Minutes of October 28, 2009 Meeting

Tom Frusciano, Nancy Kranich, Cathy Pecoraro, Chris Sterback (problems were experienced with the meeting announcement)
  1. RUL privacy practices
    Meeting attendees discussed a number of privacy-related practices.
    1. The existence of surveillance cameras in work areas
      1. How often does security check recordings from these cameras and how long are recordings stored?
      2. A subsequent query to the RU Security Manager by Chris Sterback resulted in a response that camera surveillance footage is not considered PII. The Task Force will discuss further. See: ALA Questions and Answers on Privacy and Confidentiality (scroll down near bottom), http://www.ala.org/ala/aboutala/offices/oif/statementspols/statementsif/interpretations/questionsanswers.cfm
    2. Archival materials stored in the Annex
      1. Anyone working with records is required to sign a Notice of Confidentiality Statement (Tom Frusiano has shared a copy)
      2. University Archives stages projects in the Annex. Some of the records contain PII-formerly included social security numbers in many documents. Inactive personnel records are released for public use after 75 years.
      3. Access to the Annex Archives is controlled through a security system.
      4. Most RU units have prepared record schedules that are posted on the Record Management website.
      5. Students help shred documents.
    3. Archival and Special Collections Reading Room
      1. Users sign paper registration form with name, address, affiliation, e-mail address. These registration records are recorded into a local database maintained by Special Collections. Unsure where the database is stored and how it is backed up.
      2. Users fill out a call slip for items not on open shelves-the forms are in triplicate and include name, date, call #, sublocation, author and title.
      3. Manuscripts and rare books are tracked through separate forms that record item and person.
      4. Length of retention? Kept for statistical purposes.
      5. Donor information maintained in a database that is not publicly accessible. 5 levels of access are authorized by the University Archivist. The database is secured and backed up by Systems.
    4. 3rd Party databases
      1. Cathy Pecararo brought copies of privacy policies from several of the 3rd Party database subscriptions. When users request an article through e-mail or put in PII for other purposed relative to searches, the vendors often reserve the right to share aggregated demographic information to their partners, advertisers and others.
      2. The Task Force will take a closer look at 3rd party database privacy policies. Most are posted on vendor websites.
  2. Issues for Upcoming Meetings
    1. SCC Activities
      1. RUCore, e-Dissertations-management of PII
    2. 3rd Party Databases--Personal sign ons for databases
    3. Video Surveillance
  3. Assignments for Task Force Members
    1. Audit existing privacy practices. Update Matrix for your areas-available on Sakai site. In order to ensure that everyone's revisions are on the same document, be sure that you are using the most recent version posted to the site (note the last modified date when you download and when you upload).
    2. Nancy will schedule visits with Special Collections/Archives; the Annex; SCC; and Systems.
    3. Review revisions to Sections 1-3 of draft Privacy Policy and be prepared to discuss Sections 4-5.
  4. Upcoming Meetings:
    1. Wednesday, November 18, 2:00 - 4:00 pm, McDonnell Room
    2. Wednesday, December 16, 2:00 - 4:00 pm, McDonnell Room
  5. Future Steps
    1. Complete a Rutgers University Libraries Privacy Policy, consistent with federal and state law, Rutgers University policy and practice, intellectual freedom principles, and best practices at other academic libraries.
    2. Develop an RUL website privacy statement.
    3. Clarify, document, and distribute existing and forthcoming procedures for dealing with requests for personally identifiable information (PII).
    4. Plan for a regular privacy audit to ensure RUL privacy practices are consistent with policy.
    5. Develop training materials and programs that apprise RUL staff and users about privacy concerns and practices.
    6. Provide a tutorial on privacy to the whole RUL staff similar to the one provided by Nancy Kranich.
    7. Establish a university-wide network of individuals who deal with privacy-related issues that affect library programs and services.

URL: http://www.libraries.rutgers.edu/rul/staff/groups/privacy_tf/minutes/privacy_tf_09_10_28.shtml
Website Feedback  |  Privacy Policy
© Copyright 1997-, Rutgers University Libraries