Law enforcement

This is a timely and important question.

Regarding the ability of law enforcement (including ICE, FBI, ATF, etc.) to enter a college or university campus: the administration will make that determination, and it will be based on many factors.

That said, by both state and federal law (Education Law 6434, and the Clery Act [20 U.S.C. 1092]), college and university campuses are supposed to have a relationship with local law enforcement, so some degree of cooperation with local police, a county sheriff, and the state troopers should already be in place. Many institutions, especially those close to borders or with particular security priorities, have established working relationships with the FBI.

Against that variable background, what happens within an academic library on campus (and in virtual spaces) is subject to further control.

To describe that and provide guidance, I have developed the below “GUIDE” that can be posted in academic libraries in New York State. The sections in yellow can be modified to fit your institution’s unique information. Feel free to use your own font (I am into Century Schoolbook these days, but Avenir Next has a quiet authority). You can also add additional protections and procedures; I have put in the bare minimum required by law and ethics.

NOTE: As will ALL templates, have your higher-ed institution’s lawyer review it first, whenever possible. They may have a few more considerations to add.

In addition to having clarity about the steps needed to demand student-related information, I want to encourage all academic librarians to stay calm. In the event you are asked for information about a student or colleague, follow policy and guidance (including what is below, if your institution decides to use it) and refer all inquiries to senior administration.

In the event of an enforcement action, one of the best things you can do is provide witness, and help that person get to a good lawyer. So, if you have extra adrenaline on this right now, using your librarian skills to assemble lists of legal aid and private attorneys with the right experience to help can be vital.

In summary: librarians at higher-ed institutions can’t control what campus policy is overall, but they can have clarity about the policy in the library. In addition, by attesting to what you see, and providing timely information to those who could be impacted, you are using your profession to ensure accurate information is timely applied. As of this writing (January 29th, 2025), helping your colleagues track accurate information about funded research and programs will help, too.

Thank you for thinking of your students and your ethical obligations as an academic librarian.

The Higher Ed Librarians’ of New York

GUIDE

To Responding to Law Enforcement & Others’

Requests for Library User Information

[INSERT YOUR LIBRARY LOGO HERE!]

FACT 1: “Library Records” in New York, including those held by higher education libraries, may not be disclosed to third parties without a duly executed subpoena, court order, or waiver signed by the library user, unless such disclosure is required for library operations (for example, reporting destruction of library property). [NY CPLR 4509]

FACT 2: “Library Records” in New York, including those held by higher education libraries, may not be shared with law enforcement (local, state, or federal) without a warrant, unless the library is the party filing the report (for example, reporting theft of library property).

FACT 3: At this library, a student’s Library Records are also confidential “Education Records” per the Family Education Rights Privacy Act (FERPA). While some records can be shared under FERPA, Library Records have an added layer of restriction (see FACT 1 and FACT 2).

FACT 4: The American Library Association’s Code of Ethics requires librarians to “protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.”

BECAUSE OF THESE LEGAL AND ETHICAL OBLIGATIONS:

1. Law Enforcement (local, state and federal): All requests for library user information will be referred to Campus [Safety/Security] or the [University/College’s] lawyer. Search warrants, subpoenas and court orders should be submitted directly to [position] for assessment, so prompt responses can be issued. Library workers are, by law and policy, barred from providing such information.

2. Attorneys: All requests for library user information will be referred to Campus [Safety/Security] or the [University/College’s] lawyer. Subpoenas and discovery demands should be submitted directly to [position] for assessment, so prompt responses can be issued. Library workers are, by law and policy, barred from providing such information.

3. Private Investigators: All requests for library user information will be referred to Campus [Safety/Security]. Library workers are, by law and policy, barred from providing such information.

4. Faculty, Staff, Coaches, Advisors: All requests for library user information will be referred to the Library Director, who will assess the degree to which such information may be shared under FERPA and CPLR 4509. If a student has signed a FERPA waiver that includes disclosure of Library Records, please alert the Library Director, so the information that the student has agreed can be shared can be promptly provided. Library workers are, by policy, barred from providing such information.

5. Information Technology (“IT”): All requests for library user information should be referred to the Library Director, including requests that could be fulfilled by IT. IT workers are, by law, barred from providing access to Education Records and Library Records without a FERPA waiver authorizing such access.

IN THE EVENT LIBRARY RECORDS OR INFORMATION RELATED TO LIBRARY USE IS DEMANDED DUE TO AN IMMEDIATE RISK TO HUMAN HEALTH (student or other), THE DIRECTOR OR LIBRARIAN IN CHARGE WILL WORK WITH OTHER [COLLEGE/UNIVERSITY] PERSONNEL TO MAKE A TIMELY DECISION BASED ON APPLICABLE LAW.

This Guide is posted and promulgated in the [NAME] Library to protect important privacy rights while promoting the orderly and safe operation of the campus.

Many libraries, for a variety of good reasons, have security cameras.  Some libraries control those recording systems; others do not.  But no matter how they get there, when cameras are in a library, the questions posed by the member are critical.

Here is why: every library in the State of New York is bound by ethics and law to safeguard patron privacy.  Those obligations start with the ethics of the American Library Association[1] and the New York Library Association,[2] assuring patron privacy; these ethics find legal teeth in New York Civil Practice Law and Rules[3] and the Public Officer's Law.[4]

At the local level, patron privacy is often reinforced in a library's ethics statement, bylaws, and policies.  The practical duties of patron privacy are found in job descriptions (particularly of directors and IT professionals), and in membership terms between libraries and systems.  And it is part of every new employees' on-boarding.[5]

Because librarians and library leadership are so aware of this privacy obligation, and because assurance of patron privacy is a key component of information access, protecting patron privacy is often referred to in the library community as nigh-unto-sacred duty. So sacred, in fact, that I have met more than one librarian willing to go toe-to-toe with law enforcement seeking unauthorized access to patron data.[6]

While it takes a certain type of gumption to stand up to law enforcement, it takes another type (equally critical, but not as concentratedly defiant) of gumption to think about patron privacy in the context of software, landlords, and security cameras.  One takes a willingness to take a stand in the moment.  The other takes a willingness to think about details, to leave nothing to chance, and to ask a lot of very specific, very persistent questions.[7]

Both of these types of gumption are critical to the modern librarian, but only one gives you an easily dramatic answer to the question "how was your day?"

We'll leave the dramatic aspect of this for another time.[8]  Below, please find a boring--but vital-- checklist of steps and language to help a library answer the questions posed by the member, when a landlord is using cameras trained on library premises:

Step 1: Assess what the library's lease says about security and use of cameras

For libraries with landlords (remember, your library has a landlord even if you only pay a token amount of rent,[9]) it is important to have a written lease. 

Why?  Because, among other critical things,[10] that lease can provide clarity about who provides the on-site security (including a camera system) and set the stage for how the landlord and the tenant will manage security-related details.

In this case, the member has clarified that the security system will be controlled by the municipal (county) landlord.  Here are the details posited by the member:

These cameras will not be regularly monitored unless there is a reason to consult them. We will not be viewing the footage per a patron’s request. They will be maintained by our county facilities staff and consulted only in cases where a criminal act was committed.

These details, upon which the library will base its own actions, should be confirmed in the lease.  Such confirmation should include, whenever possible, a marked survey or map of the property, showing the limits of the camera's line of sight.

Step 2:  Assess if the lease terms and security camera arrangements promote the privacy commitments of the library

Just a note: while a municipality may procure and install a camera system with the intent to only monitor it "in the event of alleged criminal activity," in my experience, there is no way to enforce such a restriction, and some risk that the use of the cameras could change over time.

For instance:

• The recordings could be subject to disclosure under the Freedom of Information law;
• The recordings could be accessed via subpoena in the event of an alleged personal injury or other civil claim;
• The temptation for a town, city, or county to use the recordings internally (even for something as innocent as using them to check if a snowplow crew did a good job, or if a worker is arriving on time) might be hard to resist.

A library can't control this.  That said, when a camera system is installed, a library can request assurance that the municipality's internal policy, governing the cameras, include language:

• Alerting the users of the system to the sensitivity of patron records at a library;
• Confirming that the footage showing people entering and leaving the library is not regarded as a "library record" by either party; and
• Confirm that under no circumstances should the security cameras enable recording of information reflecting patron use of services.[11]

Once a library performs these two steps, it can answer the member's two questions:

First question: What type of permanent notification do we need to post about the use of cameras?

Once the library has written assurance that the landlord's use of recording technology will not result in the creation or disclosure of a library record, it is up to the director and board if, or how, your library should alert the community.

Personally, as a patron, I would appreciate a "courtesy notice" such as: "Your library records are confidential.  Please know that while our landlord has security cameras in [ZONES], the library does not allow recording that could impact patron privacy inside the building."[12]

OR (if the library makes use of its own security cameras): "Your library records are confidential.  Please know that our landlord has security cameras in [ZONES] and may use those for security purposes, but any security camera record maintained by the Library that shows use of library services is considered confidential and is used for library purposes only."

Second question: What major points do we need to ensure we include in our privacy policy?

The privacy policy of the library, or in the alternative, the minutes of the board, should reflect the details and privacy safeguards confirmed through the two-step analysis above. 

For instance, after the analysis is done, the board can note in the minutes: "Regarding the landlord's use of outside security cameras: As of DATE, the Library's landlord, NAME, will have security cameras observing certain outdoor areas, including library property.  The Library has verified that its lease, and the landlord's internal policy, prevent the landlord's security cameras from generating or disclosing confidential library records.  The public will be notified as to where the cameras are recording, and that such recordings are not confidential library records."

I appreciate that this review/confirm process can be a bit clunky.  However, it is also an opportunity to alert a critical partner (a landlord, and sponsoring municipality) to the importance of library-patron confidentiality, and to assure the public that privacy is a priority.  By seizing the moment to confirm that privacy is being properly considered and enforced, a library not only assures its ethics and legal compliance, but can create an ally in that eternal (and important) fight.[13]

I hope this approach is helpful.

 

 

---

[1] ALA Code of Ethics.

[2] As found in the NYLA Code of Ethics: " III. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted."

[3] CPLR 4509 states: “Library records, which contain names or other personally identifying details regarding the users ...including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute.”

[4] https://docs.dos.ny.gov/coog/ftext/13308.htm

[5] If it's not, it should be.

[6] You guys are so cool when you do that.

[7] Like the member is, here.

[8] Actually, we address it here: RAQ #26.

[9] Generally, this token rent is placed at $1/year.  Just once it would be fun to see a more random number, like $1.26/year.

[10] Such as insurance, hours of operation, emergency procedures, notification in the event of injury, protocol for repairs, capital improvements, etc...  For more commentary on this, see RAQ #166 about having any MOU with a sponsoring municipal entity.

[11] If security cameras are aimed at a curbside pick-up location, the library should consider if the recording is a library record.

[12] Forbidding recording in a public library is a controversial topic, I know.  This language is written to address recording that can impact patron privacy.

[13] Hey, I managed to make careful attention to minutia sound dramatic!