Privacy is essential to the exercise of free speech, free thought, and free association. The Rutgers University Libraries consider the right to privacy to be the right to open inquiry without having the subject of one's interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.
The courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution. The Libraries privacy and confidentiality policies are in compliance with applicable federal, state, and local laws, as well as Rutgers University’s institutional policies related to privacy.
Library user rights outlined here are based in part on what are known in the United States as the five "Fair Information Practice Principles." These five principles outline the rights of Notice, Choice, Access, Security, and Enforcement.
Our commitment to your privacy and confidentiality has deep roots not only in law but also in the ethics and practices of librarianship. In accordance with the American Library Association's Code of Ethics:
"We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted."
II. The Rutgers University Libraries Commitment to Our Users’ Rights of Privacy & Confidentiality
The Rutgers University Libraries are committed to protecting user privacy when library resources are used and personally identifiable information is collected.
1. Notice & Openness
The Rutgers University Libraries inform users about the policies governing the amount and retention of personally identifiable information and about why that information is necessary for the provision of library services.
We post publicly the privacy and information-gathering policies of the Libraries on our website and other places as appropriate. Whenever policies change, notice of those changes is disseminated widely to our users.
The Rutgers University Libraries gather information about current and valid library users for the sole purpose of providing library services. Where it is necessary for the Libraries to identify users, it is our goal to gather only the minimum information necessary and to retain that information for only as long as it is needed to complete a particular transaction. We avoid creating unnecessary records and retaining records not needed for the fulfillment of the mission of the Libraries. Furthermore, we do not engage in practices that might place personally identifiable information in or on public view.
2. Choice & Consent
The Rutgers University Libraries keep all personally identifiable information confidential. We will not share, sell, license, or disclose personal information to any third party without your consent unless we are compelled to do so under the law or to comply with a court order.
The Libraries receive personally identifiable information automatically from the Office of the Registrar (for students) and the Office of Human Resources (for employees) or directly from you to create and update your library user account. User accounts contain an official email address and home and campus mailing addresses supplied by the university. You have the option of providing a different email address for the purpose of receiving notifications about library accounts.
When you borrow materials from the Rutgers University Libraries, we scan the barcode on your photo identification card and then link your personally identifiable information to the items borrowed.
When using library services through our website, you may need to provide your name, e-mail address, NetID, password, barcode, and/or password. To use licensed subscription electronic resources from an off-campus location, users are required to submit a NetID and password or library barcode and password to be authenticated as a currently affiliated user.
When using certain library services or collections, you may need to show identification and/or provide personally identifiable information on paper forms or logs that are retained as needed.
3. Access by Users
The Rutgers University Libraries provide you access to activities on your library account. Before viewing your library account, you are asked to present a Rutgers NetID and password or library barcode and password for identification online or a photo ID in person to ensure verification of identity. You may access your personal information in person or by telephone.
Library users must update their personally identifiable information to ensure that library operations can function properly. Rutgers University faculty, students, and staff can view and update their personally identifiable information through the university online directory. Users not affiliated with the university can update their information at any Rutgers University library.
4. Data Integrity & Security
Data Integrity: The Rutgers University Libraries are committed to collecting and maintaining accurate and secure data. We strive to assure data integrity, including: using only reputable sources of data, providing you access to your own library account, updating data whenever possible, utilizing middleware authentication systems that authorize use without requiring personally identifiable information, destroying untimely data or converting it to anonymous form.
Data Retention: We protect personally identifiable information from unauthorized disclosure. Once it is no longer needed to manage library services, we regularly purge, shred, or anonymize personally identifiable information about library users, library resource use, material circulation history, and security/surveillance tapes and logs.
Tracking Users: Our Libraries have invested in appropriate technology to protect the security of any personally identifiable information while it is in the library's custody, and we ensure that aggregate, summary data is stripped of personally identifiable information. We do not ask library visitors or website users to identify themselves or reveal any personal information unless they are borrowing materials; requesting special services; registering for services, programs, or classes; or making remote use from outside the library of those portions of the Libraries website restricted to registered borrowers under license agreements or other special arrangements. We discourage users from choosing passwords that could reveal their identity, including social security numbers. We remove cookies, web history, cached files, or other computer and Internet use records and other software code that is placed on our public computers or networks after each use. We remove links between user records and materials borrowed when items are returned, and we delete records as soon as the purpose for data collection has been satisfied.
Third Party Security: The Rutgers University Libraries use and link to resources owned and operated by third parties, including integrated library systems, offsite computer services, databases, and electronic journals. We license these resources for the use of Rutgers authorized users. We make every attempt to include user privacy protections in license agreements with third parties, such as vendors of digital information resources like electronic databases and journals. Nevertheless, because the use of these websites and resources is not governed by the Rutgers University Libraries, we strongly recommend that you review the privacy policies of the websites that you visit, particularly if you are requesting online help through email or chat or establishing your own account for specialized services like table of contents, email, saved search alerts, purchases, or personalization features. When connecting to licensed resources outside the library, we authenticate users as members of our community and do not provide any personally identifiable information.
Security Measures: Our security measures involve both managerial and technical policies and procedures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data. Our managerial measures include internal organizational procedures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Our technical security measures to prevent unauthorized access include encryption in the transmission and storage of data, limits on access through use of passwords, and storage of data on secure servers or computers.
Staff access to personal data: We permit only authorized Libraries staff with assigned confidential passwords to access personal data stored in the Libraries computer system for the purpose of performing library work. We will not disclose any personal data we collect from you to any other party except where required by law. The Libraries do not sell or lease users' personal information to companies, universities, or individuals.
5. Enforcement & Redress
All Libraries staff and volunteers refer law enforcement inquiries to Libraries administrators. We confer with the Rutgers University Office of the Senior Vice President and General Counsel before determining the proper response. We will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction that shows good cause and is in proper form.
Approved by the University Librarian’s Cabinet, October 19, 2010