcase its services, and alert the public as to how they can donate money to support special initiatives (this is a good reason to have a copy of the library's annual report on hand). If YouTube is helping to draw attention to your library, you might as well put your best foot forward!

For those libraries that don't allow filming, or restrict it to certain times/areas, ensuring that a person who is attempting to film in the library is aware of the duly authorized and posted policy is essential.  After that, if a person persists in violating the policy, a response is down to what enforcement method is selected and practiced, which can include a combination of:

• Policy enforcement in the moment (using practiced security procedures);
• Policy enforcement after the moment (the recording happens without confrontation, but there is a subsequent action for trespass, or other action under Code of Conduct);
• Deliberate non-engagement with the YouTuber using pre-determined language ("It is against our policy for you to film in this location"; and/or "You do not have my consent to film me, I consider it harassing; please stop." said once, calmly.[9]);
• Use of pre-determined, quiet withdrawal of most employees into employee-only areas.

Do not argue. Do not debate. 

And finally, it is important to acknowledge: for some library employees, the visit of a YouTuber can feel threatening (remember, many of these entertainers are trying to get a rise out of people). So as with any other interaction with the public, the clear message to employees must be: Safety First.  If employees are feeling threatened, they should withdraw using the same protocol in place for other safety concerns.[10]

Practice, Practice, Practice

Once there is a policy and clear, engaging signage, set aside time to train employees in the policy, and give them time to practice addressing YouTubers in a non-confrontational manner.  Use role-playing techniques (done right, this can be a fun exercise, even though the actual event might not be so fun).

Coordinate with Security

Not all libraries have private security, but for those that do, make sure they understand what is at stake when dealing with a YouTuber; include security personnel in the practice sessions (if time and budget allow). At the bare minimum, confer with the local police department to know what the response will be if the situation warrants intervention by law enforcement.[11]

Remember: YouTubers are Human, Too

I know it can be hard to recall when someone is pointing a camera in your face and wandering about your library looking like they are creating a map of its security vulnerabilities, but one thing I've learned from working with libraries who have lived through a "First Amendment audit"[12] is that very often the visitor is a member of the community.

In fact, some libraries have received calls from national groups in advance alerting them that a longstanding member of the community will be visiting to film!  (I suspect the "advance warning" was to create an adrenalin rush, but the library was able to use its long-standing relationship with the person to make it a positive interaction.)

So long as a library employee dealing with a YouTuber feels confident about their safety, thinking about the YouTuber as a person who is genuinely curious about your library, and treating them as just another patron on a quest for information, can help cut down on click-bait drama--and serve the mission of the library to provide access to information.

Maintaining that type of perspective is easier if the employee is:

          a) confident that they know the library's policy about filming in the library;

          b) confident that the policy is clearly posted;

          c) confident that the library is on solid legal ground;

          d) confident of how the library as a whole responds to Code of Conduct violations;

          e) confident that the library abides by the law governing access to information; and;

          f) confident about if/how to engage, because they have practiced techniques for positive interactions and non-escalation, and they know leadership will have their back.

And that is how a library can turn YouTube drama into a non-dramatic civics lesson. It is not fool-proof, because if a person is determined to enter a library and create a scene, they will create a scene. But with good policy and practice, a library and its employees won't contribute to it.

Thank you for a great question!

 

 

---

[1] I say "often" because there are some people out there who get this right--and if we are now getting our civics lessons on YouTube, I want to give credit when it is due.

[2] I will not call them "auditors". In my world, an "auditor" reviews your financials, and looks for holes in your fiscal controls.  I call them "YouTubers" or "person recording in the library" because that is a more accurate appellation.

[3] For more on that, see the training video and related materials from the Empire State Library Network's presentation, “Libraries and First Amendment Audits,” which are available through the links found here. This resource also spends a lot more time on the legal underpinnings of what I am summarizing in this "Ask the Lawyer"...so if you want more info on this topic, that's the place to go!

[4] In New York, it is also a crime to deface library books...but it can still also just be a violation of policy!

[5] I urge any library considering any of these to view the ESLN materials, and to discuss their selected tactics with their lawyer.

[6] A model policy is included in the ESLN materials.

[7] For more on that, see the Ask the Lawyer response found here.

[8] At the bare minimum, a policy barring filming of: other patrons without written consent, computer screens, the reference desk, and the circulation area(s) is wise.

[9] This can come in handy later, during efforts to remove a video or to pursue other consequences as a result of the behavior.

[10] If the library currently doesn't have protocols for this, a visit with local law enforcement, private security, or a consultant to develop them is a very high priority. This can go hand-and-and with an OSHA-style "Workplace Violence Prevention Policy."

[11] Only your library can determine what the trigger for calling law enforcement is.  This is something to be discussed and (yes) practiced.

[12] To hear from these libraries, check out the ESLN training materials I keep mentioning!

This question comes at us from a school district public library and supporting Board of Cooperative Educational Services ("BOCES").

One thing I knew very little[1] about when I started doing "Ask the Lawyer" was school district public library systems.  These are systems coordinated through a regional BOCES, creating a network of library resources, governed by their own section of the New York Education Law (and regulations, and Regents rules).

Over the years, the existence and importance of school district public library systems has grown more and more obvious to me--to the point where now, if you are so unfortunate to be trapped in an elevator with me, I might tell you all about them from ground level to the 32nd floor.[2]

One thing I would mention, around floor 15 or so, is that school district public libraries (and systems) have to balance privacy and data security obligations from a wide array of different state and federal laws.  I have written on this before (see "Ask the Lawyer #67, #80, and #143), and won't re-hash that here, except to say: everything in those past answers impacts this question.

With those prior columns as background, the answers to the member's three questions are:

For an Interlibrary Loan Electronic Transmission (whether printed out and included with the item(s) or sent via electronic means) in a K-12 setting, can a student's name (the one ultimately borrowing the item) be used in the "receipt" or notification slip?

Yes, if the library's policy requires it for the "proper operation" of the library (CPLR 4509), AND if the school can assure that only those who need to see it (for the benefit of the student) will see it (FERPA) or the student has signed a FERPA waiver, AND if all the required measures for data privacy are in place (ED2-d).

Should a student's School ID number be used? Can both be used at the same time?

Yes, if the library's policy requires it for the "proper operation" of the library (CPLR 4509), AND if the school can assure that only those who need to see it (for the benefit of the student) will see it (FERPA) or the student has signed a FERPA waiver, AND if all the required measures for data privacy are in place (ED2-d).

Is it taboo to have a student's name in ANY electronic transmission?

No, but school district and BOCES systems creating and transmitting such records should always be confident that the use of the student's name is in a document generated and transmitted per applicable policy.

This is tougher than it sounds, since schools now have so many electronic systems facilitating record-making and communication--a situation compounded by online learning during the pandemic.  Further, the decision to use those systems might be driven by function and cost, with only secondary attention being paid to privacy, as addressed in "Ask the Lawyer" #67, #80, and #143.

Since this question is rooted in interlibrary loan, I'll end with an example.

Below is a partial screenshot from the demo screen of OPALS, a popular ILS used by school district libraries (and other types of libraries, too).

As you'll see, OPALS enables the "viewing of all the borrowers in an attending class...."

There is nothing inherently wrong with this type of grouping of borrowers, so long as the district has addressed the various privacy obligations, and made sure the functionality and use of the system (in this example, OPALS) align with the school's approach and policies on privacy.

In other words, nothing should be left to chance.

So, with that, my ultimate answer--to all three questions-- is: any time a public school student's name is listed on a library record that leaves the bounds of the library (the "real" or virtual bounds), every unique way that happens (injury report, student discipline, interlibrary loan) should be covered by policy.

Now, let's consider how this issue looks "on the ground."  I poked around a bit, and while I found many interlibrary loan policies for school district library systems/BOCES in NY, I didn't find one that went so far into the weeds as setting terms for how/when to include borrower names on the routing slips (printed or electronic).

Chances are, that's usually more of a "standard operating procedure" thing, rather than something set by formal "policy."[3]

But with increasing interconnectivity between library other school systems, it might be worth formalizing in future interlibrary loan policies.  For instance, one sentence: "When effecting interlibrary loan, cooperating libraries shall mutually adhere to the other libraries' and systems' policies regarding borrower privacy"[4]  is a sample of how to add a quick reminder about this critical consideration.

Because as the member's questions indicate, we can never be too "in the weeds" on privacy.

Thank you for an important array of questions.

 

---

[1] Okay, actually, nothing.

[2] In this mythical trip up 32 floors, we are visiting Buffalo City Hall, which if you have never seen, is a must-visit location.

[3] New York is a big state!  I have no doubt there is a policy that does address this.  If your district has one, please send a link to info@losapllc.com and reference this RAQ.

[4] This is just sample language...no matter what you select, make sure your school district's attorney or BOCES system director reviews and approves any policy before it goes into effect!

These meeting-room related submissions to "Ask the Lawyer" were inspired by two separate resources: the first one, an "Ask the Lawyer" RAQ on meeting room policies, and the second, an ESLN-sponsored training.

If you've read the questions, you know they will not have the same answer.  So, as recent viewers of the new Spider-Man movie may have asked,[1] why the mash-up?

Because the answers share the same foundation: the rules around community access to space.

The first question is based on a concern we addressed in the RAQ on meeting room policies.  Here is the part that inspired the question:

"No, there is no legal requirement for public libraries to limit access to space to non-profit organizations.

However, there IS a requirement for any "charitable" entity[7] in New York to not allow any of its assets to “inure” to any one individual, while non-association libraries have to follow an even stricter rule against "aid" to individual people or businesses as set by the NY Constitution (this is why a town library can't use funds to throw a big "bon voyage" party to celebrate a retiring employee, but its not-for-profit "Friends" can)."

The second question is asking for model language, within the framework of what is allowed, to protect the rights of those using the rooms.

So, like a webslinger arcing majestically from issue to issue, let's do this.

The First Question

Is a person using free resources at the library for personal gain violating the law against "inurements"?  Most likely: no.

The resources at public libraries can often serve as the first, critical building blocks of a small business.  A person wanting to research an idea, create a 3-D printing of a product prototype, select neutral ground to meet a potential investor, or offer compensated services (such as tutoring) can often find what they need--for free--at the library.

The dawn of the co-working space might be changing this for people who can afford to rent space in a co-working facility that will supply desk space, internet, and even a mailing address.  But for fledging entrepreneurs on a budget, the free resources and information provided by libraries can be essential.

And why doesn't such use of library resources for a business/personal gain risk tripping the bar on "inurements"?

Because the resource is available to the community equally, per library policy.  In the member's scenario, the library is providing first-come, first-served space suitable for, among other things: group work, a political discussion, or tutoring (with or without compensation).  The library is providing a place for people to sit and talk, so long as they arrive in time to gain access to a finite resource.

Once people are availing themselves of library services, a library can't set further rules about the relationship between the parties; so long as their interaction remains within library policy (not disruptive, not in excess of established time limits, etc.). In other words, the relationship between the parties, or an activity that fits within authorized use, can't change the otherwise compliant use of the library space.

Where the member's scenario could get out of hand would be if:

• The tutor starts advertising for services and uses the library as a business address;
• The tutor starts "camping" (holding the space past established limits) in violation of the policy;
• The tutor is an employee or independent contractor whose company specifically requires offering the services in the library;
• The library has a policy against any compensated activity, whatsoever, being conducted on site.[2]

In each of the above examples, the service is exceeding the use generally available to any person using the library.  This is where the "inurement" can begin, and the use of public library resources for unambiguously private gain would begin.  But so long as no one is claiming or actually using the resource in excess of what is generally allowed, there is no issue.

The Second Question

Now that we've reviewed that "what applies to one must apply to all," we can turn to the other question: how can a library designate space used per policy and by reservation as "private," to avoid meeting crashers?[3]

Below this answer is listed a myriad of resources from the ALA[4] on this topic.  I urge readers to review these, as each one sets out important considerations on the use of library space.  But for now, we're dealing with this single, incremental question in the State of New York.

Once a library policy sets the terms of community access to private meeting space, here is language for signage at the entrance to the meeting space:

When reserved, this space is for designated users only.  To reserve this space, or to obtain a copy of the rules and contract for reservation, please visit [INSERT] or [INSERT].

A library can make this posted language as friendly ("This room is only for reserved events, and is private when in use.  Visit our circulation desk for more information!) or imposing ("Reserved, please do not enter without permission.") as it likes. The important thing is that the rules and terms of use are consistent with the law,[5] clearly established by a board-approved policy, and uniformly applied.

And there we go!

Thanks to both members for their insightful questions.

Additional Resources

For those of you who wanting more at the intersection of law, libraries, and meeting rooms, paralegal Klara in the LOSA[6] assembled this list of resources from ALA:

1. Meeting Rooms: An Interpretation of the Library Bill of Rights

- overview on library meeting rooms, suggestions for policies

2. Meeting Rooms Q&A

- includes standard definitions for terms included in policies

- lists what meeting room policies should cover

3. Guidelines for the Development of Policies and Procedures Regarding User Behavior and Library Usage

4. The Library's Legal Answers for Meeting Rooms and Displays

- an ALA eBook by Mary Minow, Tomas Lipinski, Gretchen McCord

- limited public forum vs. designated public forum vs. nonpublic forum

- lists legal cases relevant to library meeting rooms and exhibit spaces

5. OIF Blog - Library Meeting Rooms for All, by James LaRue (former director of the ALA Office for Intellectual Freedom)

 

 

---

[1] The answer to the Spider-Man part of this is of course obvious: because it’s a witty convergence of web-slingers.  Of course, as a Gen X nerd (b. 1973), I was a target demographic.  Well played, Marvel.

[2] Such a policy would be far too overbroad. If a paid babysitter takes the kids to the library regularly, would that be a violation?  If an accountant uses a library computer to check the tax code, would that be a violation?  If a professional writer uses the reading room every day to write/think/draft, would that be a violation?  That said, a policy against the sale or distribution of material items makes sense.

[3] Including those identifying as "First Amendment auditors"...a term I am loath to use.  I am a huge fan of the First Amendment, but those claiming to “audit” for it often demonstrate a less-than-fully developed familiarity with the Constitution. To me, people trying to film in a library while asking questions about budget, etc. are just "people who want to record in the library," and they warrant the same respect, and must follow the same rules, as other people who may want to record in the library.

[4] ALA is the national go-to for information on library matters, and we try not to replicate materials already available.  At "Ask the Lawyer" we deal with the legal nitty-gritty in New York, only.

[5] For more on that, see that meeting room RAQ HERE

[6] "LOSA" = The Law Office of Stephanie Adams, PLLC.

When people see a lawyer to complain about the misuse (or “misappropriation”) of their image, there are several legal theories that lawyer might assess the situation for, including:

• Violation of image rights
• Copyright violation
• Trademark violation
• Defamatory content
• Illegal or proprietary content (this is a long list, but includes things like an image obtained illegally, trade secrets, or criminal content)
• Contract violation
• “Terms of Use” violation (if posted in/on a venue with such terms)

In this case, a historical society was making a documentary and, in the course of filming, inadvertently captured a photographic image of an unrelated private person in the background.

Of the items listed above, there are at least two, and perhaps three legal claims that could apply:

1. The person in the photo could claim their image is being used without their permission for commercial purposes;[1]

2. The person who owns the copyright to the photo could claim that including it in the video is infringement;[2]

3. The person who commissioned the other project, using the photo, could have required the image be kept confidential, meaning that including it risks a violation of a contract.[3]

Of these three, the first two could pose a claim against the historical society, and the third could lead to them being named as a witness.

For a small documentary project with no commercial purpose (the video is not for sale, and not being used to fund-raise), the chances of a person having the right incentive to bring a costly legal action seeking damages is low. That said, money is not the only thing that motivates lawsuits. So how could the historical society mitigate the risk?

Option #1: Ask Nicely

One option would be to disclose the incidental use in advance and get written permission from the subject of the photo and from the photographer. With the right permission secured and documented, there is no chance legal action would be successful. And if either says “no,” you still have two other options...

Option #2: Make it Blurry

The second option would be to blur the image; if the image is not recognizable, then the first two claims would be non-existent, and there would be little evidence to support the third. Of course, this can be a pain and might not be the best choice from an aesthetic standpoint. So there is also...

Option #3: (Carefully) Roll the Dice

As a third option, the society could engage in calculated risk-taking by: a) verifying they have insurance for “advertising injury” (and confirming that it doesn’t exclude image rights and copyright claims); b) obtaining a legal opinion stating that the non-commercial use means there is no image rights claim and that the inclusion of the copyrighted photo is fair use[4]; and c) hoping no one gets mad.

Of these three options, each has its own drawbacks, but I am a fan of Option #1, as it not only removes all doubt but ensures the society won’t have to deal with negative publicity and people taking sides in a squabble about image rights. When organizations depend on reputation and goodwill for donations and community support, diplomacy is wise from both the legal and relational perspectives.

Of course, for a larger endeavor (a documentary with a serious budget, or perhaps with the backer of a grant or a major donor), this type of issue can be addressed on the front end through waivers and participation agreements. But for a small organization capturing local history in the making, the above three approaches can work after-the-fact.

 

Thank you for the thoughtful question.

Thank you very much for your kind words!  And for submitting this question.

For "Ask the Lawyer" readers who don't follow the State's "Open Meetings Law" (the “OML”) with regularity, the new rules that the member is referring to are the revised Section 103(e) of the OML.  The "Ask the Lawyer" that the member refers to is "Availability of Open Meeting Documents".

In that RAQ, we discussed the extent of a library board’s new obligation to ensure that certain materials used during open portions of trustee meetings be made available at least 24 hours in advance...and how, if a library routinely uses its website, those advance copies should be posted on it.

Given the new requirements, Tim's question is a practical one: "Do working documents being shaped and edited at committee meetings need to be posted in advance of the committee meeting?"  In other words, if the document is in flux, and subject to change even during the meeting, must a copy be provided in advance?

In considering the answer, I of course checked the law and the latest commentary from New York's "Committee on Open Government" (the "COOG"), which is the arbiter of all things OML. However, since Tim mentioned checking in with his gut, I also checked in with mine.

To do that, I pictured myself as the attendee at a meeting of my city's[1] common council. I envisioned them discussing a policy on the agenda: the formation of a police advisory committee.[2] I then pictured myself checking the meeting packet that was put on the City's web site 24 hours prior to the public meeting, to see if a copy of the policy is in the packet.

Here are five scenarios of what happens:

Scenario 1: I check the packet: there it is! As the committee members discuss the proposed policy, I am able to meaningfully link their commentary to the written document.

Scenario 2: I check the packet: there it is! But then, the Chair of the meeting says "Before we begin, I would like to add that this morning I received a proposed new version of the policy for us to consider.  The new version adds a paragraph to the version that is in your packet.  That version was emailed to council members this morning." As the committee members begin to discuss the proposed policy, and the new paragraph, I am able to meaningfully link their commentary to the written document--except for the new paragraph.

Scenario 3: I check the packet: there it is! But then, the Chair of the meeting says "Before we begin, I would like to add that this morning I received a proposed new version of the policy for us to consider.  The new version adds a paragraph to the version that is in your packet.  That version was emailed to council members this morning, and I am going to ask the clerk to place a version in the video feed [in a way public attendees can see] as a courtesy." As the committee members begin to discuss the proposed policy, and the new paragraph, I am able to meaningfully link their commentary to the written document--even the new paragraph.

Scenario 4: I check the packet: there it is!  Twice?  Hmmm.  As the agenda item is called, the Chair of the meeting says "Before we begin, I would like to clarify that we have two versions in the meeting packet because two versions have been submitted for review and consideration at this meeting." As the committee members begin to discuss the proposed policy, and the two versions, I am able to meaningfully hear their commentary on the precise wording as they discuss intent, concerns, and possible revisions, although I have to toggle between versions to keep up.

Scenario 5: I check the packet: it's NOT there!  When the committee reaches that agenda item, the Chair of the meeting says "Because this policy is under review in various offices, who may submit changes before our next meeting, and there are a few versions under discussion, we haven't posted any version yet." As the committee members begin to discuss the proposed policy, and the different wording, I am unable to meaningfully connect their commentary to the writing they have based it on.

Checking in with my gut: in either "Scenario 2" or "Scenario 5," I might be irritated to the point where my gut might review the law to see--has the council followed the law?

And when my gut checks with the law, I see this commentary from the COOG[3]:

So with that, I answer the question ""Do working documents being shaped and edited at committee meetings need to be posted in advance of the committee meeting?" as follows:

Even if a policy is in draft form, or if multiple versions are under review, if it is on the agenda of a public meeting for discussion, the version or versions under review should be included in the meeting packet, to allow for meaningful public access to the materials.[4]

That said, recommendations, opinions, or similar materials regarding such policies under development do not have to be shared, and revisions not ready in time for posting (even if discussed at the meeting) do not have to be made available/posted in advance.

Thank you for a subtle and thoughtful question!

 

---

[1] The beautiful, if somewhat bedraggled by an industrial past, Buffalo NY.

[2] This was not a huge stretch, as that topic actually is under consideration by Buffalo as of April 2022.

[3] Full text available at https://opengovernment.ny.gov/system/files/documents/2021/11/disclosure-of-records-scheduled-for-discussion-at-open-meetings-112221.pdf as of April 6, 2022.

[4] Although the law does not require it, when doing so, I strongly advise that the version include a header or some type of other indicia showing that it is a draft copy for review only, and the version date (of course, archivists and clerks?).