RAQs: Recently Asked Questions

Topic: Conflict of interest from legal proceedings - 06/23/2021
I serve on the board of an association library. My family has to consider legal proceedings aga...
Posted: Wednesday, June 23, 2021 Permalink

MEMBER QUESTION

I serve on the board of an association library.

My family has to consider legal proceedings against a school district that provides funds to the library through a public vote (as required by law, when the District puts the ballot out, the amount for the library is separate). Would my personal legal proceedings pose a "conflict of interest" with my position as a trustee? Is there any foreseeable conflict?

WNYLRC ATTORNEY'S RESPONSE

Before I answer, I would like to thank this unnamed trustee for bringing forward this important issue.  Dealing with personal legal matters is rarely easy; remembering to factor in consideration of one's volunteer obligations at the same time is impressive.

On its surface, this question is a fairly simple exercise:[1] does the status of a library trustee as a plaintiff against the district supporting the library create a "conflict of interest" that would violate the library's bylaws, ethics, or the Not-for-Profit Corporation Law ("NFPCL")?

To address that question, one must first understand what is meant by a "conflict of interest."

The concept “conflict of interest” sounds simple, but often quickly gets, as they say these days, “complicated.”

Why is that?  For a library,[2]  the concept of a "conflict of interest" could consist of layered elements like the petals of one, single (but complex) rose...or it could be a complex, multi-variety bouquet.

What can comprise this bouquet?

Let's start with the rose.

Section 715-a of the NFPCL requires every charitable corporation in New York (a category that includes most libraries), to adopt and enforce a policy "to ensure that its directors, officers and key persons act in the corporation's best interest and comply with applicable legal requirements, including but not limited to the requirements set forth in section seven hundred fifteen of [the NFPCL]."

Let's peel back the petals on this first thorny flower.  In one sentence, 715-a lists a broad expectation (acting in "the corporation's best interest"), a broad mandate ("comply with legal requirements"), and one very specific law to follow (NPFCL 715, which bars "related party transactions").[3]

Let's take that last petal first.  What is a "related party transaction?"

According to the NFPCL's "Definitions" section, a "related party transaction" means "any transaction, agreement or any other arrangement in which a related party[4] has a financial interest and in which the corporation or any affiliate of the corporation[5] is a participant..."

Based on the information provided, the trustee submitting the question is not in a "related party transaction".  The suit is not against the library, and in this scenario, the district who will be named in the suit is not an "affiliate" of the library.  Since the district is required to put the tax vote on the ballot (the school board has no control over this; it has to put the ballot up as proposed by the library board), the act of using the district to float the vote to the public does not create a relationship that could serve as the basis of a conflict.

Let's take the middle petal: "legal requirements?"  Is there any "legal requirement" that a trustee not bring an unrelated legal action against a school district who facilitates a library budget vote?  No.[6]

And finally, that first, most fraught petal: "the corporation's best interest?" --We're going to leave that for last.

What other “blooms” could join, and affect, this "conflict of interest" bouquet?

  • The library' bylaws
  • The library's customized "Conflict of Interest" policy[7]
  • An association library's trustee oath of office[8]
  • A grant or other contractual obligation that creates a temporary definition of a conflict
  • The library's strategic plan, or other planning document that would create a conflict as defined by law, bylaw, or policy.[9]

Fortunately, no matter how many blossoms in the "conflict of interest" bouquet, the law requires that when the possibility of a conflict arises, it is the board--not the individual trustee--who must assess it.

The NFPCL does that by requiring a board to pass a conflict of interest policy that:

 ...include[s], at a minimum, the following provisions:

  (1) a definition of the circumstances that constitute a conflict of interest;

  (2) procedures for disclosing a conflict of interest or possible conflict of interest to the board or to a committee of the board, and procedures for the board or committee to determine whether a conflict exists;

  (3) a requirement that the person with the conflict of interest not be present at or participate in board or committee deliberation or vote on the matter giving rise to such conflict, provided that nothing in this section shall prohibit the board or a committee from requesting that the person with the conflict of interest present information as background or answer questions at a committee or board meeting prior to the commencement of deliberations or voting relating thereto;

  (4) a prohibition against any attempt by the person with the conflict to influence improperly the deliberation or voting on the matter giving rise to such conflict;

  (5) a requirement that the existence and resolution of the conflict be documented in the corporation's records, including in the minutes of any meeting at which the conflict was discussed or voted upon....
  

So, at the end of the day, no matter how large the "conflict of Interest" bouquet, it is the board, as a whole, who has to sniff out a problem.[10]

In this case, the rub is in that first petal: the requirement that a trustee always act "in the corporation's best interest."

At the surface, there is no conflict whatsoever in this scenario: the school district is not a partner or contractor with the library, and the school board has no discretion about whether or not to put the library's budget on the ballot (they must put it exactly as the library board requests it).[11] Therefore, even if the contemplated lawsuit by the trustee is not taken kindly by the school district's board, there can be no direct negative impact.

Now, however, for a pragmatic answer: in a world where everything is political, and library budgets all the more so, could an adversarial relationship between an individual library trustee and a school district board be in something other than "in the best interest" of the library?

That consideration--and its answer--is not a legal issue.  In this scenario, there is nothing that violates the law, and I have never seen an oath of office, nor a bylaws provision, that would bar trustee service under such circumstances.  Further, as discussed above, even if the school board takes umbrage, they would be powerless to block the requested ballot item.

However, there is a "soft" consideration here that goes beyond the law.  I categorize these types of concerns not as "legal" issues, but that dreaded concept: "diplomacy."

When it comes to "diplomacy"...could members of a community, including an individual school board member in their individual capacity, decide to take a dim view of a library trustee who is suing their district, and try to punish the library?  They shouldn't, but as individuals, speaking just for themselves, they could...they absolutely could.  And even though their negative actions couldn't block the budget vote, it could influence a vote in non-official ways.

That said, the possibility of such personal vengeance in no way creates a legal conflict of interest.  So, for the reasons set forth above, a board doing an assessment of this situation--unless their policy specifically includes a unique definition or example that bars trustees sowing bad PR, even incidentally--would likely not determine that it constitutes a forbidden conflict.

Of course, a trustee may decide that they have enough on their plate, just being a plaintiff in a stressful lawsuit, and resign to avoid the (real or possible) stress of the situation.  Or the board and trustee may engage in some practical "risk management" and mutually agree that, given a high likelihood it could impact the board-to-board relationship, it is best if the trustee steps down for a time.  But such an option would not be required by law and would be based on pragmatism...and it could only be effected with the consent of the trustee.

And THAT is my answer to this very important question. 

I wish the trustee who posed it both 1) a thoughtful and supportive library board, and 2) a school board with the ability to maturely and completely compartmentalize legal issues from diplomatic ones.

Thank you.

  

 



[1] For purposes of this question, we'll assume that the only "support" the district provides to the library is the budget ballot (there is no MOU or even informal agreement for other assistance, like overflow parking, or hosting the annual fund-raiser).

[2] Public or association, in this case.

[3] There is no case law that picks apart how the commas in the sentence impact the interpretation and inter-relation of its required elements; that would be a dream case of mine (not that I wish the need to make that argument on any client of mine).

[4] "Related party" means (i) any director, officer or key person of the corporation or any affiliate of the corporation; (ii) any relative of any individual described in clause (i) of this subparagraph; or (iii) any entity in which any individual described in clauses (i) and (ii) of this subparagraph has a thirty-five percent or greater ownership or beneficial interest or, in the case of a partnership or professional corporation, a direct or indirect ownership interest in excess of five percent. "Relative" of an individual means (i) his or her spouse or domestic partner as defined in section twenty-nine hundred ninety-four-a of the public health law; (ii) his or her ancestors, brothers and sisters (whether whole or half blood), children (whether natural or adopted), grandchildren, great-grandchildren; or (iii) the spouse or domestic partner of his or her brothers, sisters, children, grandchildren, and great-grandchildren.

[5] In this case, the "corporation" is the library.

[6] I have not read every law passed in New York State, but I am willing to go out on a limb for this one.

[7] As you can see in the NFPCL, not-for-profit corporations have the right to define their own notion of "conflict," so long as the policy meets the requirements of the law.

[8] Only an association library might need to consider this, since the oath required of public libraries does not add to the obligation to be free of conflicts of interest (although it does undergird it).

[9] For instance, if the strategic plan called for the library to enter into a contract with the district in the future.

[10] That's right. The next time your board has to assess if the board chair's cousin getting the winning bid to the parking lot resurfacing job is a conflict, just envision being handed a fragrant mass of lilies and roses!

[11] Education law Section 259, found at https://www.nysenate.gov/legislation/laws/EDN/259.

Tags: Association Libraries, Board of Trustees, Ethics, Policy

Topic: Security Surveillance Cameras - 05/06/2021
We are a municipal library and the building is owned by the county. The county will be installing ...
Posted: Thursday, May 6, 2021 Permalink

MEMBER QUESTION

We are a municipal library and the building is owned by the county. The county will be installing security cameras outside the library in multiple locations for safety reasons. These cameras will not be regularly monitored unless there is a reason to consult them. We will not be viewing the footage per a patron’s request. They will be maintained by our county facilities staff and consulted only in cases where a criminal act was committed.


I have two questions related to this.

1. What type of permanent notification do we need to post about the use of cameras?

 2. What major points do we need to ensure we include in our privacy policy?

WNYLRC ATTORNEY'S RESPONSE

Many libraries, for a variety of good reasons, have security cameras.  Some libraries control those recording systems; others do not.  But no matter how they get there, when cameras are in a library, the questions posed by the member are critical.

Here is why: every library in the State of New York is bound by ethics and law to safeguard patron privacy.  Those obligations start with the ethics of the American Library Association[1] and the New York Library Association,[2] assuring patron privacy; these ethics find legal teeth in New York Civil Practice Law and Rules[3] and the Public Officer's Law.[4]

At the local level, patron privacy is often reinforced in a library's ethics statement, bylaws, and policies.  The practical duties of patron privacy are found in job descriptions (particularly of directors and IT professionals), and in membership terms between libraries and systems.  And it is part of every new employees' on-boarding.[5]

Because librarians and library leadership are so aware of this privacy obligation, and because assurance of patron privacy is a key component of information access, protecting patron privacy is often referred to in the library community as nigh-unto-sacred duty. So sacred, in fact, that I have met more than one librarian willing to go toe-to-toe with law enforcement seeking unauthorized access to patron data.[6]

While it takes a certain type of gumption to stand up to law enforcement, it takes another type (equally critical, but not as concentratedly defiant) of gumption to think about patron privacy in the context of software, landlords, and security cameras.  One takes a willingness to take a stand in the moment.  The other takes a willingness to think about details, to leave nothing to chance, and to ask a lot of very specific, very persistent questions.[7]

Both of these types of gumption are critical to the modern librarian, but only one gives you an easily dramatic answer to the question "how was your day?"

We'll leave the dramatic aspect of this for another time.[8]  Below, please find a boring--but vital-- checklist of steps and language to help a library answer the questions posed by the member, when a landlord is using cameras trained on library premises:

Step 1: Assess what the library's lease says about security and use of cameras

For libraries with landlords (remember, your library has a landlord even if you only pay a token amount of rent,[9]) it is important to have a written lease. 

Why?  Because, among other critical things,[10] that lease can provide clarity about who provides the on-site security (including a camera system) and set the stage for how the landlord and the tenant will manage security-related details.

In this case, the member has clarified that the security system will be controlled by the municipal (county) landlord.  Here are the details posited by the member:

These cameras will not be regularly monitored unless there is a reason to consult them. We will not be viewing the footage per a patron’s request. They will be maintained by our county facilities staff and consulted only in cases where a criminal act was committed.

These details, upon which the library will base its own actions, should be confirmed in the lease.  Such confirmation should include, whenever possible, a marked survey or map of the property, showing the limits of the camera's line of sight.

Step 2:  Assess if the lease terms and security camera arrangements promote the privacy commitments of the library

Just a note: while a municipality may procure and install a camera system with the intent to only monitor it "in the event of alleged criminal activity," in my experience, there is no way to enforce such a restriction, and some risk that the use of the cameras could change over time.

For instance:

  • The recordings could be subject to disclosure under the Freedom of Information law;
  • The recordings could be accessed via subpoena in the event of an alleged personal injury or other civil claim;
  • The temptation for a town, city, or county to use the recordings internally (even for something as innocent as using them to check if a snowplow crew did a good job, or if a worker is arriving on time) might be hard to resist.

A library can't control this.  That said, when a camera system is installed, a library can request assurance that the municipality's internal policy, governing the cameras, include language:

  • Alerting the users of the system to the sensitivity of patron records at a library;
  • Confirming that the footage showing people entering and leaving the library is not regarded as a "library record" by either party; and
  • Confirm that under no circumstances should the security cameras enable recording of information reflecting patron use of services.[11]

Once a library performs these two steps, it can answer the member's two questions:

First question: What type of permanent notification do we need to post about the use of cameras?

Once the library has written assurance that the landlord's use of recording technology will not result in the creation or disclosure of a library record, it is up to the director and board if, or how, your library should alert the community.

Personally, as a patron, I would appreciate a "courtesy notice" such as: "Your library records are confidential.  Please know that while our landlord has security cameras in [ZONES], the library does not allow recording that could impact patron privacy inside the building."[12]

OR (if the library makes use of its own security cameras): "Your library records are confidential.  Please know that our landlord has security cameras in [ZONES] and may use those for security purposes, but any security camera record maintained by the Library that shows use of library services is considered confidential and is used for library purposes only."

Second question: What major points do we need to ensure we include in our privacy policy?

The privacy policy of the library, or in the alternative, the minutes of the board, should reflect the details and privacy safeguards confirmed through the two-step analysis above. 

For instance, after the analysis is done, the board can note in the minutes: "Regarding the landlord's use of outside security cameras: As of DATE, the Library's landlord, NAME, will have security cameras observing certain outdoor areas, including library property.  The Library has verified that its lease, and the landlord's internal policy, prevent the landlord's security cameras from generating or disclosing confidential library records.  The public will be notified as to where the cameras are recording, and that such recordings are not confidential library records."

I appreciate that this review/confirm process can be a bit clunky.  However, it is also an opportunity to alert a critical partner (a landlord, and sponsoring municipality) to the importance of library-patron confidentiality, and to assure the public that privacy is a priority.  By seizing the moment to confirm that privacy is being properly considered and enforced, a library not only assures its ethics and legal compliance, but can create an ally in that eternal (and important) fight.[13]

I hope this approach is helpful.

 



[2] As found in the NYLA Code of Ethics: " III. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted."

[3] CPLR 4509 states: “Library records, which contain names or other personally identifying details regarding the users ...including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute.”

[5] If it's not, it should be.

[6] You guys are so cool when you do that.

[7] Like the member is, here.

[8] Actually, we address it here: https://www.wnylrc.org/ask-the-lawyer/raqs/26.

[9] Generally, this token rent is placed at $1/year.  Just once it would be fun to see a more random number, like $1.26/year.

[10] Such as insurance, hours of operation, emergency procedures, notification in the event of injury, protocol for repairs, capital improvements, etc...  For more commentary on this, see https://www.wnylrc.org/ask-the-lawyer/raqs/166 about having any MOU with a sponsoring municipal entity.

[11] If security cameras are aimed at a curbside pick-up location, the library should consider if the recording is a library record.

[12] Forbidding recording in a public library is a controversial topic, I know.  This language is written to address recording that can impact patron privacy.

[13] Hey, I managed to make careful attention to minutia sound dramatic!

 

Tags: Ethics, Municipal Libraries, Privacy, Law enforcement, Surveillance

Topic: Background checks and fingerprinting for new employees - 04/07/2021
My questions involve background checks for potential new employees, fingerprinting, developing pol...
Posted: Wednesday, April 7, 2021 Permalink

MEMBER QUESTION

My questions involve background checks for potential new employees, fingerprinting, developing policies, procedures, and best practices.

Do background checks, fingerprinting, etc., need to be done for all positions? Does it need to be posted in the job advertisement that there will be a background check for the successful candidate or all finalist applicants? Can the background check need to include a financial check and a legal check?

And tangentially, am I correct in my assumption library staff are not considered mandated reporters? Are there guidelines for this as well.

WNYLRC ATTORNEY'S RESPONSE

This...is a big question.  It's only three short paragraphs.  But it's BIG.

It's "BIG" because the risks of getting this topic wrong are immense--from not only the obvious risks involving legal concerns, but risks involving ethics, privacy, and the goal at the heart of the issue: safety.

It's also BIG because the phrase "background check" is not tied to a precise or static definition.  When someone says "background check" in the context of employment, here are just a few of the things it could mean:

  • Criminal background check
  • Credit check
  • Military service separation check (form "DD 214")
  • Motor Vehicle Records ("MVR") check
  • Transcript and education records check (including student disciplinary records)
  • Licensing/professional oversight body (medical board, bar association, etc.) check/confirmation of good standing
  • Civil litigation history review
  • Reference check
  • Previous employment verification
  • Social media/publications check

Each of these "checks" comes with a wide array of legal requirements--or typical legal cautions--governing its use.

For instance:

  • A criminal background check should only be used by an organization if it has an up-to-date "Criminal Background Check Policy," because in the state of New York, denying employment based on a criminal conviction requires the employer to do a precise analysis (of which the denied applicant can request a copy).[1]
  • A credit check should only be used by an organization if it has an up-to-date "Credit Check Policy" to ensure the regulations in the Fair Credit Reporting Act ("FCRA") are being followed.[2]
  • A MVR should only be used by an organization if it has an up-to-date "MVR Check Policy" that clearly sets out the types of moving violations and other records that would flag a basis for non-employment.[3]

For all types of checks, the institution using them should have a clear policy governing what jobs require them, and how such records are evaluated, maintained, and disposed of.

And finally: when developing, implementing, and routinely using any type of background check policy, an organization is wise to take care that it is not incorporating factors that can be shown to disproportionately negatively impact (i.e., discriminate against) a particular category of applicant.   

Okay, with all that off my chest, let's answer the actual questions.

First question:

Do background checks, fingerprinting, etc., need to be done for all positions?

The degree to which background checks and documentation of identity must be performed are governed by two things: what is legally required, and what the risk management practices of an institution dictate. 

These two factors mean that practices will vary from place-to-place.  A librarian working within a public school district in the state of New York will be subject to a criminal background check and must be fingerprinted[4] just as any other regular employee within their district. A librarian at a public or association library is not required by law to have a criminal background check, nor to be fingerprinted,[5] but an institution could decide, for risk management purposes, that a position requires that level of scrutiny for safety and security.  

Second question:

Does it need to be posted in the job advertisement that there will be a background check for the successful candidate or all finalist applicants?

There is no requirement in the law that a job advertisement has to disclose a background check in the job advertisement.  However, prior to obtaining and using any information from a third party whose business it is to provide background information, an employer must notify an applicant; this notice must be in writing and in a stand-alone format.  Further, before a negative decision is made based on such information, it must be disclosed to the applicant.  A good resource on this is the Federal Trade Commission,[6] but the third party provider, if they are a true professional, will provide the forms for each of these steps.

Now all that being said, it may be that some local hiring procedures or collective bargaining agreements require the disclosure of background checks in a job notice.  Further, some employers may want to disclose their intent to use a background check to avoid surprising candidates further into the process.  There is no bar to making such an early disclosure, but if given, such notices should be carefully drafted to avoid implying that those with arrests or criminal convictions[7] will not be considered for the position.

Third question:

Can the background check need to include a financial check and a legal check?

Yes, absolutely. A background check can include a credit check, a search for liens and other debt instruments, a review of criminal history, a consideration of driving record, and any combination of the items I listed at the top of this reply.  Just be careful: if your library or system relies on a third party to supply that information, it must follow the guidance from the Federal Trade Commission (see that link in footnote 6).

Okay, at this point, I have to re-emphasize: before using any type of check, a library should have a policy covering that type of check, and that policy should cover all check-specific legal compliance, as well as: when the check is conducted, how it is conducted, how the information is used, and how the documents related to it are disposed of/retained. [8]

When developing such a policy, a good rule of thumb for an institution considering any type of background check is to be able to clearly answer the question: "Why are we doing this check?"  While the reasons will vary, the answer should always relate to the essential functions listed in the job description, and the nature of your library.

For instance: if a position will create opportunities for a person to spend unsupervised time with vulnerable populations, a criminal background check and rigorous prior employer check is wise.  If a position requires a particular credential, verification of that credential makes sense.  And if you are hiring someone who will frequently have to drive the bookmobile, a motor vehicle records check is almost always imperative.

On the flip side: if a person is being hired for a job that doesn't require driving, a "current driver's license" should not be required. If a person will never have access to financial information or fiscal resources, a credit check is likely not necessary. And if a would-be library clerk has a DWI that is 20 years old--and no other criminal history--it is likely the conviction is not a basis to eliminate them from consideration.

Last question (and it's another biggie):

And tangentially, am I correct in my assumption library staff are not considered mandated reporters? Are there guidelines for this as well?

"Mandated reporters" is a legal term under Section 413 of the NY Social Services Law.  Professionals listed in that section are required to make a report when they:

 "...have reasonable cause to suspect that a child coming before them in their professional or official capacity is an abused or maltreated child, [OR] when they have reasonable cause to suspect that a child is an abused or maltreated child where the parent, guardian, custodian or other person legally responsible for such child comes before them in their professional or official capacity and states from personal knowledge facts, conditions or circumstances which, if correct, would render the child an abused or maltreated child."[9]

I have placed a list of the "Mandated Reporters" set by Section 413 below this answer. As you can see by reviewing the (long) list, library employees (unless their function also fits into one of the categories listed in 413) are NOT Mandated Reporters.

Of course, a library--or an institution that hosts a library--can decide and enforce via policy that its employees have an affirmative duty to report observed or suspected child abuse (or any abuse) that occurs on their property or in their programs.  Many insurance carriers actually require their insureds to have such a policy.[10]

[NOTE: If an employer has any type of "report abuse" policy, employees should be trained on how to make such reports no less than annually.  The average person can have a trauma response to witnessing abuse, which can impact their ability to report it, as well as negatively affect their well-being.  Routine training on how to recognize and report concerns, and experienced support for reporters, can help with this.]

Thank you for an important series of questions.

 

List of "Mandated Reporters" under Section 413 of the Social Services Law (also called "human services professionals[11]"):

...any physician; registered physician assistant; surgeon; medical examiner; coroner; dentist; dental hygienist; osteopath; optometrist; chiropractor; podiatrist; resident; intern; psychologist; registered nurse; social worker; emergency medical technician; licensed creative arts therapist; licensed marriage and family therapist; licensed mental health counselor; licensed psychoanalyst; licensed behavior analyst; certified behavior analyst assistant; hospital personnel engaged in the admission, examination, care or treatment of persons; a Christian Science practitioner; school official, which includes but is not limited to school teacher, school guidance counselor, school psychologist, school social worker, school nurse, school administrator or other school personnel required to hold a teaching or administrative license or certificate; full or part-time compensated school employee required to hold a temporary coaching license or professional coaching certificate; social services worker; employee of a publicly-funded emergency shelter for families with children; director of a children’s overnight camp, summer day camp or traveling summer day camp, as such camps are defined in section thirteen hundred ninety-two of the public health law; day care center worker; school-age child care worker; provider of family or group family day care; employee or volunteer in a residential care facility for children that is licensed, certified or operated by the office of children and family services; or any other child care or foster care worker; mental health professional; substance abuse counselor; alcoholism counselor; all persons credentialed by the office of alcoholism and substance abuse services; employees, who are expected to have regular and substantial contact with children, of a health home or health home care management agency contracting with a health home as designated by the department of health and authorized under section three hundred sixty-five-l of this chapter or such employees who provide home and community based services under a demonstration program pursuant to section eleven hundred fifteen of the federal social security act who are expected to have regular and substantial contact with children; peace officer; police officer; district attorney or assistant district attorney; investigator employed in the office of a district attorney; or other law enforcement official.

 



[1] This is why the phrase "Must have no criminal history" or the like must not be included on a job notice.  For more information on this, visit https://dhr.ny.gov/protections-people-arrest-and-conviction-records.

[2] More info on this further into the answer.

[3] For some employers, this criteria is set by the provider of the organizations’ automobile and/or general liability insurance; this is especially true for organizations that use "company" vehicles.

[5] Unless there is a very obscure local law I have been unable to find.  If you are aware of one, please email me at adams@losapllc.com.

[7] Or other categories protected by law.

[8] That's right: I put that in italics, bold, and underlined it!  An "Ask the Lawyer" first.  No organization should ever "wing" a background check--of any kind.  There is too much at stake.

[9] I know, there is a lot of room for interpretation in this language; when in doubt, seek guidance.

[10] I think of this as the "Penn State Victims Requirement."

[11] 18 NYCRR § 433.2

 

Tags: Employee Rights, Ethics, Hiring Practices, Management, Policy, Privacy, Safety, Risk Management

Topic: Online posting of area drone pictures - 02/23/2021
One of our member libraries has asked me the following question: "We'd like to create ...
Posted: Tuesday, February 23, 2021 Permalink

MEMBER QUESTION

One of our member libraries has asked me the following question:

"We'd like to create an online catalog of drone pictures of our area. What do we need to consider? We know people are posting these pictures on Facebook, and we'd like to request permission to collect them all in a catalog on our website. Please let me know any technical issues or legalities we need to keep in mind. I think it's a good idea, but I don't know exactly how to implement it."

Are drone pictures copyright free as they are in other people's properties and cover large areas? Is it legal to post drone pictures without permission?

Thanks for any thoughts on this topic!

WNYLRC ATTORNEY'S RESPONSE

This is a cool idea—aggregating and cataloging drone shots.   Someone fifty years from now will be very, very grateful for that type of work!

But as the member points out, there could be some technical or legal issues, namely: copyright, privacy, and security.  How does the library make sure none of those concerns negatively impact the project?

Let's take those in order.

Legal Concern: Copyright

This one is pretty simple: with one exception, the copyrights to pictures taken by a drone are owned by the operator(s) of the camera, who usually (but not always) is the same person/people flying the drone.  They are never the property of the area photographed (unless the property owner is also the photographer).

What is the "one exception" to that ownership?  If the photographer is taking the drone images as part of their regular job,[1] the copyright will belong to their employer (for example: if the drone shot was taken by the photographer to illustrate a story in a newspaper).[2]

Once the library establishes the copyright owner, the only copyright-related impediment to including the images in the catalog would be if the owner had sold the copyright, or given someone else "an exclusive license," since that would mean they could no longer license the images to your library.  Other than those complications, with the right agreement,[3] permission and use should be simple.

 

Legal Concern: Privacy & Security

The "copyright" section, above, is fairly simple.  Things are a bit more complex when it comes to privacy and security.

There is a huge array of drone-shot content that I could see risking a violation of privacy or a threat to security.  Here are the most common I could rattle off at a cocktail party:

  • The risk of the images being the result of "Unlawful Surveillance,"[4] which is an “E” Felony in the state of New York.  "Unlawful Surveillance” is (among other things) taking a picture of a person dressing (or undressing) in a place where that person has a “reasonable expectation of privacy” (and they haven't agreed to pose for the picture);[5]
  • The risk of the images being a violation of a person's "right of publicity,"[6] which is using someone's image for commercial purposes without their written authorization.  For instance, if the images were found on a site where they were being used for a commercial purpose.
  • The risk of the images being the result of, or evidence of, trespass, harassment, and other criminal law violations that could result from a person deploying a drone over a residence, business, or area near an airport.

In addition to my "rattle it off" list, I did some research.  If we leave out the restrictions of reconnaissance and targeting drones, there is one other drone-related “no-no” to be wary of:

  • The risk that the images are the result of harassing sea otters.[7]

In most of these concerns, it is not the act of including the images in the catalog that would be the legal issue--but rather, that the images themselves could be proof of a legal violation.  We’ll address that more in the last section.

 

Legal Concern: FAA-restricted Areas

The Federal Aviation Administration’s rules for academic, hobbyist and other forms of non-military drone use are here:

https://www.faa.gov/uas/public_safety_gov/media/FAA_UAS-PO_LEA_Guidance.pdf

I won't re-hash them, but the FAA does not bar taking pictures—just flying at certain locations and times.[8]  However, all operators--whether hobbyists or professionals--have to avoid certain areas at certain times. 

The FAA maintains a list of those areas, as well as a list of designated recreational UAS flight zones, available here:

https://www.faa.gov/uas/recreational_fliers/where_can_i_fly/airspace_restrictions/

This was so cool, I looked up my part of the state:

FAA UAS Data Map of Western New York.

And now I know where not to fly the drone I don’t own.

 

Sample License for Use of Drone Pictures

Once you have confirmed that any drone shots your library would like to use are not: the result of or evidence of a crime, taken in forbidden air space,[9] or otter harassment, here is a sample license for securing permission to include them in an online catalog:

 

IRREVOCABLE, NON-EXCLUSIVE LICENSE

[NAME] ("Photographer"), an individual residing at [ADDRESS], and at least 18 years of age, hereby gives the [NAME LIBRARY] (the "Library") an irrevocable, non-exclusive, transferable license to use an image entitled [TITLE], a copy of which is attached hereto as "A" (the "Image"). The permission to use the Image includes unlimited use in any format now existing or later developed.

Photographer represents and warrants that the Image is their original work and that to the best of their ability to determine the rights of no individual or entity were violated by the creation of the Image.

In consideration of the rights granted herein, Library shall at all times credit Photographer with authorship and ownership of the photo as follows: This image is © [NAME], [YEAR], and is used by the [NAME LIBRARY] with permission from the photographer, who may be reached at [email address].

 

Signed by Photographer: _________________________.

 

Signed on behalf of the Library: ___________________________.

 

A Final Word on Getting "Permission"

This question was pre-packaged to consider issues of permission/legal concern related to images generated via drone, so I have structured it to give primary consideration of those issues.

However, I would be remiss if I didn't stress that when assembling an archive or image collection, worries about permission shouldn't always be a threshold consideration.

Why is that?  If a library or archive crafts the parameters of an image catalog around the purpose of that catalog—around why it is important to gather a certain type of content, within a certain range of criteria—permission might not even be necessary. 

Concerns about permission and legality should not prevent the assembly of a resource that has academic, documentary, or investigative value.[10]  And the more a collection or archive is shaped as a documentary, academic, or investigatory endeavor, the less the subject matter and content can pose legal concerns...or rather, the more protections[11] the project will be able to avail itself of.

Taking advantage of those exemptions starts with having a very clear scope for your project, a written set of ethics, and a statement of purpose for the endeavor. [12]

My takeaway in this final part of the answer?   If your project is of academic, historical, or social value, don't let lack of permission be a roadblock.  Instead, just like the member does in this question, set up a clear scope for your project, and then tackle any reservations head-on.  This will lay the groundwork for a strong archive or catalog.

 

Posterity will thank you.



[1] Head Photographer at "Drone Shot Weekly?"

[2] Here is the FAA guidance on media use of drones for newsgathering: https://www.faa.gov/about/office_org/headquarters_offices/agc/practice_areas/regulations/interpretations/Data/interps/2015/Williams-AFS-80%20-%20(2015)%20Legal%20Interpretation.pdf.  It’s interesting: even if using a small drone, such use doesn’t qualify for the “hobby” exception, and the drone should be registered.

[3] Do you need the “right agreement?” See the section of the answer called "Sample Agreement" for an example.

[4] NY Penal Law 250.45

[5] JUST TO BE CLEAR: I have 100% confidence that if a library comes across a creeper nude drone shot, they will not include it in an online catalog!  I am just being thorough.

[6] New York Civil Rights Law Section 50.

[7] Per 50 CFR 18.137: "Unmanned aerial systems or drones must not cause take by harassment of sea otters. Measures for avoidance of take may be required in an LOA, and may include maintaining a minimum altitude and horizontal distance no less than 100 m away from otters, conducting continuous visual monitoring by PSOs, and ceasing activities in response to sea otter behaviors indicating any reaction to drones."

[8] Thank you, THANK YOU to the member who sent this question.  Because of you, I got to read the FAA's guidance to local law enforcement for drone-related incidents, which includes this practical guidance "NOTE: Battery life is typically 20 to 30 minutes." 

[9] By the way, it might not be precisely forbidden for your library to post such images, just as a newspaper or academic publisher might reproduce them for purposes of news or scholarship.  But since those categories come with some higher risks (particularly of being told to cease and desist), it is wise to consider consistency with the purpose and ethics of your archive before including them.

[10] I am not saying to not consider them...just don't let them be project-killers.

[11] Such as fair use, journalism privileges, and recognition of the non-commercial nature of the use.

[12] Links to further "Ask the "Lawyer" content on this specific consideration (ethics as a key component to rock-solid archives) are here: https://www.wnylrc.org/ask-the-lawyer/raqs/172 and https://www.wnylrc.org/ask-the-lawyer/raqs/178.

Tags: Archives, Copyright, Ethics, Laws, Privacy, Property

Topic: Archiving images of minors in organizational online collections - 10/22/2020
Our archive was part of a regional project to initiate, scan, and make available church records fr...
Posted: Thursday, October 22, 2020 Permalink

MEMBER QUESTION

Our archive was part of a regional project to initiate, scan, and make available church records from predominantly African American churches within a city. As part of this project, student/graduate assistants went to the particular churches, scanned the historical records as digital files, and provided those files to [our archive] for public access.

My question is in regards to photographs taken of minors and the restrictions for retention and online display. I would not have selected those particular items for retention, but because I was not on-site during the scanning, I have the files as part of the larger record (church programs, organizational records, committees, etc.). We have signed permissions from the church administration for online access and display of their records. In some cases the photographs are from over 20-40 years ago, in some cases they're much more recent. They're taken at private church events, Sunday school classes/activities, and public events--some as part of photo albums and some as individual files.

I'm struggling with how to treat these photographs and any associated records when I know they display minors. Any advice or direction would be greatly appreciated.

WNYLRC ATTORNEY'S RESPONSE

This question is at the vertex of the law and ethics.  What an institution may be positioned to do with archival images legally might not be what our society demands ethically.  And if the issue impacts real people with real feelings, this conflict can lead to legal claims—regardless of solid footing based on precedent and the law.[1]

When it comes to images of children, who can't legally consent to the use of their images, the ethical issues arising from agency, respect, and self-determination are all the more critical.

The member clearly knows this, and is seeking a direction for assessing how to access, catalog, and use them—if at all. The law is often too blunt an instrument to assess ethical questions, but in this case, I believe the legal steps for assessing the use of such such images can provide a framework for the deeper assessment of the ethical considerations[2] .

Below, I will list the "legal" steps an attorney considers when reviewing a museum or archive's acquisition, but focus on the ethical considerations connected to those factors, especially with regard to use of images of children.

1.  Ownership of the Physical Object

This stage is where an institution looks at the provenance of the object and, if that physical object is to be transferred to the institution, addresses the legal priority of making sure the title is "clear."

Ethical considerations: How did the physical object come into existence?  Was the creator a member of the community being documented, an academic, a journalist, or an "outsider?"  Does it appear that parents or guardians were present?  What was the original purpose of the object?  Does any of that information suggest coercion, exploitation, or invasion of privacy?

Or, as the International Council on Archives puts it in Section 7 of their Code:

Archivists...must respect the privacy of individuals who created or are the subjects of records, especially those who had no voice in the use or disposition of the materials.

 

2.  Ownership of the Copyright

This stage is where an institution looks at the original ownership of the copyright of the image, any transfers of those rights, the use of those rights, if the rights have expired or been transferred to the public domain, and if any of those rights are to be transferred to the institution.

Ethical considerations: Who "owns" the rights to the image?  Are the rights financially valuable?  Have they been put to non-academic, commercial use before, or are they likely to be?  Can your institution accept the rights in a way that limits future commercial exploitation of depicted minors?

Or, as the Society of American Archivists puts it in Section VI of their Code of Ethics:

Archivists may place restrictions on access for the protection of privacy or confidentiality of information in the records.

 

3.  Manner of Accession

This stage is where an institution looks at the overall package it is acquiring.  In this case, the member has pointed out that the data collection project may have over-stepped some (formal or informal) boundaries.  Other accession challenges can be donor-imposed conditions, environmental factors, and budget concerns.

Or, as the International Council on Archives puts it in Section 2 of their Code of Ethics:

Archivists should appraise records impartially basing their judgment on a thorough knowledge of their institution’s administrative requirements and acquisitions policies.

...and in Section 5 of that same Code:

Archivists negotiating with transferring officials or owners of records should seek fair decisions based on full consideration – when applicable – the following factors: authority to transfer, donate, or sell; financial arrangements and benefits; plans for processing; copyright and conditions of access. Archivists should keep a permanent record documenting accessions, conservation and all archival work done.

 

4.  Legal Considerations of Content

This stage is where an institution looks for specific concerns caused by the precise content in the materials.  When it comes to pictures of minors, this means assessing if the content is in any way criminal, contains evidence of a crime, if the information suggests they were a ward of the state, if it originated from sealed criminal records, and if the use will in any way be commercial (and thus require permission).

Or, as the Society of American Archives puts it in Section IX of their Code of Ethics:

Archivists must uphold all federal, state, and local laws.

 

5.  Identity of Person(s) Portrayed

This stage is where an institution looks at the depiction of the real person portrayed in the material and assesses if it poses any additional challenges.

Or, as the Society of American Archives puts it in Section VI of their Code of Ethics:

Archivists strive to promote open and equitable access to their services and the records in their care without discrimination or preferential treatment, and in accordance with legal requirements, cultural sensitivities, and institutional policies.

 

6.  Alignment with Mission

An archive or museum will always have a mission—or "charitable purpose"—at its core.  This is how it maintains a tax-exempt status, its charter, and its ability to operate.  Does the contemplated use of the content you are focusing on (the images of children) match up with that mission?  Or it is somehow at odds or unaligned with it?

This consideration warrants a repeat of Section 7 of the International Council on Archives Code of Ethics:

Archivists should take care that corporate and personal privacy as well as national security are protected without destroying information, especially in the case of electronic records where updating and erasure are common practice. They must respect the privacy of individuals who created or are the subjects of records, especially those who had no voice in the use or disposition of the materials.

 

7.  Alignment with Collection Purpose

Just as an archive or museum will always have a mission—or "charitable purpose"—at its core, so will a particular collection have a description that sets out its scope, methods, and purpose.  Does the contemplated use of the content you are focusing on (the images of children) match up with that description?  Or it is somehow extraneous or not quite consistent with it?  If sensitive material is not squarely within the scope of the collection, it shouldn't be there at all.

Or, as the Society of American Archives puts it in Section III of their Code of Ethics:

Archivists should exercise professional judgment in acquiring, appraising, and processing historical materials. They should not allow personal beliefs or perspectives to affect their decisions.

 

That's great...but what to do?!?

When faced with a sensitive decision like the one posed by the member, a subject-focused analysis based on the above factors is the right way to move ahead, in one of three directions:

  • If there is a decision to accession the materials and facilitate access, a written protocol for handling the sensitivities should be made part of the policies of the collection.
  • If there is a decision to accession but limit access (something archival values generally counsel against) there should be a clear path through the restrictions and a well-documented justification for the limitations.
  • If there is a decision to decline accession, the basis of the decision should be documented in light of the factors impacting the decision.

In this particular case, any of the three above-listed options might be appropriate.  From the brief description provided by the member, it sounds like the photos were joyful documentation of a community by its own members—not exploitive or rooted in dubious practices. 

But even under a "best case scenario"[3] like the one provided by the member, it is appropriate to develop a checklist based on the mission of the institution, and the goals of the collection, to be assured any archival images with minors:

1) will not be subject to commercial exploitation by the institution or a third party accessing the collection (unless there is properly executed permission allowing such use);

2) were not created in a manner inconsistent with the mission, values, and ethics of your institution; or if they were, the collection parameters address those concerns;

3) are included in a manner consistent with the purpose of the collection; and

4) there is a process[4] for any individual or relative to request removal of an image of a depicted minor.  Since such a request would only come after there was a determination that the image was consistent with the values of the institution and fit within the scope of the collection, any evaluation of such a request should be made based on the reasons for the request.

 

The good news is, the same documentation that shows careful assessment of the ethical factors will help you with any future legal concerns.

And finally, there is one more option for this particular scenario, which is to ask each church to include in their weekly bulletin or routine outreach:

Our church has been selected for inclusion in the ABC institution's online archives. As part of this work, we have provided numerous photos of our events over the years, which include pictures of many of our congregants when they were children. If you have any concerns with your childhood image being included in such a collection, please alert us.  Otherwise, please know that our community records are being preserved for the future!

That way, the church as the original provider of the records can "claw back" any photos that a person might object to, and your archive will have another step in its own records to show it did everything it could to respect people's agency and privacy.

Thank you for a thoughtful question.

 



[1] A critical example of this issue—use of a person's image in ways that raise question of agency and ethics (to say nothing of basic human decency) is found in the saga of the images of people named Alfred, Fassena, Jem, Renty, Delia, Jack, and Drana, all subjected to enslavement in the 19th century.  The images are commonly called the "Zealey Daguerotypes" and the disputes about them start with how they come into being, as well as how they are used in the present day.  For a good summary of this saga, see https://www.nytimes.com/2020/09/29/books/to-make-their-own-way-in-world-zealy-daguerreotypes.html.

[2] "Established" by recognized authorities, not by me.  My go-to for this will be the Code of Ethics of the Society of American Archivists, found at https://www2.archivists.org/statements/saa-core-values-statement-and-code-of-ethics#code_of_ethics, and the Code of Ethics of the International Council on Archives, found at https://www.ica.org/en/ica-code-ethics.

[3] This "Ask the Lawyer" is only addressing the question about minors...I am not tackling the fact that the rights to the relatively recent photos may be held by still living people, or relatives!

[4] This does not need to be a flagrant "notice and takedown" process; it can be accomplished through a simple statement like: "The ABC Archive [is accredited by/follows the ethics of DEF]; if you are concerned that the depiction of any individual or the inclusion of certain content in this collection is contrary to those ethics, please contact GHI at ### to share your concern."

Tags: Copyright, COVID-19, Digitization and Copyright, Ethics, Archives, Photographs

Topic: Library Files - 1/24/2020
What recourse may a library board take, if a former director removes all library files from a libr...
Posted: Friday, January 24, 2020 Permalink

MEMBER QUESTION

What recourse may a library board take, if a former director removes all library files from a library owned computer that relate to the running of the public library?

WNYLRC ATTORNEY'S RESPONSE

Every employer struggles with this issue: give employees enough access to electronic information to do their jobs, but protect that information from accidental disclosure, file corruption, and theft.

Solid practices like routine security updates, back-ups, password re-sets, and employee training can help a library avoid the worst IT disasters.  But what if someone in a position of trust simply abuses their access?  What if a scenario like the member's question should arise?

There is a process to address this type of scenario.  In order to ease an adrenalized mind,[1] it is presented below in grid form.

Upon suspicion that files have been removed or inappropriately removed by a former library employee, follow these steps to assess what recourse a board might have:

Action

Why you do this

Results

1.  Upon suspicion that files have been removed, if possible, do not take further steps alone.

Create an "Initial Response Team" of at least two people to do the next four steps, and designate one of them as the note-taker and document-keeper.

If your library's computer system is supplied or supported by a cooperative library system, one of these people should be from the system.[2]

Organizing a time-line and take photos or screenshots of information showing the potential problem.

The facts you assemble and first steps you take may have far-reaching consequences for your library's response and recovery, as well as for the potential wrong doer.

At this stage, however, you'll just be documenting what appears to be missing.  No deep-dive investigation.   It should only take an hour or two.[3]

Initial Response Team formed and responsibilities of team members made clear.

Note-taker assembling information.

2.  Without letting it take more than an hour (or two) and without making any changes to your system, assess and create an informal list of what appears to be missing (file types, specific types of information, locations), when this was noticed, and what the first signs of the concern were.  This will be your "Initial Inventory."

You need to have a foundation for your next steps, so you're creating a quick description of the possible situation.

An Initial Inventory you will use in the next few steps.

Note: The "Initial Inventory" is not an attempt to assess what happened, just to list what might be missing, and a few initial details.

 

3.  Look over the Initial Inventory.  Could any of the missing files contain personal/private information, such as: name, address, date of birth, ssn, library card number, credit card information, contact information, banking information, health-related information, computer use, passwords, or circulation records?

If the answer is "yes," add the phrase "…possibly includes loss or compromise of private information and/or library patron records" to the Initial Inventory.

This part of the Initial Inventory will help those assessing the issue quickly appreciate the possible privacy and confidentiality  implications of the situation.

4.  Contact the library's insurance carrier, and alert them that you may have had a loss of data related to "unauthorized computer access that may involve a former employee."

If your Initial Inventory includes a "yes" to Step #3, also state: "The situation may have involve personal and confidential information."

If your initial contact is by phone, confirm the notice via a letter or e-mail.

Depending on your library's insurance type, you may be covered for this type of event.

Notifying your carrier and following up in writing will help the library determine if the carrier will provide coverage and/or assistance for the event.

Timely notice to the library's insurance carrier, enabling your carrier to let you know if you have coverage and if they can provide assistance in recovering from the event.

NOTE:  If the event is covered, some or all of the remaining steps could be impacted by the participation of the carrier.

5.  With the Initial Inventory complete and the carrier on notice, the board (or director, if the board has delegated the right amount of authority to them) must decide who is in charge of next steps: the full board, a board committee, the Director and a team, or any combination of people needed to assess the matter. 

This "Response Team" should have the power to appoint a qualified professional to assess the situation, to retain legal assistance if warranted, and to recommend a final course of action to the board.

In no event should a report to the board (or Executive Committee) extend the timeline for arranging a response beyond 3 business days.

Unauthorized computer access involving a former director (or any employee) is serious enough to warrant board involvement, whether or not personal and confidential information.

This is especially true since, in a worst-case scenario, the library may have to report a data breach, expend resources to re-create or retrieve the information, work with an insurance carrier to recover from the loss, consider if any aspects of the former employee's contract or severance apply (if there was either/or) and based on what is discovered, consider whether or not to file a report with law enforcement.

Clarity as to who is in charge, what level of authority they are working with, and who they will bring on to assist with the investigation and recovery.

6.  Alert the library's lawyer by sending them a copy of the Initial Inventory, and connect them to the Response Team, so they can assist at needed.

 

It will be the lawyer's responsibility to work with the Response Team and others to ensure the library is positioned to seek relief from the carrier or the former employee, to assess any relevant contracts (for instance, if the files were deleted from a cloud server), and to advise the board about filing a report with law enforcement, or pursuing civil remedies.

Attorney-client privileged input to help assess response options in the best interests of the library.

7.  The Response Team should retain a qualified IT/data security professional to assess and develop an "Incident Report" with a Final Inventory of what is confirmed as missing, a conclusion as to how it went missing, and if/how it can be recovered.

This should be done within 3 days of discovery and before there are any changes to the system.   Ideally, this work should only be performed after the library and the IT professional sign a written contract that is reviewed by the lawyer.

A contract with a qualified firm;

A certificate of insurance from the professional firm;

A written Incident Report from the firm.

8. Based on the value, sensitivity, and type of information in the Final Inventory, work with the IT professional and lawyer to assess any legal steps the library must take to recover or to give required notifications of data breach.

Depending on what went missing, the library could have concerns under any number of laws. 

The final recommendation should be a memo to the board, regarding any necessary steps (or confirming not are needed).

9.  Based on the complete Incident Report's assessment of what is  missing, how it went missing, and if/how it can be recovered, and any relevant details about the employee, develop a course of action.

For more on this aspect, see the rest of this RAQ.

Recourse.

What happens as part of number "9," is the actual answer to the member's question.  But until a library follows steps "1" through "8," it can't fully know its options under "9."

And what can happen as part of "9"?  The range of consequences for unauthorized computer access and/or data destruction is vast, running from criminal penalties to civil remedies.  And if considered with solutions for how a library can recover from the loss, there are further possibilities.

If I was on the board where a former director removed all the library files from a library owned-computer that relate to the running of the public library, at the end of the day, here's what I'd want get out of "The Files Are Gone" process:

  • Know if the files were simply removed, or if they were removed and accessed/disclosed beyond the library;
  • If they were disclosed beyond the library, what the library must do to address that (including special considerations if personal or confidential information was accessed);
  • If the files were only removed, know if they can easily be replaced, or if they were the library's only copy;
  • If they can't be easily replaced, how much it will cost to replace them, and any negative impacts we'll experience until we do;
  • How we have concluded the files were removed by the former employee, if they were an employee when they did it, and what the due process is for addressing that;
  • If (based on all the information gathered, and more that will be specific to the situation), the board should contact the police, or consider a civil claim against the former employee.

By demanding solid, well-documented and qualified answer to these questions (What happened?  how does it impact the library?  What can we do?) a board member is being a good fiduciary, and positioning the library to identify the best recourse.

Now let's say that, in the grand scheme of things, the "missing files" appear to be pretty minor (and do not involve private information).  Let's say that, for whatever reason, the outgoing employee deleted all the library's "standard operating procedures." Not the policies--those are on the library's website and backed up in numerous places - but all the details about (as the question says) "running the library:"  How to organize the courier manifest.  The templates for the volunteer letters and community meeting notices.  The budget template and calendar for strategic planning.  Their own emails on their library account.  Nothing private, no circulation or credit card information, but a body of work that represent hundreds of compensated hours…lost.

This may seem like the kind of loss that isn’t dire enough to warrant the steps I have outlined above, but it absolutely is.  First, only a professional can say when data is truly "lost" (especially emails).  And even if, at the end of the day, there is a board decision not to pursue any consequences (privately, civilly or criminally), such (in)action must be based on good information--not just the result of a decision not to investigate in the first place.

The budget for such response, if planned carefully, can be very modest (under $1500).[4]  Reaching out to a library's system and regional council to find the professional you need might help the library get those services at a reasonable price (and again, depending on the system-library service agreement, much more).

Why am I adamant about this follow-through, even for a "small" incident?  Because sometimes a "small" incident is only the tip of a much larger iceberg.  Unauthorized data destruction by a former employee could be a serious breach of their duty, the law--and even their oath of office.  But it might not be.  The right response, and the fair response, can only be formulated through careful documentation and analysis.

This is what positions the board to know what recourse it can take, when presented with such a serious situation.

Thank you for trusting "Ask the Lawyer" with this sensitive question.

 



[1] If you are reading this while working on this type of issue, take a deep breath.  You've got this.

[2] There are too many types of IT supply/support arrangements out there for me to be more precise than this.  Some systems are essentially the IT department for their member libraries. Others are not.  This aspect will be governed by the System's member contract…but generally, a good place to start is on the phone!

[3] In keeping with the question, this chart addresses what to do if the person involved is former employee.  If the person is a current employee, the Response Team should include someone qualified to assess an appropriate response that ensures 1) due process for the employee; 2) security for the investigation; and 3) stability for ongoing operations of the library.

[4] Is this a low-ball figure?  Could it be much bigger?  Yes. But if it gets much bigger, that should be because it's actually a big problem that needs to be solved.

Tags: Data, Ethics, Management, Security Breach

Topic: ResearchGate, PDFs, and Copyright - 12/12/2019
ResearchGate is often a place individuals will go to snag PDFs which are typically provided b...
Posted: Thursday, December 12, 2019 Permalink

MEMBER QUESTION

ResearchGate is often a place individuals will go to snag PDFs which are typically provided by authors, not publishers. It refers to itself as a community and network for researchers to share and discuss their research with others from around the globe. ResearchGate explicitly states that they are not liable for any copyright infringement, and that the responsibility rests with the individual; it is entirely up to the individual to either post the PDF to be downloaded freely, or to send the PDF to individuals upon request.

I have multiple questions surrounding the use of ResearchGate. Number one, should libraries be directing individuals to ResearchGate to ask authors for copies of their articles? Number two, should our document delivery service be providing copies of PDFs from ResearchGate to our library patrons? I am personally very hesitant to refer anyone to ResearchGate as I find most faculty researchers are not aware of who truly holds the copyright to their published articles. Thank you!

WNYLRC ATTORNEY'S RESPONSE

I first heard about “ResearchGate” at a copyright training I was conducting for librarians. 

There I was, holding forth about Section 108 and Fair Use, when out of the blue, an academic librarian asked me: “What do you think of Researchgate?”[1]

This question triggered my number one rule for lawyering: never assume you know an answer; always do your research.  So even though my brain figured that “Researchgate” was a new scandal involving falsification of data,[2] I instead replied: “I have to admit, I am not familiar with that.” 

Good thing I followed rule number one!

Since that time, and in response to this question, I have had a chance to visit ResearchGate’s “About” page and their “Terms of Use” (for academics and students) page.  And I have developed some thoughts.

But first, here’s what I have learned:

Notably, as the member points out, ResearchGate’s “Terms” for submitters reinforces the rights of authors:

As a member, when you post full-text articles or supplementary materials on ResearchGate, you do not transfer or assign copyright to us. Rather, you make the content available to the public through ResearchGate.

…about encourages users to respect the rights of others:

If you choose to privately archive or publicly post content, we encourage you to first confirm your rights before doing so. … As we do not have any information about rights you may hold, or any license terms or other restrictions which might apply to such content, we necessarily rely on you to understand your rights and act accordingly. 

ResearchGate’s relationship with users is also governed by clauses on “Liability” and “Indemnification”—with ResearchGate attempting to pass all liability for a copyright infringement onto the users who supply content.

And finally, as also shown in their policies, ResearchGate also takes advantage of the “notice and takedown” provisions under the Digital Millennium Copyright Act to assure itself “safe harbor,” in the event a user posts infringing content.[3]

What I found at ResearchGate.com was what looks like a thorough attempt to dot all the “i”s and cross all the “t”s to respect intellectual property.  They probably have a very good lawyer.

But as I said, “always do your research,” so in addition to visiting their site, I also visited PACER to see if ResearchGate is being sued by anyone for copyright infringement.  And boy, are they ever.

ResearchGate GmbH (its corporate name in Germany, where it appears to be based) is being sued by Elsevier, Inc., Elsevier Ltd., Elsevier B.V. and the American Chemical Society (“ACS”).[4]  The basis for the suit, as set forth in paragraph “three” of the plaintiff’s complaint, is the ResearchGate’s use of “Published Journal Articles” (which the suit calls “PJA”s):

This lawsuit focuses on ResearchGate’s intentional misconduct vis-à-vis its online

file-sharing / download service, where the dissemination of unauthorized copies of PJAs

constitutes an enormous infringement of the copyrights owned by ACS, Elsevier and other

journal publishers. The lawsuit is not about researchers and scientists collaborating; asking and

answering questions; promoting themselves, their projects, or their findings; or sharing research

findings, raw data, or pre-prints of articles.

And, just in case that doesn’t sound too bad, here’s the next paragraph:

ResearchGate’s infringing activity is no accident. Infringing copies of PJAs are a

cornerstone to ResearchGate’s growth strategy. ResearchGate deliberately utilizes the infringing

copies to grow the traffic to its website, its base of registered users, its digital content, and its

revenues and investment from venture capital. ResearchGate knows that the PJAs at issue

cannot be lawfully uploaded to and downloaded from the RG Website. Nevertheless, in violation of the rights of ACS, Elsevier, and others, ResearchGate uploads infringing copies of

PJAs and encourages and induces others to do so. ResearchGate finds copies of the PJAs on the

Internet and uploads them to computer servers it owns or controls. In addition, ResearchGate

lures others into uploading copies of the PJAs, including by directly asking them to do so,

encouraging use of a “request full-text” feature, and misleadingly promoting the concept of “selfarchiving.”[sic]  ResearchGate is well aware that, as a result, it has turned the RG Website into a focal point for massive copyright infringement.[5]

Yikes, that sounds dire, right?  And very akin to the member’s concerns.

So, with all that established, I’ll share my thoughts, and address the member’s questions.

Number one, should libraries be directing individuals to ResearchGate to ask authors for copies of their articles? Number two, should our document delivery service be providing copies of PDFs from ResearchGate to our library patrons?

Questions like this may be informed by law (and risk management), but must always start with ethics. 

The ALA Statement of Ethics[6] has very clear language regarding intellectual property: We respect intellectual property rights and advocate balance between the interests of information users and rights holders.

When it comes to a source like ResearchGate—ostensibly trying to operate within the bounds of the law, but alleged to have a seamier side—the ALA’s further musings[7] on this statement on copyright are also instructive:

 Library workers are increasingly critical resources for copyright information in their communities. Consequently, they should be informed about copyright developments and maintain current awareness of all copyright issues. Library workers should develop a solid understanding of the law, its purpose, and the details relevant to library activities. This includes the ability to read, understand, and analyze various copyright scenarios, including fair use and other copyright limitations, using both good judgment and risk mitigation practices.

Library workers should use these skills to identify their rights and the rights of their users. Further, they should be ready to perform outreach surrounding copyright topics and refer users with questions pertaining to copyright to reliable resources. However, library workers should avoid providing legal advice. They may provide information about the law and copyright, but should recommend that patrons consult an attorney for legal advice. [emphasis added]

I can’t answer the member’s questions for any particular library. But based on the ALA Statement of Ethics, its further comments on copyright, and risk management principles drawn from the law, I can suggest a methodology for a library to apply when asking them.

First, if a librarian, using their own observations, and applying ALA ethics, believes a source to be dubious,  it is clear that they are ethically obligated to “us[e] both good judgment and risk mitigation practices” about “relevant to library activities,” and to work with decision-makers at their institution to develop a clear position on that source.

This is not a simple nor easy exercise.  Further (and frustratingly, for some) it may vary from institution to institution.  Some libraries dance on the cutting edge of copyright.  Others err on the side of caution.  The decision to do either should be based on an informed assessment that considers the library’s mission, insurance, tolerance of risk, and its comfort level with the status quo.  

The member is already applying personal experience and modeling this balancing.  Remember the last part of the question: I am personally very hesitant to refer anyone to ResearchGate, as I find most faculty researchers are not aware of who truly holds the copyright to their published articles.

To that type of informed concern, there are two considerations I would add for libraries making this type of determination:

1) Under Section 108 of the Copyright Act, a library’s exemption from infringement can turn on their lack of awareness of a scheme to make exploitive commercial copies.  Your library’s insurance may also deny coverage if a library is knowingly referring users to an infringer.  So, if your institution is aware that a source is an infringer (which is different from suspecting a source is an infringer), that is a factor to balance.

2) On the flip side, libraries should not be willing (and generally have not been willing) to roll over to support the unchecked dominance of traditional commercial publishers.  Without pushback, rates will continue to go up, while terms will get more onerous.   But there is a difference between thoughtful pushback (like the current, organized fight against the McMillan Embargo[8]), and systematic copyright infringement (like Napster).  

Questions like this one show that librarians are thinking about the difference.  

Thanks for a great question.  It will be interesting to see if the case against ResearchGate goes the distance, and to see libraries decide where they stand.



[1] When this question first put the name in my brain, the “g” was lowercase.  

[2] For over ten years, I was in-house counsel at a university, and had a reason to read “The Chronicle of Higher Education,” every week.  Every year the Chronicle reported on one research-based scandal after another; it’s a miracle I didn’t hear the term “ResearchGate” before this!

[3] As of December 8, 2019, you can see this on ResearchGate’s Intellectual Property Policy.

[4] Am. Chem. Soc'y v. ResearchGate GmbH, 2019 U.S. Dist. LEXIS 98372, 2019 WL 2450976.

[5] Yes, this is one monster paragraph within the law suit. 

[6] As of December 8, 2019, found at http://www.ala.org/tools/ethics

 

Tags: Copyright, DMCA, Ethics, Fair Use, Laws, Photocopies

Topic: Code of Ethics Conflict of Interest - 11/6/2019
What, if any, are the ramifications if a school district public library board of trustee member re...
Posted: Wednesday, November 6, 2019 Permalink

MEMBER QUESTION

What, if any, are the ramifications if a school district public library board of trustee member refuses to sign the code of ethics and/or the conflict of interest/whistleblower policy?

WNYLRC ATTORNEY'S RESPONSE

I am sure there is a very interesting set of facts, personal convictions, and conversations behind the stark facts presented in this question (there always is).  But we’ll address just the stark facts.

Because a library’s Code of Ethics, Conflict of Interest Policy, and Whistleblower Policy[1] are rooted in different areas of the law, a refusal to sign these documents creates an array of ramifications. We’ll explore each type in turn.

But first, it’s important to establish certain base factors.

Base Factors

In New York, most libraries (unless they are part of a larger institutions like a college or museum) are not-for-profit corporations chartered by the New York Education Department’s Board of Regents.[2]  This means that, just like other not-for-profit corporations registered with the New York Department of State, libraries are subject to the Not-for-Profit Corporations Law (the “NFPCL”).[3]  This includes school district public libraries.

Without getting too technical, this means that all libraries in New York are governed in accordance with not only their charters and bylaws, but the applicable parts of the Education Law and the NFPCL, too.[4]

This governance structure impacts questions related to conflicts of interest, whistleblowing, and codes of ethics. With the basic features established, let’s look at the different type of policy in the member question.

 

Conflict of Interest Policy

Here is what the law says about a refusal to participate in the “Conflict of Interest” policy, as governed by the NFPCL:

The conflict of interest policy shall require that prior to the initial election of any director[5], and annually thereafter, such director shall complete, sign and submit to the secretary of the corporation or a designated compliance officer a written statement identifying, to the best of the director’s knowledge, any entity of which such director is an officer, director, trustee, member, owner (either as a sole proprietor or a partner), or employee and with which the corporation has a relationship, and any transaction in which the corporation is a participant and in which the director might have a conflicting interest.[6]

So, to give a stark answer to the member’s question, per the law, no person should actually be elected to serve as a trustee until the nominee’s Conflict of Interest statement (the “COI”) is completed and submitted.  In other words, if the COI is not turned in, that person should never initially be elected as a trustee (we’ll pick that back up in a few paragraphs when we discuss the election criteria for school district public library trustees).

 

Whistleblower Policy

A requirement to “sign” the Whistleblower Policy is a slightly different matter.  Unlike the law related to conflicts of interest, the law requiring any not-for-profit with over 20 employees (or revenue in excess of one million dollars) to have a Whistleblower Policy[7] does not come with a requirement for trustees to sign any document. 

Of course, a refusal to abide by the Whistleblower Policy (for instance, a trustee failing to keep a report confidential), could result in a violation of the law, and the libraries’ bylaws, as well.

 

Code of Ethics

Public school boards must have Codes of Ethics,[8] but libraries—even school district public libraries—do not. There is no requirement in the NFPCL, nor the Education Law, nor any applicable regulations, that a public library have such a code.

That said, to clearly express and enforce a library’s values, a Code of Ethics is often built into a library’s bylaws or adopted as a stand-alone policy of a library’s board.[9]   The bylaws, or policy itself, could also require that it be signed.  Once it is a requirement of the bylaws or policy, it does not have the force of law, but it can be enforced by the board.

 

Refusal to Sign

Which brings us to: whether it a requirement of law or policy, the refusal to sign of a board member must be addressed under the library’s charter, bylaws, and the NFPCPL. 

Under NFPCL §706, a board is empowered to remove a board member per the procedures in its bylaws.  Therefore, if a board determines that failure to sign the Code of Ethics or Whistleblower Policy is unacceptable, or that a failure to sign a Code of Ethics makes the library non-compliant with the law, then that board member can be removed, provided the remaining trustees are careful to follow the bylaw’s procedures for doing so. 

This can be a divisive issue, since I imagine someone could present a debatable reason for not signing a Code or other policy,[10] but since a Code of Ethics or mission statement is something every board member must support as part of their service to the library, the root cause of the refusal might be just as serious as the refusal, and in any event, must be resolved. And that is, except for one wrinkle, the lay of the land.

 

School District Public Library

At school district public libraries, board members are elected per the requirements of Education Law §260. 

§260, and by reference, §2018 of the Education Law, include very precise conditions for the nomination and election of a school district public library board member—none of which is a pre-vote signature on a COI, or a signed acceptance of a Whistleblower Policy or Code of Ethics.

Of course, per Public Officers Law §10, all school district public library trustees must take and file an oath of office “before he[11] shall be entitled to enter upon the discharge of any of his official duties.” This means, somewhere in the “pre-term” area after the election but before the newly elected trustee starts working, there is a zone where they can, based on a refusal to take the oath of office, not be qualified to start the term.[12]

The consequences of a refusal to sign a COI are a little less well-defined, but it is clear that if a board tolerates a refusal, the organization is not in compliance with the NFPCL.  The refusal to sign a Whistleblower Policy is not controlled by law, but the failure to actually follow it is.  And the failure of a board member to sign a Code of Ethics is a matter to be decided by the rest of the governing board.

 

What Happens Next?

The refusal to sign and participate in critical board policy cannot simply be ignored.  It has to be addressed, and the rest of the board has to follow the rules as they address it.

Barring any obvious provision in the bylaws or wording in a particular policy, what does the board use as a playbook for dealing with this type of challenge?  Upon confirming the factors leading to the refusal, a board’s executive committee,[13] consulting with the library’s lawyer and working from copies of the charter and bylaws, must consider the facts, could develop a solution.  The solution could be a revision of a policy to address a particular concern, or, in the case of an incomplete COI, removal of the member.  In no event should this be done without the input of an attorney, since the stakes are high, and feelings may be strong.

Thank you for an important question.



[1] In their quest to impose order on the universe, lawyers often use capitalization to express when a “thing” is a “Thing.”  For purposes of this answer, the various policies the member references are each Things, and so while certain style guides may disapprove, the capitals are there to stay!

[2] The way corporations are created in New York is a type of legal conjuring.  For more information on this particular type of conjuring, check out the New York State Education Department’s Division of Library Development Guide at http://www.nysl.nysed.gov/libdev/charter/index.html, and Education Law §255.

[3] This application of the NFPCL is set forth in NY Education Law §216-a, which is a fun read on a rainy day. 

[4] Intricate arrangements like this are why people like me have jobs!

[5] In the law, “director,” “board member” or “trustee member” all refer to elected members of the board of trustees.

[6] This is from NFPCL §715-a (c).  This language, or something substantially similar, should be in every library’s Conflict of Interest Policy.

[7] NFPCL §715-b.

[8] §806 Section 1(a) of NY’s General Municipal Law.

[9] Boards of museums and other cultural agencies chartered by the Regents are required to have a code of ethics; see 8 NYCRR § 3.30.

[10] I cannot imagine a good reason for not signing a COI, unless the policy was badly worded, there is confusion about the policy, or the director really does believe they should be allowed to vote for their wife’s company to install the new library floor.

[11] It’s 2019.  We really need to work on the pronouns in our legislation.

[12] As but one example of this, see 2001 Op Comm Ed No. 14,710

[13] Or the trusteeship committee, or the board, working as a committee of the whole…whatever group will ensure thorough assessment and the preparation for, if needed, a removal vote.

Tags: Ethics, School Libraries, Board of Trustees

The WNYLRC's "Ask the Lawyer" service is available to members of the Western New York Library Resources Council. It is not legal representation of individual members.