Library Card Policy

When advising on a policy or set of terms for a library or library system to adopt for children’s library cards, I ask for the following information:

• What are the key objectives of offering a child their own card at your library or library system?
• Does your library need to enforce fines and/or replacement fees?
• Is there anything accessible via an “adult” card that your library would not offer access to via a “youth” card?
• How does your library like to work with parents and guardians?
• Does the card enable more than borrowing materials from the library? (Is it used for computer access, printing, maker space, etc.?)

I ask these questions because in New York State, children can’t enter enforceable contracts, which makes it hard to collect fines and fees. In addition, a lot of the tomfoolery that can lead to a kid losing library privileges can be more easily addressed if the library is in a position to contact that kid’s parent or guardian, but since library records are confidential, the only way to share the information is with informed consent.

“Informed consent” means that when a person signs up for a card, they are informed of the terms (like their parent being a co-signer who is responsible for their replacement fees), and they expressly consent to them.[1]

With that all out there, let’s tackle the member’s questions, starting with the practice of requiring parents/guardians to sign their child’s agreement for a library card.

QUESTION: Is the signature to allow for “parent permission” to access the library?

ANSWER: No, unless the library’s policy[2] sets things up this way. There is no default federal or state law that expressly denies minors access to a NYSED-registered public library.

QUESTION: Are public libraries legally obligated to obtain parent permission before a child of a certain age accesses library materials or services?

ANSWER: There is no default federal or state law that expressly denies public library access to minors.

CAVEAT: Local laws are often oddly specific (and outdated, and unconstitutional) on things like this, so it is possible a local law could require parental consent to get a library card. Whether such a local law would stand up to a legal test is another matter.[3]

QUESTION: I’m assuming that the library would not be liable if, for example, staff allowed an 11-year-old without a library card to read any book they liked within the walls of the library?

ANSWER: “Liability” is a broad word; it covers both criminal and civil (including financial) liability. But if a library is providing an eleven-year-old with access to library materials that were acquired, cataloged, and accessed per library policy, your assumption is correct: there should be no liability.

QUESTION: Does this apply to a child of any age? (I realize unaccompanied minors will eventually come into play).

ANSWER: Yes, regardless of age, there should be no liability for providing access as allowed by the Education Law and library policy.

That said, the younger the child, the more the law will expect that library policy is being used to not create an active hazard. But as the question alludes to, there is a difference between toddlers running amok in the Rare Books room creating physical havoc and a child of any age accessing a print or online copy of American Lion (a Pulitzer Prize-winning book that discusses genocide, slavery, and violence, because it is about the presidency of Andrew Jackson)[4]. One is a physical hazard and a property risk; the other is a simple exercise of the right to read.

QUESTION: So, by extension, is granting an 11-year-old a library card without parent consent legally permissible?

ANSWER: I wouldn’t say “by extension” because that implies an argument needs to be made to provide library privileges to minors. There is NO requirement for parent/guardian consent for a library card unless the library has included it in their own policy (or an oddball local law requires it, which should probably be challenged).

QUESTION: Is the signature [of a parent] an acknowledgement of responsibility for the library materials on behalf of the child?

ANSWER: In and of itself, the signature is simply proof that the adult signing the card agreement accepts whatever terms are in the agreement. So, as reviewed above, if the library or library system issuing the card has made an adult’s acknowledgement of their responsibility a conditions of their child getting a card, then yes.

Along with that accountability, the signature of the parent, along with the informed consent of the child, can be used to put in place things like:

• Sharing a child’s library records with a parent (being able to answer the question “What books does my kid have out? I have to help him return them.”)
• Sharing a child’s fine/replacement fee information with a guardian (being able to answer the question “My granddaughter shoveled the walk yesterday so I would pay for the book she lost. How much is it?”)
• Disclosing and discussing loss of privileges/access (being able to say “As you know, your child doesn’t have computer privileges right now, because he put gum in the all the ports. We look forward to him being back at the keyboard in six months.”)

Many library card applications prompt for this specifically, but according to NYS law, is a parent/guardian responsible for library materials checked out to a minor in their care regardless?

ANSWER: No, except for in cases of extreme intentional damage, where General Obligations Law 3-112 might create that civil (not criminal) liability.[5]

That said, there could be a rogue local law out there. New York is a big place with many odd local laws on the books.

QUESTION: If a 15-year-old minor lost library materials or incurred fines or fees, would their parents still be legally responsible even without giving permission for the card?

ANSWER: No (and not even if they gave permission for the card, unless they also took accountability for fees); the sole exception to that is if the money was due to damage so extreme that a claim could be made under General Obligations Law 3-112.

QUESTION: COPPA and the collection of PII (for online library card signup). Though not required as a non-profit, our library chooses to comply with this policy, requiring parent/guardian consent of online card signup for children 12 and under. Does this mean that a child aged 11 could still, within legal boundaries, apply for a library card in person without collecting consent?

GRATUITOUS COMMENT: In general, public libraries should avoid complying with laws that they don’t have to comply with. COPPA was adopted to protect minors from predatory online commercial behavior; libraries have a completely different (and more rigorous) set of ethics and laws to guard against that concern. That said, it is essential for a library to require and confirm that any commercial vendor or affiliate being used to provide library services is following COPPA.

AND WITH THAT OUT OF THE WAY, HERE IS THE ANSWER: In New York, there is no law barring any person of any age from getting a library card. This means:

1. anyone from 0 to “whatever” can get a library card; and
2. no one can tell them “no” (except on a neutral and rational policy basis, like, “We only give cards to people who live in or work in Buffalo,” or, “We require card holders to be able to be held accountable for fines and fees.”).

That being said, libraries that want to impose conditions on youth and require the agreement of a parent/guardian can do so; the trick is to make sure the reason for the adult’s signature, the conditions it imposes on them, and the rights of the youth involved all line up.

Here are just a few examples of how that can be done:

• Issuing a “Simple Borrowing Card” that enables borrowing at any age, but due to lack of informed consent and no parent/guardian signature of minors, and perhaps lack of additional information (like address), can’t enable certain things (record sharing, fees, fines). For that reason, borrowing privileges might be limited by number of items, to e-resources, or temporary access.
• Issuing a “Full Privileges Card” that enables full range of privileges for adults or youth, but for those under 18 (and thus harder to hold to account), only given with the cardholder’s informed consent and parent/guardian’s acceptance of fiscal responsibility. Could be set up so the accountability accepted by the co-signing adult disappears at 18.
• Issuing a “Supported Borrowing Card” that enables full library privileges but, with informed consent of the cardholder, one or more supportive adults agree to help out with managing returns and other responsibilities that require access to confidential library records. This option could be helpful for cardholders who are bad at returning items,[6] adults who may need extra help for any reason, and youth at libraries that don’t need to have an adult on the hook for fines/fees.

Closing thoughts

This topic elicits much passion and strong feelings from many perspectives.

Many parents, of course, want to be engaged in their child’s selection of media, and being a required part of the library card process is one way for them to play that role. Some libraries might choose to encourage this engagement through policy, while other libraries might simply facilitate it as a by-product of requiring a responsible adult on the card to address concerns related to behavior and borrowing.

At the other end of things, children have a right to read and see the world that by nature is beyond the scope of what many parents/guardians envision, while libraries have an obligation to not discriminate on the basis of age when it comes to library access.[7] So while conditions that enable parental engagement can be imposed and parental engagement can be encouraged, such conditions should never do so in a way that unduly burdens library access.[8]

It is a balancing act, but by having clear reasons for requiring parent/guardian signatures and asking for no more than what is required for those reasons is key.

Thank you for a powerful array of questions.

First, I'll answer the easy question: No, you are not overthinking this.

For children fortunate enough to be brought to the public library at a young age, the experience is life-altering. They grow as readers and thinkers. They see themselves as part of a community that shares resources. They start to absorb the values of privacy and information access.

All of this is imbued by the library providing and applying the factors listed in the question: the card policy, the rules around borrowing, and how the child's parents and guardians are brought into the mix.

Which brings us to the crux of the member's question:

We want to have a procedure that balances the rights of minors to read freely, with protection for our library against claims that we have checked out materials to children that the parent/guardian believes to be inappropriate.

In New York, the procedure to ensure the library is protected is simple in one way and complex in another.

It is simple because the recipe for the protection referenced is already in the law.

Just like the chemical formula for one of the molecules in lavender[1] is this:

The “formula” for a library to be protected against an assertion that a minor checked out inappropriate material is:

Of course, this is the protection from claims of criminal liability, and as we have seen, claims of criminal liability aren't the only things libraries and library workers need protection from.

So, let's re-examine the question with the idea that “protection” means from coercive tactics and civil liability,[2] not criminal prosecution.

We want to have a procedure that balances the rights of minors to read freely, with protection for our library against claims that we have checked out materials to children that the parent/guardian believes to be inappropriate.

Other than the practices described in the question (parental acknowledgement at the time a card is obtained, confirmation of age), the tactics to do this are far more complex.

How complex? Well, to go back to the chemistry analogy, the above image was for just one molecule. Here is a full suite of molecules in the essential oils of L. angustifolia (lavender): 

As case law shows, the best protection is a complex array of library practices, all working in alignment to create a beautiful whole.

What is that array?

In short, libraries: keep on doing what you do.

That said, if there is one thing to emphasize that could help guard against negative impacts from a parent displeased with a child's library choice, it would be to add to adjust the language in the parental sign-off from this:

“My child has permission to have a library card. I understand that all library collections, including adult material and internet access, are available to children. I accept responsibility for my child's use of the library and any loss incurred.” This application is retained until the cardholder becomes an adult.

To this:

1. I acknowledge that my child has applied for a library card and will be responsible for following the conditions of that card, including the Library Code of Conduct and Library User Bill of Rights.
2. I understand that materials and internet access at the library are not restricted by age, and that my child must be accompanied by a responsible adult while in the library until age 13.[3]
3. I appreciate that if I have any questions or concerns about my child's use of library services, I can contact [ADDRESS] to discuss them confidentially.
4. [IF NEEDED] I agree to pay all costs incurred by my child due to loss or damage of borrowed materials.

This change in language can do a few things. First, it changes parent/guardian “permission” to get a library card to “acknowledgement” that the child has agency to apply for access; this subtly (or not-so-subtly) removes the implication that a parent must consent for a child to get a library card.[4]

Second, it links the acknowledgement of collection/internet access to the Code of Conduct and the “unaccompanied minors” policy.

Third, by emphasizing how to address concerns, it provides a gateway for concerns to be brought forward in a proactive way.

And finally, if it is a concern, it puts the parent/guardian on the hook for damage fees.

To bring this all home: why is all of this so important?

First, the answer is: this stuff has always been important.

But second: this answer is being written in October 2024. As I write, the wave of coordinated efforts to limit access to library content continues, and children having access to that content is often cited as a motivation for those efforts.[5] While threats of criminal prosecution have been made, the more common tactics are intimidation[6] and threats to curtail funding. Any adjustment a library can make to reduce the chilling effect of those tactics is worth considering.

Thank you for a great question.

I didn't realize it in first grade, but a school library[1] is one of the first places a person experiences "the right to privacy" unmediated by a parent or guardian.

Think about it.  You go to the library and get to pick out whatever you want.  You check out books, and no one can tell you what to pick.  And aside from the person checking you out, no one has to see your selection; your records are private.

In the present day, this means that kids whose faces might be all over Facebook[2], who are attending school via computer, and who "turn off their screen," when they don't want people peeking into their home life during remote learning, still have a right to confidentiality when it comes to the library in their school. And one of the biggest symbols of that student-library relationship is their library card.

So, with all that hanging in the balance, what are the legal considerations of putting student pictures on school library cards?

As often happens in the highly regulated worlds of education, privacy, and information, the answer is: "It depends."

In this case, the factors "it depends" on are numerous; rather than itemize them, I'll summarize them with a few pointed questions:

Factor 1: What else is "on" the library card?

Depending what other information is on the library card, combining a student’s picture with it could increase the likelihood of a violation of FERPA[3], Ed 2-d, or school policy.[4]  For instance, if the card is used for not only swipe access, but access to grades, disciplinary records, and library records, also including a picture ID on it makes it sensitive, indeed.

Factor 2:  Who "owns" the library card?

Some schools, by policy, give out student identification cards, but use a school or district-wide policy to confirm that the card is simply "on loan" to the student (and must be returned at certain events, like suspension or expulsion).  Other institutions issue a card, and it becomes the student's property; this means that the card is more under that student’s control.[5]

While there is no requirement to do one way over the other, the school and library should confirm the ownership of the card in a policy, as this can impact the decision to mark the card with picture ID, as well as who has control over the card in the future.

Factor 3:  Why does the picture need to be on the library card?

Is the school so large that in order to ensure it provides library services to the right student, the card must have a photo ID?  Is it a security measure, perhaps to deter theft (of library cards, and therefore collection assets)?  Do students need to "swipe" into the library, with the library positioned to monitor that they are letting in a student who isn't supposed to be in class?  Or is the library card doing double duty as the student's general student ID?  Whatever the reason, it should be understood and clearly based in policy.  And if the reason has to do more with security at that school than the operations of the library, it is better that the function be performed by the student ID, not the library card.[6]

Factor 4:  Who will have the right or ability to view the library card?

If the library card is only required to be viewed by library staff, the inclusion of the photo is consistent with FERPA's and CPLR 4509's different but equally applicable privacy requirements.  But if a security guard, teacher(s), bus driver, or others all have to see the library card for different reasons (this relates to question number 3), or could use the card to access the student's library records, that raises the possibility of concerns.

Factor 5:  Is there a "stealth" reason for the use of the photo and name?

For some students, if they do not have documentation such as a birth certificate or social security card, a library card with a picture ID might be the most official "documentation" they have.  If a library or school is intending that their cards perform this ancillary function, this should be done with the awareness that third parties relying on the identification function still need permission for the school or library to comment on the content of the card (for students under 18, this means a waiver by parents or guardians).  However, that same student (or their parents/guardians) can choose to share their confidential education records or library records however they wish.

Okay, that's a lot of "factors," but what is the answer?

Having dragged you through all that, I will answer the member's very simple question:  Is it legal to print student photos with their names on their school library cards for circulation use?

The answer is "Yes."

But!  If the library card will be used for anything more than "circulation use" within the library, it is wise to assess precisely what the card will be used for, root that purpose in well-developed policy that considers the above factors, and evaluate if the picture—which in this case, will be a FERPA-protected education record[7]—is needed at all.  The more the card is used for functions beyond the needs of the library, the more those functions should be achieved by a separate student ID, or in the alternative, schools should make sure that library information[8] is separate and isolated from other education records accessed by or listed on the card.

Thank you for an important question.

[1] It is important to note that a "public school library" is different than a public library, or an association library, or a college library.... but ALL are subject to CPLR 4509, the law making library records private.  And while they are different, a public school library, like the college library, is subject to FERPA.

[2] I used to be such a stickler about not posting any pictures of my kids on FB.  But the loving posts of other family members eventually wore me down.  Sorry, kids, I really tried.

[3] Photos of students maintained by their institutions, like an ID photo, are confidential education records under FERPA.  https://studentprivacy.ed.gov/faq/faqs-photos-and-videos-under-ferpa

[4] For instance, if the library card is also an all-purpose student ID that also functions as a key card or has lunch money on it, a policy should clearly separate those functions and there must be a clear protocol for voiding access when the card is reported lost.

[5] Just because the school owns the physical object doesn't mean they own the rights to the student's image.

[6] This is because, as written more thoroughly in Ask a Lawyer RAQ #100, school library records are subject to both FERPA and 4509 rules of privacy.  Combining education record with library records can make it difficult to tease out the different ways the materials may need to be handled. 

[7] See footnote 3.  Yes, this is a footnote to send you to a footnote.

[8] Either in hard copy, on the card, or via digital access.

I remember getting my first library card at the Utica Public Library with my Dad, circa 1985.  It was a right of passage: something "official" before I could drive, or work, or vote; a stepping-stone to adult life.

Of course, back then, we didn't have the Child Online Privacy Protection Act, the SHIELD Act, or the GDPR.  We did have CPLR 4509[1], but if that was part of the application, I probably assumed it was what the library would use to revive me if I had a heart attack in the stacks.

But enough of Memory Lane: this question is rooted in 2020, a time of pandemic, of online ecosystems, and of growing awareness about personal privacy and data security.  During this time, a library putting in place direct access to services for children in the ways listed by the member is a critical service, and as the member points out, introduces a lot of legal factors to think about.

To answer the member's questions, let's dive into them.

Contracts and Kids

Since the relationship of a library to a patron is (among other things) contractual, and in New York a person (generally) cannot be held to a contract until they are 18[2], any terms a library wants to be able to enforce on a minor must require legal consent of a parent or guardian...and in some cases, the contract really is just with the parent or guardian (who I will call "P/G" for the sake of efficiency going forward).

This, by the way, doesn't mean a library can't let minors have a card and borrow books (or have online access, or be in the library) without the signature of a parent or guardian—it just means if you want to enforce any contractual terms against those minors (like the requirement to return borrowed books), it's best to have a P/G's consent along for the ride.

Contracts and the Internet

Most contracts—including those signed by P/Gs binding minors—can be entered into electronically,[3] and a contract signified by a library card is no exception.  So yes, a patron, including a child, can get a library card or access to services through an electronic signature. 

(Just in case you want the nation-wide definition, an "electronic signature" is "an electronic sound,[4] symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."[5])

What about COPPA?

When a website specifically provides services to children, we often have to consider the Children's Online Privacy Protection Act, or "COPPA."  But not today, since COPPA expressly states that the law applies to "commercial" websites and online services and generally not to nonprofit entities like a library.[6]

Although nonprofit entities are generally not subject to COPPA, the FTC "encourages[7] such entities to post privacy policies online and to provide COPPA’s protections to their child visitors."  Since libraries are sticklers for privacy, this makes sense, but if your library does this when setting up online resources for minors, don't call it "compliance with COPPA," call it "doing it the right thing because we want to."[8]

Should we require a parent?

COPPA, by the way, is one of the laws that uses the age of thirteen as the cut-off age for children being able to sign up for things (commercial or otherwise) on their own.  In my experience, 13 is also the age when insurance carriers decide children transition from "vulnerable" to simply "minors."  For this reason, many content providers and services (including libraries) bar access without a parent to those under 13.

All of which is to say: while there might not be a legal requirement to involve a P/G, in general, I'd say this is a good practice.  Good—but not required.  Remember, to legally enforce any conditions[9] (collect fines), you need a P/G's signature, but if you just want to let a kid borrow a book without consequences enforceable in court, you don't.

Let's see some ID?

Okay: you're set with electronic signatures.  You know you need to get P/G into the mix for patrons under 18.  You're "Doing The Right Thing Because You Want To" when it comes to soliciting information from minors under 13.  Do you need to see identification to make things official?

That depends.

If the privileges the library card or access grants come with conditions you will need to enforce in a court of law (fines, damages), it is ALWAYS better to get some form of identification or proof of address.  I say this, because when lawyers sue, proper ID and proof of address is how they know they are suing the right person.

Similarly, if there is an age or residency requirement, or a financial element (for instance, loading money onto an account), or if a person is to have access to another's account, you might need to require ID. 

Because the need for it will vary, when to require ID is a good question for your local attorney.  From my perspective, if a person is allowed to take out more than $10,000.00 worth of library assets at a time, or a library wants to be able to collect fines, I'd want to know how to enforce a return of those items.  Similarly, if patrons are allowed to access services from third-party vendors through their library card (software programs, audio books, anything governed by a third-party license), and there are consequences for a violation, it is good to have solid information about who your patron really is.

The problem is, if you are going to require ID, you must have a solid policies and procedures that address:

• Requiring ID in a manner that does not disproportionately impact those who live in poverty, or other categories of people[10]
• Requesting ID
• Evaluating ID
• Securely retaining and routinely destroying hard copies of ID
• Securely retaining and routinely purging electronic copies of ID
• Have a plan for data breach impacting retained ID

Basically: the reason a library would require ID—aside from verifying that a person lives in the relevant area of service, or is who they say they are—is to collect damages or to legally enforce conditions the patron has agreed to as a condition of a card.  Since that is an unpleasant business, its best to avoid it whenever you can...but when it's important, it's important to do it right.

I enjoyed writing this answer, because as part of it, I got to poke around and see how different libraries are solving this issue.  I saw some great stuff, including a temporary e-access system that let the technology do all the work (requesting verification of age via click-thru, using location services to confirm location in NY, imposing conditions on digital content via function without the need for legal enforcement mechanisms).

It is good to see when the law inspires, rather than quashes, creativity and information access.  I hope your library and library system finds this helpful as you imagine new ways to connect people to vital services!

[1] Requiring libraries to not release an individual's library records to a third party.

[2] There ARE some exceptions, but unless your library is hiring a minor to act in their movie, or selling a married couple of 17-year-olds a house, they shouldn't apply here (see General Obligations Law § 3-101).

[3] (15 USCS § 7001) states: "a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form."

[4] This definition's use of "electronic sound" created a rabbit hole where I envisioned a series of "auditory" contract signature proceedings where a person uses their Spotify Playlist to accept contracts.

[5] 15 USCS § 7006

[6] Entities that otherwise would be exempt from coverage under Section 5 of the Fair Trade Commission Act, which most if not all libraries are.

[7] You can find this "encouragement" at https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions-0

[8] A great guide for "doing the right thing" is here: https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions-0#A.%20General%20Questions

[9] By "enforce conditions," I mean contractually, in a court of law.  A library can always ask a 12-year-old to pipe down, and enforce its Code of Conduct if they do not.  But to collect fees, get a P/G signature!

[10] This question is critical to a library's mission.  While there is no "right" answer, I can say that even facially neutral things such as asking for utility bills, pay stubs, or non-driver ID can alienate people within a library's area of service.  I advise maintaining a list of ID types that includes "the usual" types of ID (driver's license, ss card, birth certificate, non-driver ID), and some other types, as well (report card, lease, or any correspondence from a government agency (with private information redacted)).  The list maintained by NYPL, who clearly gets this issue, made me smile: https://www.nypl.org/help/library-card/terms-conditions.