Templates

Every employer struggles with this issue: give employees enough access to electronic information to do their jobs, but protect that information from accidental disclosure, file corruption, and theft.

Solid practices like routine security updates, back-ups, password re-sets, and employee training can help a library avoid the worst IT disasters.  But what if someone in a position of trust simply abuses their access?  What if a scenario like the member's question should arise?

There is a process to address this type of scenario.  In order to ease an adrenalized mind,[1] it is presented below in grid form.

Upon suspicion that files have been removed or inappropriately removed by a former library employee, follow these steps to assess what recourse a board might have:

Action	Why you do this	Results
1.  Upon suspicion that files have been removed, if possible, do not take further steps alone. Create an "Initial Response Team" of at least two people to do the next four steps, and designate one of them as the note-taker and document-keeper. If your library's computer system is supplied or supported by a cooperative library system, one of these people should be from the system.[2] Organizing a time-line and take photos or screenshots of information showing the potential problem.	The facts you assemble and first steps you take may have far-reaching consequences for your library's response and recovery, as well as for the potential wrong doer. At this stage, however, you'll just be documenting what appears to be missing.  No deep-dive investigation.   It should only take an hour or two.[3]	Initial Response Team formed and responsibilities of team members made clear. Note-taker assembling information.
2.  Without letting it take more than an hour (or two) and without making any changes to your system, assess and create an informal list of what appears to be missing (file types, specific types of information, locations), when this was noticed, and what the first signs of the concern were.  This will be your "Initial Inventory."	You need to have a foundation for your next steps, so you're creating a quick description of the possible situation.	An Initial Inventory you will use in the next few steps. Note: The "Initial Inventory" is not an attempt to assess what happened, just to list what might be missing, and a few initial details.
3.  Look over the Initial Inventory.  Could any of the missing files contain personal/private information, such as: name, address, date of birth, ssn, library card number, credit card information, contact information, banking information, health-related information, computer use, passwords, or circulation records?	If the answer is "yes," add the phrase "…possibly includes loss or compromise of private information and/or library patron records" to the Initial Inventory.	This part of the Initial Inventory will help those assessing the issue quickly appreciate the possible privacy and confidentiality  implications of the situation.
4.  Contact the library's insurance carrier, and alert them that you may have had a loss of data related to "unauthorized computer access that may involve a former employee." If your Initial Inventory includes a "yes" to Step #3, also state: "The situation may have involve personal and confidential information." If your initial contact is by phone, confirm the notice via a letter or e-mail.	Depending on your library's insurance type, you may be covered for this type of event. Notifying your carrier and following up in writing will help the library determine if the carrier will provide coverage and/or assistance for the event.	Timely notice to the library's insurance carrier, enabling your carrier to let you know if you have coverage and if they can provide assistance in recovering from the event. NOTE:  If the event is covered, some or all of the remaining steps could be impacted by the participation of the carrier.
5.  With the Initial Inventory complete and the carrier on notice, the board (or director, if the board has delegated the right amount of authority to them) must decide who is in charge of next steps: the full board, a board committee, the Director and a team, or any combination of people needed to assess the matter.  This "Response Team" should have the power to appoint a qualified professional to assess the situation, to retain legal assistance if warranted, and to recommend a final course of action to the board. In no event should a report to the board (or Executive Committee) extend the timeline for arranging a response beyond 3 business days.	Unauthorized computer access involving a former director (or any employee) is serious enough to warrant board involvement, whether or not personal and confidential information. This is especially true since, in a worst-case scenario, the library may have to report a data breach, expend resources to re-create or retrieve the information, work with an insurance carrier to recover from the loss, consider if any aspects of the former employee's contract or severance apply (if there was either/or) and based on what is discovered, consider whether or not to file a report with law enforcement.	Clarity as to who is in charge, what level of authority they are working with, and who they will bring on to assist with the investigation and recovery.
6.  Alert the library's lawyer by sending them a copy of the Initial Inventory, and connect them to the Response Team, so they can assist at needed.	It will be the lawyer's responsibility to work with the Response Team and others to ensure the library is positioned to seek relief from the carrier or the former employee, to assess any relevant contracts (for instance, if the files were deleted from a cloud server), and to advise the board about filing a report with law enforcement, or pursuing civil remedies.	Attorney-client privileged input to help assess response options in the best interests of the library.
7.  The Response Team should retain a qualified IT/data security professional to assess and develop an "Incident Report" with a Final Inventory of what is confirmed as missing, a conclusion as to how it went missing, and if/how it can be recovered.	This should be done within 3 days of discovery and before there are any changes to the system.   Ideally, this work should only be performed after the library and the IT professional sign a written contract that is reviewed by the lawyer.	A contract with a qualified firm; A certificate of insurance from the professional firm; A written Incident Report from the firm.
8. Based on the value, sensitivity, and type of information in the Final Inventory, work with the IT professional and lawyer to assess any legal steps the library must take to recover or to give required notifications of data breach.	Depending on what went missing, the library could have concerns under any number of laws.	The final recommendation should be a memo to the board, regarding any necessary steps (or confirming not are needed).
9.  Based on the complete Incident Report's assessment of what is  missing, how it went missing, and if/how it can be recovered, and any relevant details about the employee, develop a course of action.	For more on this aspect, see the rest of this RAQ.	Recourse.

What happens as part of number "9," is the actual answer to the member's question.  But until a library follows steps "1" through "8," it can't fully know its options under "9."

And what can happen as part of "9"?  The range of consequences for unauthorized computer access and/or data destruction is vast, running from criminal penalties to civil remedies.  And if considered with solutions for how a library can recover from the loss, there are further possibilities.

If I was on the board where a former director removed all the library files from a library owned-computer that relate to the running of the public library, at the end of the day, here's what I'd want get out of "The Files Are Gone" process:

• Know if the files were simply removed, or if they were removed and accessed/disclosed beyond the library;
• If they were disclosed beyond the library, what the library must do to address that (including special considerations if personal or confidential information was accessed);
• If the files were only removed, know if they can easily be replaced, or if they were the library's only copy;
• If they can't be easily replaced, how much it will cost to replace them, and any negative impacts we'll experience until we do;
• How we have concluded the files were removed by the former employee, if they were an employee when they did it, and what the due process is for addressing that;
• If (based on all the information gathered, and more that will be specific to the situation), the board should contact the police, or consider a civil claim against the former employee.

By demanding solid, well-documented and qualified answer to these questions (What happened?  how does it impact the library?  What can we do?) a board member is being a good fiduciary, and positioning the library to identify the best recourse.

Now let's say that, in the grand scheme of things, the "missing files" appear to be pretty minor (and do not involve private information).  Let's say that, for whatever reason, the outgoing employee deleted all the library's "standard operating procedures." Not the policies--those are on the library's website and backed up in numerous places - but all the details about (as the question says) "running the library:"  How to organize the courier manifest.  The templates for the volunteer letters and community meeting notices.  The budget template and calendar for strategic planning.  Their own emails on their library account.  Nothing private, no circulation or credit card information, but a body of work that represent hundreds of compensated hours…lost.

This may seem like the kind of loss that isn’t dire enough to warrant the steps I have outlined above, but it absolutely is.  First, only a professional can say when data is truly "lost" (especially emails).  And even if, at the end of the day, there is a board decision not to pursue any consequences (privately, civilly or criminally), such (in)action must be based on good information--not just the result of a decision not to investigate in the first place.

The budget for such response, if planned carefully, can be very modest (under $1500).[4]  Reaching out to a library's system and regional council to find the professional you need might help the library get those services at a reasonable price (and again, depending on the system-library service agreement, much more).

Why am I adamant about this follow-through, even for a "small" incident?  Because sometimes a "small" incident is only the tip of a much larger iceberg.  Unauthorized data destruction by a former employee could be a serious breach of their duty, the law--and even their oath of office.  But it might not be.  The right response, and the fair response, can only be formulated through careful documentation and analysis.

This is what positions the board to know what recourse it can take, when presented with such a serious situation.

Thank you for trusting "Ask the Lawyer" with this sensitive question.

 

 

---

[1] If you are reading this while working on this type of issue, take a deep breath.  You've got this.

[2] There are too many types of IT supply/support arrangements out there for me to be more precise than this.  Some systems are essentially the IT department for their member libraries. Others are not.  This aspect will be governed by the System's member contract…but generally, a good place to start is on the phone!

[3] In keeping with the question, this chart addresses what to do if the person involved is former employee.  If the person is a current employee, the Response Team should include someone qualified to assess an appropriate response that ensures 1) due process for the employee; 2) security for the investigation; and 3) stability for ongoing operations of the library.

[4] Is this a low-ball figure?  Could it be much bigger?  Yes. But if it gets much bigger, that should be because it's actually a big problem that needs to be solved.

 

There are many technical aspects to this question, and this answer will explore many of them.  But first, I invite each reader to sit back, close their eyes, and envision the types of information their library takes in, maintains, or manages digitally.

Name…address…phone number…e-mail…library card number and account information.  Perhaps a driver’s license, or other photo ID.  Credit card information? Job applicant information, payroll, and employee data….  Donor information.  Survey responses.  Licensed lists.  Content related to digitization.   And (of course) every digital record related to a library’s core function: providing information access.

Now envision what someone with less-than-ethical intentions could do if they accessed or appropriated that digital information:

Disclose confidential library records…sell active credit card information on the dark web...use the information to design a very convincing phishing[1] scheme….

And I bet you can easily think of more. 

Scary?  You bet it is.  This is the type of risk-management New York’s lawmakers had in mind when they enacted the SHIELD Act[2], a far-reaching amendment to the state’s laws governing data security.

And as the member points out, the changes will impact your library.

So, what does this law require?

A lot. 

And here is where we get technical.  Because the law will hit different types of institutions differently, this “Ask the Lawyer” can’t give you a word-by-word recital of the precise obligations the SHIELD Act will impose on your institution.   But it can give you a plain-language DIAGNOSTIC FORM to help your board, your director, and your (internal or external) IT team a tool to start assessing your obligations.

So here, without further ado, is the ‘ASK THE LAWYER’ SHIELD ACT DIAGNOSTIC FORM.  If you have a buddy to fill this in with, I suggest you invite them to help, this is not the type of exercise to do alone.[3]

 

	Diagnostic question   [NOTE: Any member of a library council in the State of NY is licensed to make a copy of this form for diagnostic purposes. However, THIS IS NOT INDIVIDUALIZED LEGAL ADVICE and no legal conclusion about the obligations of your institution should be made without the input of a lawyer.   That said, filling this out will help that lawyer help you a lot faster.]	Your Answer	Significance
1.	Does your library collect electronic versions of “personal information” as defined by SHIELD?   Here is the definition of “personal information”: "Personal information" shall mean any information concerning a natural person which, because of name, number, personal mark, or other identifier, can be used to identify such natural person.		If your library collects “Personal information” as defined by SHIELD, it may be subject to SHIELD’s requirements.    So, if you marked “yes,” keep going!
2.	Does your library’s network or equipment collect electronic versions of “private information” as defined by SHIELD?   Here is the type of data that, when combined with “personal information” becomes “private information” protected under SHIELD: (1) social security number; (2) driver's license number or non-driver identification card number; (3) account number, credit or debit card number, in combination with any required security code, access code, [or] password or other information that would permit access to an individual's financial account; (4) account number, credit or debit card number, if circumstances exist wherein such number could be used to access an individual's financial account without additional identifying information, security code, access code, or password; or (5) biometric information, meaning data generated by electronic measurements of an individual's unique physical characteristics, such as a fingerprint, voice print, retina or iris image, or other unique physical representation or digital representation of biometric data which are used to authenticate or ascertain the individual's identity; or (ii) a user name or e-mail address in combination with a password or security question and answer that would permit access to an online account.		If your library collects “private information” as defined by SHIELD, it may be subject to SHIELD’s requirements.    So if you marked “yes,” keep going!                       (NOTE: if any libraries out there are using biometric records like retina scans in place of library cards, please let me know, because that is Bladerunner-level cool).
3.	Does the “private information” your library collects include information from residents of New York?[4]		If your library collects “private information” relating to New Yorkers, it may be subject to SHIELD’s requirements.    So if you marked “yes,” keep going!
4.	Is your library part of a larger institution such as a school, college, university, museum, religious institution, or hospital?		If the answer is “yes,” then STOP.   Your work on SHIELD ACT compliance should be coordinated with your full entity, who should be sensitive to not only your library’s obligations under CPLR 4509, but your institution’s obligations under SHIELD and other data security laws like FERPA and HIPAA.[5]   Don’t go rogue!
5.	Does your institution contract with another entity, like a library system, to maintain private information?    EXAMPLE: When a person applies for a library card, does the personal information supplied stay on the local library’s network, or does it simply flow through a terminal at the local library to a system’s network? This is a very common arrangement in NY.	If “yes” list and attach the contracts, along with the information maintained by the contractor.	This question applies to both parties.   If the answer is “yes,” gather the contract(s) governing the arrangement(s), and be ready to check the contracts for assurance of SHIELD compliance. This includes assurance of “reasonable security requirements,” and a clause governing data breach notification.
6.	Now, aside from information maintained on another entity’s network as listed in #5 above, (library system, payroll service, credit card service provider, etc.) does your institution maintain any computer system with private information?	If yes, list the information gathered and where it is maintained:	If the answer is “no,” you only have to follow step #7, below.   If the answer is “yes,” make an appointment with your IT team, and be ready to do steps #7 through #15, too.
7.	Contract compliance check:   If you answered “yes” to #5, above, the contracts governing that relationship would be clear about SHIELD Act compliance, including the notification procedures for data breach.	Who is the person at your institution who will do this work with your contractors?	This is a smart step because contract vendors must meet this standard: Any person or business which maintains computerized data which includes private information which such person or business does not own shall notify the owner or licensee of the information of any breach of the security of the system immediately following discovery, if the private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.
8.	Okay, so it looks like my institution has to comply with the SHIELD Act.  What does that mean?   Well, firstly: Any person or business which conducts business in New York state, and which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New York state whose private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.   So, does your institution have a policy for data breach notification?		Your institution may already have one! If so, it should be updated to reflect the changes in the law.    If it doesn’t have one, now is a good time to get a policy in motion.   The law lists the steps and requirements for notification.  Among other things, those requirements  can depend on the size and nature of the breach.   NOTE: a data breach response is something a library should respond to with a qualified IT team and, if there are concerns about liability and compliance, a lawyer and your insurance carrier.
9.	Secondly:  Any person or business that owns or licenses computerized data which includes private information of a resident of New York shall develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information including, but not limited to, disposal of data.   Does your institution have a policy to implement these “reasonable security requirements?”		Your institution may already have one.    If so, it should be updated to reflect the changes in the law.    If it doesn’t have one, now is a good time to get a policy in motion!   NOTE:  ***I have put the SHIELD Act’s criteria for a data security program next to three asterisks in the text following this form.
10.	Thirdly, are you a small library and feeling panicked about your security requirements?   Don’t worry, if you’re a “small business,” the law has a provision related to your obligations.   Here is the SHIELD Act’s definition of a “small business”: "Small business" shall mean any person or business with (i) fewer than fifty employees; (ii) less than three million dollars in gross annual revenue in each of the last three fiscal years; or (iii) less than five million dollars in year-end total assets, calculated in accordance with generally accepted accounting principles.   So (deep breath) are you a “small business?”		If the answer is “yes,” then your “reasonable security requirements” are tempered: …if the small business's security program contains reasonable administrative, technical and physical safeguards that are appropriate for the size and complexity of the small business, the nature and scope of the small business's activities, and the sensitivity of the personal information the small business collects from or about consumers.   This analysis is why having an inventory of the private information maintained by your library (or for your library) is critical; depending on the “sensitivity” (or use) of what you maintain, your plan can adjusted for what is “appropriate.”
11.	Just to reiterate: if you have gotten this far into the assessment diagnosis, you should probably have a “data breach” plan—even if it is just for coordinating with the entity who holds most of your data.   So: do you have a “Data Security and Data Breach Notification Policy and Procedure?”		As can be seen in the factors cited in the sections above, policy and procedures related to data security and data breach notification cannot be a cookie-cutter based simply on what other libraries do.  Your policy and practices will be governed by many factors.
12.	Are you insured for data breach and recovery?		This is a great question to ask your insurance carrier!  You should also be familiar with their notice requirements in the event of a hack or breach.
13.	Who at your institution is responsible for coordinating your data security program?		This responsibility should be confirmed in a job description and reinforced with regular training.  Working with your system or other larger supporting entity may be important, too.
14.	Who are your outside contractors assisting with emergency response in the event of data breach?		This is a good standing contract to have, and one that systems and councils might consider jointly negotiating for on behalf of members (and hopefully it is a service you never need to invoke!).
15.	Did you ever think, when you chose a library career, you’d get to moonlight in IT?		IT and libraries: two great tastes that go great together….with enough planning.

 

And that’s the SHIELD Act.[6]

How does a small not-for-profit tackle this expansion of data security laws?  Like anything else: inventory your status under the law, establish a goal for compliance, develop a budget and a plan, make sure the responsibility is appropriately allocated, confirm insurance coverage alignment, use all the resources at your disposal (your system, council, insurance carrier, and board members who have lived through data breach compliance) and get it done. 

In practical terms, this is also means:

• If your library makes a practice of getting a copy of every member’s photo ID, and stores it on an Excel spreadsheet on an unsecured computer, now is a great time to stop doing that.
• If your library maintains a list of users, credit card numbers, CCV numbers and expiration dates on your network, now is a great time for a network security assessment.
• If your library uses an outside IT contractor, now is a great time to review their contract and make sure it provides assurance that services will be SHIELD Act-compliant.
• If you have no idea if your institution’s insurance covers data breach (and recovery), now is a great time to ask your agent, broker, or carrier.  They might even have some resources to help you with SHIELD Act compliance.

The penalties for violation of the SHIELD Act are $5,000 per violation, in an action brought by the New York Attorney General (the law doesn’t create a private right to sue).  Other changes to the law make it easier for the AG to learn of data breaches, and to coordinate with other law enforcement agencies trying to combat them.  As we envisioned at the beginning of this article, the states for a breach are high.

But don’t worry.  No matter where your diagnosis falls, remember: libraries have been operating under heightened privacy obligations since before there were computers.  That mindset—awareness of an ethical duty to protect privacy--is the most important part of a program to minimize the risk of breaches. 

You’ve got this.

Thanks for a great question.

 

***A data security program includes the following:

 (A) reasonable administrative safeguards such as the following, in which the person or business:

(1) designates one or more employees to coordinate the security program;

(2) identifies reasonably foreseeable internal and external risks;

(3) assesses the sufficiency of safeguards in place to control the identified risks;

(4) trains and manages employees in the security program practices and procedures;

(5) selects service providers capable of maintaining appropriate safe-guards, and requires those safeguards by contract; and

(6) adjusts the security program in light of business changes or new circumstances; and

 

(B) reasonable technical safeguards such as the following, in which the person or business:

(1) assesses risks in network and software design;

(2) assesses risks in information processing, transmission and storage;

(3) detects, prevents and responds to attacks or system failures; and

(4) regularly tests and monitors the effectiveness of key controls, systems and procedures; and

 

(C) reasonable physical safeguards such as the following, in which the person or business:

(1) assesses risks of information storage and disposal;

(2) detects, prevents and responds to intrusions;

(3) protects against unauthorized access to or use of private information during or after the collection, transportation and destruction or disposal of the information; and

(4) disposes of private information within a reasonable amount of time after it is no longer needed for business purposes by erasing electronic media so that the information cannot be read or reconstructed.

 

This answer comes with many disclaimers, because the legal parameters of room access and rental at chartered libraries in New York is variable territory.  In other words: the answer can depend on the library’s “type” (set by its charter), its fundamental rules (found in the bylaws), its IRS status (the “501 (c)(3) mentioned by the member”), its day-to-day rules (controlled by policies), its lease (not all libraries own the space they occupy), and any deed restrictions (although deed restrictions on the basis of speech would bring concerns).

That’s right: education law, not-for-profit corporation law, tax law, real property law…this question has it all!

That being said, the member’s question centers on federal tax law; specifically, the library’s 501(c)(3) status, which not only makes the library tax-exempt, but allows it to receive tax-deductible donations.  This status is an important fund-raising asset, and its many conditions (including not engaging in politics) cannot be taken lightly.

Here is what IRS Publication 557, the go-to for creating a tax-exempt entity, has to say about political activity:

If any of the activities (whether or not substantial) of your [501(c)(3)] organization consist of participating in, or intervening in, any political campaign on behalf of (or in opposition to) any candidate for public office, your organization won't qualify for tax-exempt status under section 501(c)(3). Such participation or intervention includes the publishing or distributing of statements. Whether your organization is participating or intervening, directly or indirectly, in any political campaign on behalf of (or in opposition to) any candidate for public office depends upon all of the facts and circumstances of each case. Certain voter education activities or public forums conducted in a nonpartisan manner may not be prohibited political activity under section 501(c) (3), while other so-called voter education activities may be prohibited. [emphasis added]

Like many guides from taxing agencies, this one is superficially helpful (I put that part in bold), but upon examination, employs a disclaim that gives very little concrete guidance (I underlined that part).  So, what’s a library with a spare room to do? 

As alluded to in both the member’s question and my opening paragraph, this question doesn’t turn solely on the IRS.  Any 501(c)(3) library that rents or allows free use of space should have a robust “Facility Use Policy”[1] that considers not only IRS regulations, but safety, equal access, and operational priorities (requiring users to clean up after their meeting, to not be noisy, to respect the space).  For a library in a municipally-owned building, care must be taken to ensure use fees are applied in a way that does not violation the NYS Constitution.  And for a library that rents, the Facility Use Policy must harmonize with the lease.

But the member’s question is about 501(c)(3).  So, having established that this consideration is but one of many when giving access to or renting space, here are the three things to consider when a 501(c)(3) rents or gives access to space:

1)  Rental income needs to be a very small percentage of the library’s revenue. 

Section 501(c)(3) requires that income from renting space can’t outweigh donations and other sources of income related to the library’s tax-exempt purpose.  This is something to discuss with the library’s accountant; while rental income isn’t barred, it can bring funding ration and tax consequences that warrant the attention of a professional.

2) The use of the space can’t “inure” to the benefit of any one company or individual.

Section 501(c)(3) also requires that a qualifying organization’s resources can’t directly benefit any one person or entity more than the general public.  For example, free use of the spare room by a person conducting a stained-glass workshop with an admission fee (even a nominal one), can be considered an “inurement.” [2]

3)  As raised by the member’s trustee, the use of the space cannot violate the bar on lobbying (influencing legislation) and political activity (supporting a particular candidate for office).

And as reviewed, Section 501(c)(3) bars political activity (as further defined in the excerpt from 557, above).

“Ask the Lawyer,” has had some fairly large answers, but I don’t have space to address every occurrence that could run afoul of the bar on “political activity.” But what about renting space, on the same terms as to any other entity, to an event like the one described by the member?

Here is what the IRS has to say:[3]

Can a section 501(c)(3) organization conduct business activities with a candidate for public office?

A business activity such as selling or renting of mailing lists, the leasing of office space or the acceptance of paid political advertising may constitute prohibited political campaign activity. Some factors to consider in determining whether an organization is engaged in prohibited political activity campaign include:

a. Whether the good, service or facility is available to candidates in the same election on an equal basis,

b. Whether the good, service or facility is available only to candidates and not to the general public,

c. Whether the fees charged to candidates are at the organization’s customary and usual rates, and

 d. Whether the activity is an ongoing activity of the organization or whether it is conducted only for a particular candidate.

When developing a Facility Use Policy, if a library is a 501(c)(3) charitable organization, and wishes to be able to rent space to (among others) political organizations for event, the above-listed factors should be built right into the policy.

Here is some sample language (some of it will sound familiar):

As a 501(c)(3) organization, the NAME library does not participate or intervene, directly or indirectly, in any political campaign on behalf of (or in opposition to) any candidate for public office depends upon all of the facts and circumstances of each case. Therefore, the use of space in our facility by political organizations or for partisan political events is only available on the same rental terms as for the general public, and is subject to a rental fee that is charged equally to any political group or other individual or group.   NOTE: Certain voter education activities or public forums conducted in a nonpartisan manner may qualify for a fee waiver, just as do other free and open events conducted by a charitable entity for the benefit of the public.

So, what about the member’s scenario?   In the absence of a spot-on facility use policy, I suggest the following process:

1. Using the appropriate tax guidance, the library needs to decide if this particular “Meet the Candidates” event complies with 501(c)(3); in particular, is to be a “public forum conducted in a nonpartisan manner?”  Or is it skewed to benefit one candidate over the other? 

2. Is the sponsoring organization a charitable entity, or is there any risk that the terms for using the room would be an “inurement?”  Will donations be solicited?  Is money charged to enter?

3. If the answer to either shows a risk of violating 501(c)(3), then the library needs to consider if it wants to follow the formula to “do business” with a candidate for public office.  This would mean charging for the use as you would any other use.

If the library’s past practices make following those three steps too blurry, it is best to take a pass on this precise event, and take the time to develop an up-to-date and thorough Facility Use Policy that considers the types of uses the library will allow, and how and when it will charge for them. There are many good models out there to draw inspiration from, but before the board passes such a policy, it would be good to have it reviewed by a lawyer (who has ready the charter, bylaws, other policies, lease, deed, and any other relevant documents).

The member’s library is fortunate to have leadership that is thinking about both the first amendment and safeguarding the organization’s tax status.  Good work.  No matter what the final decision, awareness and commitment to these values serves your community.

 

On the surface, this is a simple issue: if people are using their cell phone for personal use on the job, a simple policy to stop the use should solve the problem, right?

Not these days.

As technology continues to transform the workplace (and the world), “cell phones away, please,” is not as easy as it once was.  People use their cell phones to monitor health, track their steps, and get emergency calls from kids at school.  Some may even use their cell phones to save their lives, serve as a witness to illegal activity, and exercise their right to free speech. 

Many of these functions depend on the proximity of the person to the phone (or the watch that connects them to it), and because of this, cell phones are becoming extensions of the people who own them.  So a policy to keep them stowed and away, or secured in a locker, can be met with resistance. 

Here are a few examples of how this “resistance” can play out on the job:

• An employee who is the parent of a child with Type 1 Diabetes may want their cell phone on them to keep an eye on their child’s glucose level[1] while the child is at school;
• An employee who being stalked by an ex may want the phone to record evidence to seek a protective order;
• An employee trying to lose weight per a doctor’s orders may be using a supportive app and a Fitbit;
• An employee may want to use their personal camera phone (“it’s better”) to take pictures for the library’s Instagram;
• An employee may need to text their partner to confirm who is picking up the kids, making dinner, and mowing the lawn before it turns onto a meadow;
• An employee may really love to play Candy Crush Saga® when things are slow at the reference desk.

As can be seen, many of the reasons to keep a cell phone on one’s person are compelling; other uses may not be.  And many of reasons/uses overlap with other library policies.

The goal, of course, is not to bar an employee from important connections and a tool for their well-being, but to make sure the use of personal electronics does not distract from the library’s professional environment and employee productivity (even on a slow day).  To achieve that, there are two broad solutions: 1) rely on a collection of policies to address the variety of purposes for personal cell phones while at work; or 2) create a catch-all policy. 

In a work environment where consistency for staff members is critical for professionalism and productivity, I prefer a combination of both.  What does that combination look like? 

It starts with policies for:

• ADA accommodations
• FMLA
• Domestic violence victims’ accommodations
• Workplace violence prevention
• Communications/media
• Use of technology
• Confidentiality of library records and patron privacy
• Employee conduct

…which should all allow for appropriate use of personal cell phones and electronic devices.  This doesn’t mean the policy has to mention cell phones specifically—just have enough flexibility to address them.

At the same time, assuming the above-listed policies harmonize with it, creating a specific “Policy on Use of Personal Cell Phones and Electronics,” as proposed by the member, can help employees and management navigate these issues in a rapidly changing world.

Here is an example of such a policy[2]:

[INSERT LIBRARY NAME] Policy on Personal Use of Cell Phones and Electronics

The mission of the [INSERT LIBRARY NAME] depends on employees maintaining a professional, productive environment. 

To maintain that environment, use of personal cell phones and electronics should only divert employees from work duties in the case of an emergency. 

To achieve this, cell phones and personal electronics should be stored in a carrier, purse, or pocket where the screen is not visible during work time, and watches synched with other electronics should not divert employees from work except during designated breaks in designated break areas. 

Sudden personal emergency needs that require use of a cell phone or other personal electronics should follow the established procedures for use of break time and personal time.

Use of cell phones and personal electronics for ADA accommodations, FMLA arrangements, personal emergency, and personal safety needs are exempted from this policy, and should be arranged on a case by case basis with a supervisor per the relevant policy. 

As with most HR policies, this one sounds simple, but can be complex to administer.  The need to be flexible and allow some cell phone use (especially ADA use, the basis of which may be confidential), can cause seeming inconsistency in enforcement.  To address this, employees must be sensitized to the fact that some people may depend on a personal devise for an authorized (and confidential) use, while at the same time be given the clear message that keeping in touch with social media and personal contacts during work time is not allowed.

As technology puts pressure on the norms of society, it is important to draw (and re-draw) reliable and clear boundaries…especially in the workplace.  So should a workplace have a policy on personal cell phones?  Done right, and with due consideration of the law, it can help.

Thanks for a timely question.

This question reminds me of a story told by writer/actress Sarah Vowell in her book, Assassination Vacation. 

When researching in Buffalo for the McKinley chapters, Vowell met a resident with scars caused by a childhood bike crash into a marker related to the McKinley assassination. 

I remember reading this passage and thinking (like any lawyer would): Hmm, who would be liable for that?  And of course, the answer to that liability lies partly in the question: Hmm, who owns this thing in the first place?

Unfortunately, finding the answer is not as easy as crashing your bike into a marker.

The solution starts out simply enough:  property that is “fixed” to land becomes a “fixture,” and title to it runs with the land.[1]  This is why when you buy a new house, the shed, patio, and built-in grill pit (but not the moveable grill) come with it.  And unless something provides otherwise, a historic marker on the property would belong to you, too.

The problem is, there are a lot of “somethings,” that could provide “otherwise.” 

In New York, most historic markers, if controlled by law at all, are controlled by local law (the New York State Museum maintains an excellent summary as to why on their “Historical Markers” page).  And under state law, cities, towns and villages may pass their own rules for designating, funding, and installing markers at historic sites.[2]

Meanwhile, many private organizations exist to support the site-specific preservation of history.  As the member points out, one of the major supporters of this effort is the William G. Pomeroy Foundation (“WGP”), which operated in collaboration with the New York Museum to promote projects to install signs at historic sites.  

As part of that work, WGP does not condition funding on ownership of the marker (quite the contrary)[3].  That is a typical approach.  However, other private funders could insist on some ownership and/or rules for maintenance—conditions that would be controlled by a contract, donor letter, or bequest. 

So, while a good default answer to “Who owns a marker?” is “Generally the landowner,” the only safe answer, before some research, is “It depends.” 

How can a museum, library, or other stakeholder in a local historic marker now what “it depends” on?  There is no one-size-fits-all answer, but here is a process that should help:

Step 1:  Confirm the ownership of the land the marker was installed on (who of course might not be the property’s occupant).

Step 2:  Confirm if any easement or other real property condition controls the area of the land with the marker.

Step 3:  Assess what federal state and local law(s), resolution, or permits (if any), controlled the installation. 

Step 4:  Assess what contractual obligations (grant document, donation solicitation documents, installation permission document, maintenance agreement,[4]  designer/creator document, etc), may relate to the marker.  

Step 5 (optional, but highly recommended):  Take an informal—but thorough—poll regarding who is emotionally connected to the marker, and develop a plan to consider their investment in what comes next.

I know that not all of these steps are easy to do, and that for a third party who was not involved in the installation, Step 4 might be impossible.  But it remains true: to assess the status of an historical marker, you need to know its history.   

As for Step 5…that is more of a “best practice” than a legal consideration.  Over the years, I’ve observed that before undertaking any action that could impact a monument’s physical condition, it is best to know who will write an angry letter if you disturb the patina (or worse, remove it—even if only for a temporary cleaning).  This includes not only owners, but those who feel a connection to and love for the memorial.  When in doubt, it is good to exercise diplomacy!  And who knows, they might chip in on the maintenance fund.

History, property law, and signage are all serious business. 

Thanks for a great question.

CODA

For those considering embarking on a “historic marker” journey, here is form to help make the archivists, librarians, museum directors, history buffs, and lawyers of the future grateful to you. Every project should have a one of these cataloged, and nowadays, perhaps out there in cyberspace.

The [INSERT NAME] Historical Marker Legal Abstract and Dossier

Sponsored by [INSERT NAME OF ORGANIZATION]

This form is for use when planning and generating a final file for the development, installation, and maintenance of an historic marker.  This project might not require all the items below to be completed.  When an item does not apply, enter “N/A” for “not applicable.”

 

Marker name:

Marker text:

[Attach picture of Marker]

Address of property Marker is located on:

Owner of property at time of installation:

Survey of property with Marker location noted: [attach after noting location on copy]

Attached signed copy of agreement with property owner:

          [if easement or other property right granted, attach]

Installation start date:

Installation completion date:

Insert Description of Maintenance Plan or attach copy of plan:

Is there any money held in trust or budgeted for future maintenance?  If so, please describe:

Federal law passed under:

          [Attach copy of law and, if relevant, resolution or permit]

State law passed under:

          [Attach copy of law and, if relevant, resolution or permit]

Local law passed under:

[Attach copy of law and, if relevant, resolution or permit]

Insert name and address of Funder 1 and attach copy of funding letter, grant contract, or bequest document:

Insert name and address of Funder 2 and attach copy of funding letter, grant contract, or bequest document:

Insert name and address of Funder 3 and attach copy of funding letter, grant contract, or bequest document:

Attach copy of any fundraising solicitation:

The Marker’s designer was:

[Attached contract with designer]

If there is a graphic, who owned the copyright?

The Marker’s fabricator was:

[Attached contract with designer]

Did the Organization’s board pass a resolution regarding the Marker?  If so, attach a copy.

Did the Organization enter into a collaboration agreement to organize and effect the Marker?  This would include a co-sponsorship agreement, an agreement to coordinate different aspects of the project, or an effort to coordinate property ownership, permissions, or endorsements of the project. 

If such an agreement was entered into, please attach.

Name of person filling out form:

Complete file with all attachments is located at____________________________.

 

 

VHS-to-digital conversion can open up options for accessibility under the ADA. 

Many people have treasured family memories they need to convert a more accessible format.

A converter can also help with the creation of critical and new works.

This converter will be a really valuable service for your patrons.  But your staff member is right to be cautious.

“Ask the Lawyer” has previously addressed the issue of libraries and patrons making copies under various circumstances (search the “Ask the Lawyer” archives).  In those previous answers, among other things, we reviewed the special rights libraries have to make and convert copies under Section 108 of the Copyright Act, which applies specifically to libraries and archives. 

Those previous answers cover some of the fundamental elements of this question.  They also each include a careful emphasis that patron duplication of audio-visual works (like movies) are mostly excluded[1] from the protections of Section 108, even when the copy is being converted from a medium that is obsolete. 

What does all this mean?  The staffer is absolutely right—commercial movies might be a resource patrons are eager to convert using the library’s equipment. . . And that could create an infringement a concern

Fortunately, Section 108[2] has a remedy for this problem.  So long as the converting machine displays a notice that “The making of a copy may be subject to copyright law,” the library will meet the requirements of 108 to avoid the imposition of liability for unsupervised patron use of the equipment.

The “unsupervised” requirement is critical, here.  If a patron’s use of the equipment is supervised by an employee, or the patron’s behavior makes it obvious that systematic infringement is going on, 108 might not apply[3].

So, a few things to help you be cautious:

1.When setting up the new equipment, select a place where patron privacy can be honored and employees can’t “supervise” the use of the equipment.

2) Posting “The making of a copy may be subject to copyright law” is a requirement to limit the library’s liability for a patron’s “unsupervised” use.

3)  Keep in mind that any obvious copyright violations (like someone stacking an entire collection of BBC miniseries next to the converter and generating multiple DVDs[4] of each one) should be promptly addressed through your patron code of conduct.

Which brings us to the final part of the member’s question: what language, both posted and in a code of conduct, can position a library to observe that last bullet?  Patron codes of conduct generally have copyright infringement sections, but if your library does not, a good start is:

The [NAME] library is committed to maximum content access through the Americans with Disabilities Act, Section 108 of the Copyright Act, Section 110 of the Copyright Act, and Section 107 of the Copyright Act (Fair Use).  However, use of library resources to generate or access copies beyond those rights cannot be supported by our library.  Although patron use of such resources is unsupervised, reproduction equipment such as photocopiers, scanners, 3-D printers, and VHS converters are all marked “The making of a copy may be subject to copyright law.” 

Any observable use of library equipment to access or make multiple copies in violation of copyright, trademark, or patent law is prohibited under this policy and will be addressed as a violation of this Patron Code of Conduct.

Thank you for this insightful question. I hope many weddings, graduation ceremonies, and birthday parties recorded in the 1990s find a new digital life in your library!

Library employees should not feel compelled to mediate the production of materials that target any protected category (including race), and in fact, feeling compelled to do so would risk potential illegal harassment of the employee.

There is of course a very fine first amendment and ethics line here.  A library cannot have a policy restricting access to library resources solely on the basis of viewpoint. However, if any employee considers the materials to be genuinely discriminatory (to themselves or others), they can report the behavior, and the library must take corrective action, including asking the person to desist the behavior.  This is because being compelled to view, help create, and handle such materials can create a "hostile environment" for the employee or patrons—or both.

To help create a balance between a patron’s right to confidential library services, access to resources, and the rights of employees and patrons to be free from a discriminatory environment, it is worth considering adopting a corollary to a library’s anti-discrimination policy, such as:

To ensure adherence to state and federal anti-discrimination laws, library resources (including staff assistance, production resources, and public areas) may not be used in a way that discriminates on the basis of age, race, disability, predisposing genetic condition, gender, sexual orientation, religion, national origin, race, veteran status, or domestic violence victim status. 

Examples of violations of this policy include, but are not limited to:

• Viewing discriminatory material in locations or on screens easily viewed by others
• Requesting staff help to print discriminatory material
• Using a library room to host a meeting that limits attendance based on a protected category
• Violation of a domestic violence victim's protective order

This policy works with the "Library Bill of Rights" and shall never be interpreted to deny or impede access to library collection materials or materials via inter-library loan.

Violation of this policy shall be considered harassment and concerns about the application of this policy shall be addressed through the library's discrimination policy and the library's [Code of conduct.]

Attention to matters like the question posed by this member is critical in 2019 (and beyond) because this year the NY Legislature greatly expanded the scope and control of the NY Human Rights Law (“HRL”).

The HRL is the state of New York’s mirror image—and significant extension—of several federal civil rights laws.  HRL has always barred discrimination on a number of enumerated categories,[1] but this year, the Legislature broadened it again.  So developing materials and training staff to balance library services with civil rights has only grown more mission-critical.

Thank you for this important question.

It's a musical double act at “Ask the Lawyer” today!

Libraries are hitting their stride as community centers and curators of cultural experience, so it is no surprise that live musical performances are being offered as part of their programming and outreach.

These two members’ questions arrived within one week of each other. 

The first question is like a good pop song: a straightforward premise, with an array of practical (but catchy) sub-questions. 

The second is more like the best jazz performance: concerned with the “notes that aren’t there,” and basically asking: “what could go wrong?”[1]

To address both submissions, Ask the Lawyer presents: “Ask the Lawyer Library Live Musical Performance Matrix,” and some additional guidance, below.

Copyright And Performance Factors	All songs composed by performers	Some songs composed by others (some “covers”)	All covers	Karaoke
Admission charged for profit	Chartered libraries in NY, and their supporters, should not be charging for access to events for a profit.	Chartered libraries in NY, and their supporters, should not be charging for access to events for a profit.	Chartered libraries in NY, and their supporters, should not be charging for access to events for a profit.	Chartered libraries in NY, and their supporters, should not be charging for access to events for a profit.
Performers are paid   (whether or not admission is free)	The contract between the performer and the library, Friends or other benefactor group should specify that all songs are owned by the performers, and ideally gives maximum rights to record the performance and use the footage to raise funds for the library.	The contract between the performer and the library, Friends or other benefactor group should specify that if the performance of songs owned by a third party is recorded, proper licensing was obtained by the performer or venue, and the performer indemnifies the library for any claim of infringement.	The contract between the performer and the library, Friends or other benefactor group should specify that if the performance of songs owned by a third party is recorded, proper licensing was obtained by the performer or venue, and the performer indemnifies the library for any claim of infringement.	The contract between the karaoke machine provider and the library, Friends or other benefactor group should specify any restrictions based on the license held by the provider.
No compensation to performers   AND   Admission is free	This group wrote their owns songs, and they are willing to perform for free?  They must love the library!  Just make sure your library also has a contract confirming 100% ownership of songs and addressing other priorities (see “contract” comments below chart).	Okay if performance of covers is not “transmitted”[2].   Just make sure your library also has a contract  addressing other priorities (see “contract” comments below chart).	Okay if performance of covers not “transmitted” to the public.   Just make sure your library also has a contract addressing other priorities (see comments below chart).	The contract between the karaoke machine provider and the library, Friends or other benefactor group should specify any restrictions based on the license help by the provider.
No compensation to performers;   admission proceeds are used to benefit library	They wrote their owns songs and all the proceeds are going to the library?    Super-cool performers.	Okay, so long as the performance of the covers is not transmitted to the public, AND no objection is received from copyright owner (unless they got and can show proof of a license).	Okay, so long as entire performance is not transmitted to the public, AND no objection is received from copyright owner (unless they got and can show proof of a license).	The contract between the karaoke machine provider and the library, Friends or other benefactor group should specify any restrictions based on the license help by the provider.
Wait!  Did we mention it’s an entire musical!?!	Your library knows a group that wrote their own musical?  That’s awesome.  Proceed…just make sure the contract has their guarantee that the work is original, spells out how the library can use the footage for fund-raising, and addresses the contract priorities listed below.	No performance without a license to the entire musical.	No performance without a license to the entire musical.	A karaoke musical?  So cool.  But definitely the contract with the karaoke machine provider needs to show an adequate license, even if it is not transmitted or recorded.
What if the news shows up?	Excellent. More exposure for a band with talent and originality, and for your library.	Excellent…more exposure for the group and the library.  Even if the crew snags some brief footage of a cover song, a reporter’s recording for purposes of a genuine news story is not a “transmission” of the type forbidden by 110(4).  But make sure your 110(4) criteria are well-documented.	Excellent…more exposure for the group, and the library.  Even if the crew snags some brief footage of a cover song, a reporter’s recording for purposes of a genuine news story is not a “transmission” of the type forbidden by 110(4).  But make sure your 110(4) criteria are well-documented.	My worst nightmare would be the news covering me doing karaoke.  But again, if the right licensing is in order, a reporter’s recording for purposes of a genuine news story is not a “transmission” of the type forbidden by 110(4).

There are a few things I am sure you’ll notice in this chart:

First, I keep mentioning having a “contract.”  No performance should be given in a library (or at a venue with sponsorship by the library) without a contract that confirms the date, performance fee (even if free), intellectual property considerations, public relations/promotion/image release, contingencies for cancellation, and clauses that address liability for any injuries or legal claims based on the performance. 

This need for a performance contract applies to any library arranging for a speaker, musical act, magician, artists or other third party (non-employee) to bring programming to your library.  For acts that bring risk (of alleged infringement, personal injury, etc.), the contract should require the contracting party to provide a certificate of insurance, and to indemnify the library for any damage caused by the performer.  

The contract does not have to be extensive, but it should cover the fundamentals listed above.  It can require that the performer obtain all necessary permissions, or can provide that performance licensing be covered by the venue (with a license from ASCAP or BMI).  A good general practice lawyer who handles performance and liability issues should be able to develop a template for your library (although even a good template will need to be adjusted from time-to-time).

Second, you’ll see an array of factors in the chart above, like “performer not paid,” or “it’s a musical!?!”  These factors are drawn from 17. U.S.C. 110 (4) (a part of the copyright law), which allows certain charitable uses of non-dramatic literary or musical works without a license.

Here is the complete text of 110(4):

[The following is not an infringement of copyright]

(4) performance of a nondramatic literary or musical work otherwise than in a transmission to the public, without any purpose of direct or indirect commercial advantage and without payment of any fee or other compensation for the performance to any of its performers, promoters, or organizers, if—

(A) there is no direct or indirect admission charge; or

(B)the proceeds, after deducting the reasonable costs of producing the performance, are used exclusively for educational, religious, or charitable purposes and not for private financial gain, except where the copyright owner has served notice of objection to the performance under the following conditions:

(i) the notice shall be in writing and signed by the copyright owner or such owner’s duly authorized agent; and

(ii)the notice shall be served on the person responsible for the performance at least seven days before the date of the performance, and shall state the reasons for the objection; and

(iii)the notice shall comply, in form, content, and manner of service, with requirements that the Register of Copyrights shall prescribe by regulation;

This section of the Copyright Act was crafted with just the members’ type of event in mind.  As usual with Copyright law (which giveth and taketh away, when it comes to fair use and other infringement exceptions) careful reading and careful attention to details is important before relying on an exception.  But if you document meeting all the factors, 110(4) is a great boon to libraries (and other charitable organizations and efforts).[3]

So as you see, with some careful attention to details, a show can go on.  Or as these slightly modified lyrics (fair use!) from the great Shannon (circa 1983![4]) summarize:

Let the music play.

But what’s the venue say?

If there’s a license you

Can play other people’s tunes.

 

Let the covers play

If your library doesn’t pay,

and don’t transmit your groove

Then the tunes are free to use.[5]

 

It is well established that a not-for-profit organization can benefit from volunteer labor.  This is true even when the labor brings the organization tangible benefits, like the money from a bake sale, or as in this case, a research fee. 

But when using volunteer services and charging a fee, a library (or any chartered not-for-profit) in New York must engage in a systematic analysis to ensure the arrangement is in step with numerous laws and regulations.  How can a library, museum, or archives do this? 

Follow the three-step process below.

STEP ONE

First, identify the services the institution would like to provide through volunteer labor. 

This is rather like writing a job description or hire letter.  An example based on the member’s scenario could look like this:

Research Volunteer

Under the general oversight of [paid position] in [department], the Research Volunteer performs specific research tasks related to personal requests by [institution] members and other users. These tasks are not to routine operations of [department], but benefit the public and [institution] by serving members and others in a way directly related to [institution]’s mission to [insert mission], as well as raising revenue in support of that mission. 

Your hours and participation as a Research Volunteer are voluntary, but we do ask that you work with [person] to coordinate your time; this will enable us to support your work, and keep things organized.  This work is a valuable service [institution] can only provide through the services of volunteers, and we thank you for your dedication and hard work!

The essential elements of this first step are:

• clarifying who is supervising/helping the volunteer;
• clarifying the tasks of the volunteer;
• specifying that the tasks are not routine duties of paid staff;
• confirming that the work is voluntary; and
• documenting that the work is directly related to the institution’s mission.

You’ll see why these are important in the Steps Two and Three!

STEP TWO

Next, check your organization’s founding laws, charter, founding documents[1], bylaws and plan of service (I call these “core rules”) for any terms that apply to the service you defined in Step One. 

Look at the laws and documents.  Is there something preventing the institution from charging a fee for this specific service?  Is there any cap on that fee?

This exercise will vary greatly from institution to institution, since many variables can impact what’s in the “core rules.”  Here are just a few examples:

A public library could never charge a member to borrow a book or to use the internet, because Education Law Section 262 requires that public libraries be free (to cardholders).

For a private library, its charter could contain an express rule that certain services must remain free—a restriction that might not be found in the law, but could be just as enforceable.  A similar condition could be in its bylaws, or a donation document.

And if an institution is a 501(c)(3), care must be taken to make sure the revenue generated by the service is “substantially related” to the institution’s not-for-profit mission, or the institution could risk having to pay “unrelated business income tax.”  The service should also be reviewed to ensure it is not an “excess benefit transaction” or a non-disregarded membership benefit.[2]  A mis-step on any one of these could have serious tax consequences.

When doing the “Step Two” analysis, it is ideal to confirm your conclusions with a lawyer.

STEP THREE

Once an institution uses Step Two to confirm it can charge for a service, it is time to return to your description from Step One and make it official, by putting the scope of work and details in a “Volunteer Letter.” 

Why so formal?  Because in recent years, the State of New York has cracked down on enforcement of quasi-volunteer, or just plain muddy, instances of volunteer labor at not-for-profit institutions.  This has even included examining perks and partial payments to volunteers!

Why is that?  While not-for-profit volunteering is unequivocally allowed, like anything, the system can be abused.  To avoid that, and to create clarity in these critical relationships, the New York Department of Labor has issued some pretty strict guidelines, such as:

Unpaid volunteers at not-for-profits may not:

• replace or augment paid staff to do the work of paid staff
• do anything but tasks traditionally reserved for volunteers
• be required to work certain hours
• be required to perform duties involuntarily
• be under any contract of hire by any other person or business express or implied
• be paid for their services, except for expense reimbursement

Sound familiar? This is where the work you did in Step One pays off!  By identifying the work as part of a “Volunteer Program,” clarifying that the service is offered through the hard work of volunteers (and never paid staff), and that there is no compensation to the volunteer, your documentation will be ready to show compliance in the event the Department of Labor audits your institution (which, from time to time, they do).

Final thoughts

Volunteers can be critical contributors to an organization.  If allowed by your organization’s core rules, a not-for-profit can absolutely benefit from the fruits of their labor.  By following the steps outlined above, and setting the relationship up carefully, a not-for-profit (and its volunteers) can reap great rewards.

The essential element of this is clear documentation.  A letter to every volunteer, stating their role, the rules of the position,[3] that it is not replacing or supplementing paid staff, and thanking them for their service, will position an organization to easily demonstrate compliance. 

A quick annual check with the institution’s insurance carrier, to make sure volunteers and their activities are covered by the institution’s insurance, is wise, too.

Thanks for a great question!

 

 

Draft and final Environmental Impact Studies (or “EIS”) must be accessible during the “public comment” period of a construction or remediation project.  After that, a library can discard them.

For readers who aren’t familiar with these documents: EIS are mandated reports that show the complete scope of possible “significant negative environmental impacts” certain types of projects can have.  They are produced by a project’s “Lead Agency” (generally a major figure in the project), who must ensure that copies of both draft and final EIS are made available to the public for a period of “public comment.” 

To comply with these disclosure requirements, the Lead Agency must both post the EIS on the internet, and provide a hard copy upon request.  As an alternative to providing on-demand hard copies, environmental regulations also allow the Lead Agency to place copies of an EIS “in a public library…,” where they must be available for viewing and copying during the public comment period (which is a minimum of 30 days, but can go much, much longer[1]). 

This “public comment” period is critical.  When done right, it enables clarity and transparency even when a project’s approvals span multiple agencies (like zoning boards, preservation boards, and a legislative body).  This allows the average citizen to provide timely comments about on things like environmental hazards, land use, historic preservation, and design.  So the role of the library in ensuring public access is valuable.

As the member’s question appreciates, EIS can have value even after the “public comment” period is closed.  Long after a project is complete, an EIS can reveal site conditions relevant to health and safety.  For professionals like urban planners, environmentalists, architects, and attorneys, the information in an EIS can be very useful.  And from the local history perspective, an EIS can show, decades later, what a village, town, or city perceived as a danger, asset, or cultural resource.  Coupled with building permits and variances, that information can show who was allowed to build what in a particular village, town, or city.  For this reason, I predict EIS will be important resources to the historians of the future. 

To assess if a printed EIS should be retained by the library, libraries can use their normal accession evaluation process.  One thing to consider in such an evaluation: the NY Department of Environmental Conservation retains copies of all EIS (in a manner that accords with the DEC’s own record-keeping policies).  Personally, I do think there is value in retaining the local hard copy, but as the member states, these things can take up a lot of room!

One thing that can make the entire process around EIS easier for a library is having an “EIS Acceptance Form” that is signed by the “Lead Agency” when they drop off the copies for required disclosure. Remember, use of the library is a courtesy that allows the Lead Agency to escape making numerous on-demand copies, so they should be very gracious about signing such an agreement!

I have supplied the essential elements of such a form below, and added a few non-required but library mission-centric terms to them.[2]   

The most helpful feature of this template form is the requirement that the “Lead Agency” notify the library that the public comment period is over; this way, a library can receive express confirmation of when the time to officially make the EIS available has ended, and the decision to dispose of or accession it can be made.

Thank you for this thoughtful question.

TEMPLATE EIS AVAILABILITY REQUEST FORM

The State Environmental Quality Review Act (“SEQRA”) requires that draft and final Environment Impact Studies (EISs) be posted on publicly accessible web sites by the “Lead Agency” for the project, and to provide hard copies on demand.

Regulations allow a lead agency to place copies of the EIS in a public library instead of making a large number of individual copies.  By filling out this form, you, as “Lead Agency,” are requesting that the [NAME] Library place ____ printed copies of an EIS for availability to the general public, and expressly authorize the creation of as many copies as needed by the public, to fulfill your disclosure obligations under SEQRA. 

Further Terms Agreed to By Lead Agency

As a condition of assisting with access during the public comment period, the ___  [insert number] physical copies provided by Lead Agency shall become the physical property of the Library, who shall have an irrevocable license to duplicate the EIS, in any medium now in existence or further developed. After being notified by the Lead Agency of the close of the comment period, the library may retain the physical copies, or dispose of them, at its sole discretion.

Lead Agency also hereby commits to remunerate the library for any request for a copy to be modified per ADA accessibility needs, including but not limited to conversion to braille, large print, or for use with an electronic reader.  Such copies shall remain the property of the Library.

Lead Agency will notify the library via an e-mail to [ADDRESS] when the EIS is no longer required to be available for public comment and duplication.

The Lead Agency employee or agent signing this EIS AVAILABILITY REQUEST FORM is an authorized signatory of the Lead Agency.

LEAD AGENCY:___________________________________

CONTACT AT LEAD AGENCY: ___________________________________

TITLE OF CONTACT: ___________________________________

PHONE NUMBER: ___________________________________

EMAIL: ___________________________________

PROJECT NAME: ___________________________________

PROJECT ADDRESS(ES): ___________________________________

PUBLIC COMMENT PERIOD START DATE: ___________________________________

PUBLIC COMMENT PERIOD END DATE (if able to be determined): ___________________________________

 

SIGNED ON THIS __________ DAY OF ____________, 20_____.

SIGNATURE:__________________________

PRINT NAME:__________________________

TITLE:____________________________________

 

[NOTE: Any template form should be reviewed by a library’s attorney for conformity with charter, bylaws, and current policy]