Employment

I am a hands-on kind of lawyer.  When I do a real estate deal, I visit the property.  When I advise a historic preservation group, I drag my kids to see old houses.  When I represent a bakery, I try not to pack on an extra five pounds, but it’s always touch-and-go.

So, when this question came in, I hopped on SpringShare and checked out their product description for LibGuides, and pretended I was going to write one.  I delved into the license terms and the mechanics of the utility.  I observed how their various products work together, or a la carte.

On the SpringShare website, LibGuides is summarized this way:

“LibGuides is an easy-to-use content management system deployed at thousands of libraries worldwide. Librarians use it to curate knowledge and share information, organize class and subject specific resources, and to create and manage websites.”

I checked in with a few librarians I know (one of whom works in my office), and they reported that yes, the product is widely used and popular.  While mine was a very unscientific survey,[1] the  day I hopped on, SpringShare’s web page boasted participation by “6,100 libraries” and “82 countries” and “130,300” librarians.

I noticed a lot of legally interesting things when I was down the SpringShare rabbit hole, but I what I focused on was the member’s question: is there a legal concern related to attributions of LibGuides content?

I started with the LibGuides License,[2] which states:

OWNERSHIP OF DATA: Licensor does not own any data, information or material that you submit to the Software ("Customer Data").

In other words, SpringShare (the licensor) confirms that the subscriber (the licensee) owns the content they put on LibGuides.

The License then goes on:

You, not Licensor [remember, Springshare is the “Licensor”], shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data, and Licensor shall not be responsible or liable for the deletion, correction, destruction, damage, loss or failure to store any Customer Data.

This means that while the licensee (the subscribing librarian or library) owns the content, they are also responsible for the consequences created by any content they don’t have the rights to (infringement claim, violation of privacy claim, etc.).

This is a very typical approach for content-sharing platforms.

The License then states:

In the event this Agreement is terminated, Licensor will make available to you a file of the Customer Data in XML format within 30 days of termination if you so request at the time of termination.

Isn’t that generous?  If you remember to ask nicely at the time you terminate the contract, you (the Licensee) have thirty whole days retrieve your property.[3]

This property arrangement is at the heart of the member’s question.  SpringShare claims no ownership of the content placed on LibGuides.  That content, unless licensed from another, is supposed to be owned by the licensee (the person or entity contracting with SpringShare for the service).

But is the “licensed LibGuides user” the content owner?

That depends.

In the member’s question, the “licensed LibGuides user” was probably the library (it would be very unusual, and not business-appropriate, for an account for an institution to be in an individual person’s name).  So, the library is the one getting assured they own the content put up through the account, and the library is the entity responsible in the event the content causes a problem (infringes copyright, invades someone’s privacy, etc.).

Now this is where the issue gets sensitive.  Under copyright law, content generated by employees, AS PART OF THEIR REGULAR DUTIES, is owned by their employer—unless a contract, policy, or hire letter says otherwise.  This “default rule” is spelled out in section 201(b) of the Copyright Act.[4]

How does this play out in the work environment? It varies.  Many librarians are part of a union, which means the written work they generate as part of their job might not be subject to the above-described “default rule” (a collective bargaining agreement can change the terms of employment related to copyright).  Still others work in environments where this “default rule” has been changed through a policy, or a hire letter.

This lack of uniformity means that any librarian composing LibGuides, who wants to use their compositions after they move to another job, should make sure they know where they stand when it comes to “employee-generated intellectual property.”  Does their workplace follow the “default rule?”  Does a union contract, policy, or hire letter change the “default rule?”  And is writing a LibGuide even part of their duties?

This is critical, because depending on who owns the content, they are free to do as they like with it: keep it up, remove it, change it, update it, etc. (of course, what they do on LibGuides is limited by the License and the technology).  And it is also critical because the current configuration[5] of LibGuides seems, to me, to create a potential problem.

Now, that addressed the legal part of the question; the answer is: yes, there are some legal concerns.  But the “legal” concerns might not be the full scope of the concerns presented by the question’s scenario.  Attribution of authorship is different from ownership, but it can be a critical issue of integrity.

My understanding of how LibGuides functions is that the account holder can change the roles, authority, and people admitted to create, modify, or access the content.  Within LibGuides, subscribers have the ability to assign users (Admin users, Regular users, Editor users, Contributor users, and Patron users) with different levels of access and authority.[6]

Within this structure, “Admin users” (who have the highest level of authority over an account), manage the Licensee’s use of the service.  The settings are changeable, and different LibGuides can be assigned to different users.

But what was WILD to me is that when a librarian leaves a library, to maintain the LibGuide, the library has to assign another staffer to the Guide.  That’s fine and makes sense, but because of LibGuide’s interface, that new person is then listed as the librarian in charge of the guide, and the way the screen looks (to me) the implication is that they are the author.

I believe that is the genesis of this question; people who took pride in their creation of a LibGuide first attributed to them are now seeing (implied) authorship (seemingly) attributed to another.  I have to admit, whether I owned it or not, that would sting a little.  Writing, even if it’s for your job, can be a very personal endeavor.

This seems entirely due to the design of the interface.  Between you, me, and the Internet,[7] it seems like a needless and utterly solvable problem.  And while not necessarily a legal issue (although if the former employee owns their work, it could be) it strikes me as a serious ethics/integrity/relationships issue.

Authorship is something people take seriously, especially in the arenas of academia and publishing—worlds in which librarians play an essential role.

How can this be solved?

First, LibGuides might want to think this through and develop a solution.[8]  But until then, libraries using LibGuides should assess their legal position (do they own their employees’ work under the “default rule”?  Or does a contract or policy say otherwise?) and, think how this phenomenon rests with their values.  On the flip side, librarians who create a great LibGuide and then want to move on in their professional careers should pay attention to who is the LibGuide’s “owner” and be mindful that a LibGuide owned by their employer will not always be in their name.  Further, the mutable nature of LibGuides (they are designed to be updated, altered and changed) means you might not always want to be associated with what the Guide turns into!

Thanks for a great question.

[1] “Unalytics.”

[2] “Terms of Use” and licensing agreements can be treacherous!  Services change them from time to time.  This was posted as of 3/6/2020, but always get your contract answers straight from the source.

[3] As a rule, I try to avoid snark and sarcasm in the “Ask the Lawyer” service.  Such rhetoric doesn’t age well, and there are defter ways to be funny.  That said, this one deserves some snark.  Thirty days, and then potentially thousands of dollars of your assets are lost?  Not so great.

[4] The law reads: “In the case of a work made for hire [which includes “a work prepared by an employee within the scope [their] employment”] the employer or other person for whom the work was prepared is considered the author for purposes of this title, and, unless the parties have expressly agreed otherwise in a written instrument signed by them, owns all of the rights comprised in the copyright.”

[5] As of March 6, 2020.

[6] On March 6, 2020, I found these categories on the LibGuides FAQ at ask.springshare.com/libguides/faq/1119#general.

[7] Hi, SpringShare!  I am confident you can fix this!

[8] For instance, I would create a “Legacy Content and History” option for customers, where the evolving work and chain of authors could be tracked.  Of course, that would still put the ultimate fate of the content in the hands of the employer, but it would empower them to maintain good feelings between librarians.

Every employer struggles with this issue: give employees enough access to electronic information to do their jobs, but protect that information from accidental disclosure, file corruption, and theft.

Solid practices like routine security updates, back-ups, password re-sets, and employee training can help a library avoid the worst IT disasters.  But what if someone in a position of trust simply abuses their access?  What if a scenario like the member's question should arise?

There is a process to address this type of scenario.  In order to ease an adrenalized mind,[1] it is presented below in grid form.

Upon suspicion that files have been removed or inappropriately removed by a former library employee, follow these steps to assess what recourse a board might have:

What happens as part of number "9," is the actual answer to the member's question.  But until a library follows steps "1" through "8," it can't fully know its options under "9."

And what can happen as part of "9"?  The range of consequences for unauthorized computer access and/or data destruction is vast, running from criminal penalties to civil remedies.  And if considered with solutions for how a library can recover from the loss, there are further possibilities.

If I was on the board where a former director removed all the library files from a library owned-computer that relate to the running of the public library, at the end of the day, here's what I'd want get out of "The Files Are Gone" process:

• Know if the files were simply removed, or if they were removed and accessed/disclosed beyond the library;
• If they were disclosed beyond the library, what the library must do to address that (including special considerations if personal or confidential information was accessed);
• If the files were only removed, know if they can easily be replaced, or if they were the library's only copy;
• If they can't be easily replaced, how much it will cost to replace them, and any negative impacts we'll experience until we do;
• How we have concluded the files were removed by the former employee, if they were an employee when they did it, and what the due process is for addressing that;
• If (based on all the information gathered, and more that will be specific to the situation), the board should contact the police, or consider a civil claim against the former employee.

By demanding solid, well-documented and qualified answer to these questions (What happened?  how does it impact the library?  What can we do?) a board member is being a good fiduciary, and positioning the library to identify the best recourse.

Now let's say that, in the grand scheme of things, the "missing files" appear to be pretty minor (and do not involve private information).  Let's say that, for whatever reason, the outgoing employee deleted all the library's "standard operating procedures." Not the policies--those are on the library's website and backed up in numerous places - but all the details about (as the question says) "running the library:"  How to organize the courier manifest.  The templates for the volunteer letters and community meeting notices.  The budget template and calendar for strategic planning.  Their own emails on their library account.  Nothing private, no circulation or credit card information, but a body of work that represent hundreds of compensated hours…lost.

This may seem like the kind of loss that isn’t dire enough to warrant the steps I have outlined above, but it absolutely is.  First, only a professional can say when data is truly "lost" (especially emails).  And even if, at the end of the day, there is a board decision not to pursue any consequences (privately, civilly or criminally), such (in)action must be based on good information--not just the result of a decision not to investigate in the first place.

The budget for such response, if planned carefully, can be very modest (under $1500).[4]  Reaching out to a library's system and regional council to find the professional you need might help the library get those services at a reasonable price (and again, depending on the system-library service agreement, much more).

Why am I adamant about this follow-through, even for a "small" incident?  Because sometimes a "small" incident is only the tip of a much larger iceberg.  Unauthorized data destruction by a former employee could be a serious breach of their duty, the law--and even their oath of office.  But it might not be.  The right response, and the fair response, can only be formulated through careful documentation and analysis.

This is what positions the board to know what recourse it can take, when presented with such a serious situation.

Thank you for trusting "Ask the Lawyer" with this sensitive question.

[1] If you are reading this while working on this type of issue, take a deep breath.  You've got this.

[2] There are too many types of IT supply/support arrangements out there for me to be more precise than this.  Some systems are essentially the IT department for their member libraries. Others are not.  This aspect will be governed by the System's member contract…but generally, a good place to start is on the phone!

[3] In keeping with the question, this chart addresses what to do if the person involved is former employee.  If the person is a current employee, the Response Team should include someone qualified to assess an appropriate response that ensures 1) due process for the employee; 2) security for the investigation; and 3) stability for ongoing operations of the library.

[4] Is this a low-ball figure?  Could it be much bigger?  Yes. But if it gets much bigger, that should be because it's actually a big problem that needs to be solved.