Our archive was part of a regional project to initiate, scan, and make available church records from predominantly African American churches within a city. As part of this project, student/graduate assistants went to the particular churches, scanned the historical records as digital files, and provided those files to [our archive] for public access.
My question is in regards to photographs taken of minors and the restrictions for retention and online display. I would not have selected those particular items for retention, but because I was not on-site during the scanning, I have the files as part of the larger record (church programs, organizational records, committees, etc.). We have signed permissions from the church administration for online access and display of their records. In some cases the photographs are from over 20-40 years ago, in some cases they're much more recent. They're taken at private church events, Sunday school classes/activities, and public events--some as part of photo albums and some as individual files.
I'm struggling with how to treat these photographs and any associated records when I know they display minors. Any advice or direction would be greatly appreciated.
This question is at the vertex of the law and ethics. What an institution may be positioned to do with archival images legally might not be what our society demands ethically. And if the issue impacts real people with real feelings, this conflict can lead to legal claims—regardless of solid footing based on precedent and the law.
When it comes to images of children, who can't legally consent to the use of their images, the ethical issues arising from agency, respect, and self-determination are all the more critical.
The member clearly knows this, and is seeking a direction for assessing how to access, catalog, and use them—if at all. The law is often too blunt an instrument to assess ethical questions, but in this case, I believe the legal steps for assessing the use of such such images can provide a framework for the deeper assessment of the ethical considerations .
Below, I will list the "legal" steps an attorney considers when reviewing a museum or archive's acquisition, but focus on the ethical considerations connected to those factors, especially with regard to use of images of children.
1. Ownership of the Physical Object
This stage is where an institution looks at the provenance of the object and, if that physical object is to be transferred to the institution, addresses the legal priority of making sure the title is "clear."
Ethical considerations: How did the physical object come into existence? Was the creator a member of the community being documented, an academic, a journalist, or an "outsider?" Does it appear that parents or guardians were present? What was the original purpose of the object? Does any of that information suggest coercion, exploitation, or invasion of privacy?
Or, as the International Council on Archives puts it in Section 7 of their Code:
Archivists...must respect the privacy of individuals who created or are the subjects of records, especially those who had no voice in the use or disposition of the materials.
2. Ownership of the Copyright
This stage is where an institution looks at the original ownership of the copyright of the image, any transfers of those rights, the use of those rights, if the rights have expired or been transferred to the public domain, and if any of those rights are to be transferred to the institution.
Ethical considerations: Who "owns" the rights to the image? Are the rights financially valuable? Have they been put to non-academic, commercial use before, or are they likely to be? Can your institution accept the rights in a way that limits future commercial exploitation of depicted minors?
Or, as the Society of American Archivists puts it in Section VI of their Code of Ethics:
Archivists may place restrictions on access for the protection of privacy or confidentiality of information in the records.
3. Manner of Accession
This stage is where an institution looks at the overall package it is acquiring. In this case, the member has pointed out that the data collection project may have over-stepped some (formal or informal) boundaries. Other accession challenges can be donor-imposed conditions, environmental factors, and budget concerns.
Or, as the International Council on Archives puts it in Section 2 of their Code of Ethics:
Archivists should appraise records impartially basing their judgment on a thorough knowledge of their institution’s administrative requirements and acquisitions policies.
...and in Section 5 of that same Code:
Archivists negotiating with transferring officials or owners of records should seek fair decisions based on full consideration – when applicable – the following factors: authority to transfer, donate, or sell; financial arrangements and benefits; plans for processing; copyright and conditions of access. Archivists should keep a permanent record documenting accessions, conservation and all archival work done.
4. Legal Considerations of Content
This stage is where an institution looks for specific concerns caused by the precise content in the materials. When it comes to pictures of minors, this means assessing if the content is in any way criminal, contains evidence of a crime, if the information suggests they were a ward of the state, if it originated from sealed criminal records, and if the use will in any way be commercial (and thus require permission).
Or, as the Society of American Archives puts it in Section IX of their Code of Ethics:
Archivists must uphold all federal, state, and local laws.
5. Identity of Person(s) Portrayed
This stage is where an institution looks at the depiction of the real person portrayed in the material and assesses if it poses any additional challenges.
Or, as the Society of American Archives puts it in Section VI of their Code of Ethics:
Archivists strive to promote open and equitable access to their services and the records in their care without discrimination or preferential treatment, and in accordance with legal requirements, cultural sensitivities, and institutional policies.
6. Alignment with Mission
An archive or museum will always have a mission—or "charitable purpose"—at its core. This is how it maintains a tax-exempt status, its charter, and its ability to operate. Does the contemplated use of the content you are focusing on (the images of children) match up with that mission? Or it is somehow at odds or unaligned with it?
This consideration warrants a repeat of Section 7 of the International Council on Archives Code of Ethics:
Archivists should take care that corporate and personal privacy as well as national security are protected without destroying information, especially in the case of electronic records where updating and erasure are common practice. They must respect the privacy of individuals who created or are the subjects of records, especially those who had no voice in the use or disposition of the materials.
7. Alignment with Collection Purpose
Just as an archive or museum will always have a mission—or "charitable purpose"—at its core, so will a particular collection have a description that sets out its scope, methods, and purpose. Does the contemplated use of the content you are focusing on (the images of children) match up with that description? Or it is somehow extraneous or not quite consistent with it? If sensitive material is not squarely within the scope of the collection, it shouldn't be there at all.
Or, as the Society of American Archives puts it in Section III of their Code of Ethics:
Archivists should exercise professional judgment in acquiring, appraising, and processing historical materials. They should not allow personal beliefs or perspectives to affect their decisions.
That's great...but what to do?!?
When faced with a sensitive decision like the one posed by the member, a subject-focused analysis based on the above factors is the right way to move ahead, in one of three directions:
In this particular case, any of the three above-listed options might be appropriate. From the brief description provided by the member, it sounds like the photos were joyful documentation of a community by its own members—not exploitive or rooted in dubious practices.
But even under a "best case scenario" like the one provided by the member, it is appropriate to develop a checklist based on the mission of the institution, and the goals of the collection, to be assured any archival images with minors:
1) will not be subject to commercial exploitation by the institution or a third party accessing the collection (unless there is properly executed permission allowing such use);
2) were not created in a manner inconsistent with the mission, values, and ethics of your institution; or if they were, the collection parameters address those concerns;
3) are included in a manner consistent with the purpose of the collection; and
4) there is a process for any individual or relative to request removal of an image of a depicted minor. Since such a request would only come after there was a determination that the image was consistent with the values of the institution and fit within the scope of the collection, any evaluation of such a request should be made based on the reasons for the request.
The good news is, the same documentation that shows careful assessment of the ethical factors will help you with any future legal concerns.
And finally, there is one more option for this particular scenario, which is to ask each church to include in their weekly bulletin or routine outreach:
Our church has been selected for inclusion in the ABC institution's online archives. As part of this work, we have provided numerous photos of our events over the years, which include pictures of many of our congregants when they were children. If you have any concerns with your childhood image being included in such a collection, please alert us. Otherwise, please know that our community records are being preserved for the future!
That way, the church as the original provider of the records can "claw back" any photos that a person might object to, and your archive will have another step in its own records to show it did everything it could to respect people's agency and privacy.
Thank you for a thoughtful question.
 A critical example of this issue—use of a person's image in ways that raise question of agency and ethics (to say nothing of basic human decency) is found in the saga of the images of people named Alfred, Fassena, Jem, Renty, Delia, Jack, and Drana, all subjected to enslavement in the 19th century. The images are commonly called the "Zealey Daguerotypes" and the disputes about them start with how they come into being, as well as how they are used in the present day. For a good summary of this saga, see https://www.nytimes.com/2020/09/29/books/to-make-their-own-way-in-world-zealy-daguerreotypes.html.
 "Established" by recognized authorities, not by me. My go-to for this will be the Code of Ethics of the Society of American Archivists, found at https://www2.archivists.org/statements/saa-core-values-statement-and-code-of-ethics#code_of_ethics, and the Code of Ethics of the International Council on Archives, found at https://www.ica.org/en/ica-code-ethics.
 This "Ask the Lawyer" is only addressing the question about minors...I am not tackling the fact that the rights to the relatively recent photos may be held by still living people, or relatives!
 This does not need to be a flagrant "notice and takedown" process; it can be accomplished through a simple statement like: "The ABC Archive [is accredited by/follows the ethics of DEF]; if you are concerned that the depiction of any individual or the inclusion of certain content in this collection is contrary to those ethics, please contact GHI at ### to share your concern."
What recourse may a library board take, if a former director removes all library files from a library owned computer that relate to the running of the public library?
Every employer struggles with this issue: give employees enough access to electronic information to do their jobs, but protect that information from accidental disclosure, file corruption, and theft.
Solid practices like routine security updates, back-ups, password re-sets, and employee training can help a library avoid the worst IT disasters. But what if someone in a position of trust simply abuses their access? What if a scenario like the member's question should arise?
There is a process to address this type of scenario. In order to ease an adrenalized mind, it is presented below in grid form.
Upon suspicion that files have been removed or inappropriately removed by a former library employee, follow these steps to assess what recourse a board might have:
Why you do this
1. Upon suspicion that files have been removed, if possible, do not take further steps alone.
Create an "Initial Response Team" of at least two people to do the next four steps, and designate one of them as the note-taker and document-keeper.
If your library's computer system is supplied or supported by a cooperative library system, one of these people should be from the system.
Organizing a time-line and take photos or screenshots of information showing the potential problem.
The facts you assemble and first steps you take may have far-reaching consequences for your library's response and recovery, as well as for the potential wrong doer.
At this stage, however, you'll just be documenting what appears to be missing. No deep-dive investigation. It should only take an hour or two.
Initial Response Team formed and responsibilities of team members made clear.
Note-taker assembling information.
2. Without letting it take more than an hour (or two) and without making any changes to your system, assess and create an informal list of what appears to be missing (file types, specific types of information, locations), when this was noticed, and what the first signs of the concern were. This will be your "Initial Inventory."
You need to have a foundation for your next steps, so you're creating a quick description of the possible situation.
An Initial Inventory you will use in the next few steps.
Note: The "Initial Inventory" is not an attempt to assess what happened, just to list what might be missing, and a few initial details.
3. Look over the Initial Inventory. Could any of the missing files contain personal/private information, such as: name, address, date of birth, ssn, library card number, credit card information, contact information, banking information, health-related information, computer use, passwords, or circulation records?
If the answer is "yes," add the phrase "…possibly includes loss or compromise of private information and/or library patron records" to the Initial Inventory.
This part of the Initial Inventory will help those assessing the issue quickly appreciate the possible privacy and confidentiality implications of the situation.
4. Contact the library's insurance carrier, and alert them that you may have had a loss of data related to "unauthorized computer access that may involve a former employee."
If your Initial Inventory includes a "yes" to Step #3, also state: "The situation may have involve personal and confidential information."
If your initial contact is by phone, confirm the notice via a letter or e-mail.
Depending on your library's insurance type, you may be covered for this type of event.
Notifying your carrier and following up in writing will help the library determine if the carrier will provide coverage and/or assistance for the event.
Timely notice to the library's insurance carrier, enabling your carrier to let you know if you have coverage and if they can provide assistance in recovering from the event.
NOTE: If the event is covered, some or all of the remaining steps could be impacted by the participation of the carrier.
5. With the Initial Inventory complete and the carrier on notice, the board (or director, if the board has delegated the right amount of authority to them) must decide who is in charge of next steps: the full board, a board committee, the Director and a team, or any combination of people needed to assess the matter.
This "Response Team" should have the power to appoint a qualified professional to assess the situation, to retain legal assistance if warranted, and to recommend a final course of action to the board.
In no event should a report to the board (or Executive Committee) extend the timeline for arranging a response beyond 3 business days.
Unauthorized computer access involving a former director (or any employee) is serious enough to warrant board involvement, whether or not personal and confidential information.
This is especially true since, in a worst-case scenario, the library may have to report a data breach, expend resources to re-create or retrieve the information, work with an insurance carrier to recover from the loss, consider if any aspects of the former employee's contract or severance apply (if there was either/or) and based on what is discovered, consider whether or not to file a report with law enforcement.
Clarity as to who is in charge, what level of authority they are working with, and who they will bring on to assist with the investigation and recovery.
6. Alert the library's lawyer by sending them a copy of the Initial Inventory, and connect them to the Response Team, so they can assist at needed.
It will be the lawyer's responsibility to work with the Response Team and others to ensure the library is positioned to seek relief from the carrier or the former employee, to assess any relevant contracts (for instance, if the files were deleted from a cloud server), and to advise the board about filing a report with law enforcement, or pursuing civil remedies.
Attorney-client privileged input to help assess response options in the best interests of the library.
7. The Response Team should retain a qualified IT/data security professional to assess and develop an "Incident Report" with a Final Inventory of what is confirmed as missing, a conclusion as to how it went missing, and if/how it can be recovered.
This should be done within 3 days of discovery and before there are any changes to the system. Ideally, this work should only be performed after the library and the IT professional sign a written contract that is reviewed by the lawyer.
A contract with a qualified firm;
A certificate of insurance from the professional firm;
A written Incident Report from the firm.
8. Based on the value, sensitivity, and type of information in the Final Inventory, work with the IT professional and lawyer to assess any legal steps the library must take to recover or to give required notifications of data breach.
Depending on what went missing, the library could have concerns under any number of laws.
The final recommendation should be a memo to the board, regarding any necessary steps (or confirming not are needed).
9. Based on the complete Incident Report's assessment of what is missing, how it went missing, and if/how it can be recovered, and any relevant details about the employee, develop a course of action.
For more on this aspect, see the rest of this RAQ.
What happens as part of number "9," is the actual answer to the member's question. But until a library follows steps "1" through "8," it can't fully know its options under "9."
And what can happen as part of "9"? The range of consequences for unauthorized computer access and/or data destruction is vast, running from criminal penalties to civil remedies. And if considered with solutions for how a library can recover from the loss, there are further possibilities.
If I was on the board where a former director removed all the library files from a library owned-computer that relate to the running of the public library, at the end of the day, here's what I'd want get out of "The Files Are Gone" process:
By demanding solid, well-documented and qualified answer to these questions (What happened? how does it impact the library? What can we do?) a board member is being a good fiduciary, and positioning the library to identify the best recourse.
Now let's say that, in the grand scheme of things, the "missing files" appear to be pretty minor (and do not involve private information). Let's say that, for whatever reason, the outgoing employee deleted all the library's "standard operating procedures." Not the policies--those are on the library's website and backed up in numerous places - but all the details about (as the question says) "running the library:" How to organize the courier manifest. The templates for the volunteer letters and community meeting notices. The budget template and calendar for strategic planning. Their own emails on their library account. Nothing private, no circulation or credit card information, but a body of work that represent hundreds of compensated hours…lost.
This may seem like the kind of loss that isn’t dire enough to warrant the steps I have outlined above, but it absolutely is. First, only a professional can say when data is truly "lost" (especially emails). And even if, at the end of the day, there is a board decision not to pursue any consequences (privately, civilly or criminally), such (in)action must be based on good information--not just the result of a decision not to investigate in the first place.
The budget for such response, if planned carefully, can be very modest (under $1500). Reaching out to a library's system and regional council to find the professional you need might help the library get those services at a reasonable price (and again, depending on the system-library service agreement, much more).
Why am I adamant about this follow-through, even for a "small" incident? Because sometimes a "small" incident is only the tip of a much larger iceberg. Unauthorized data destruction by a former employee could be a serious breach of their duty, the law--and even their oath of office. But it might not be. The right response, and the fair response, can only be formulated through careful documentation and analysis.
This is what positions the board to know what recourse it can take, when presented with such a serious situation.
Thank you for trusting "Ask the Lawyer" with this sensitive question.
 If you are reading this while working on this type of issue, take a deep breath. You've got this.
 There are too many types of IT supply/support arrangements out there for me to be more precise than this. Some systems are essentially the IT department for their member libraries. Others are not. This aspect will be governed by the System's member contract…but generally, a good place to start is on the phone!
 In keeping with the question, this chart addresses what to do if the person involved is former employee. If the person is a current employee, the Response Team should include someone qualified to assess an appropriate response that ensures 1) due process for the employee; 2) security for the investigation; and 3) stability for ongoing operations of the library.
 Is this a low-ball figure? Could it be much bigger? Yes. But if it gets much bigger, that should be because it's actually a big problem that needs to be solved.
ResearchGate is often a place individuals will go to snag PDFs which are typically provided by authors, not publishers. It refers to itself as a community and network for researchers to share and discuss their research with others from around the globe. ResearchGate explicitly states that they are not liable for any copyright infringement, and that the responsibility rests with the individual; it is entirely up to the individual to either post the PDF to be downloaded freely, or to send the PDF to individuals upon request.
I have multiple questions surrounding the use of ResearchGate. Number one, should libraries be directing individuals to ResearchGate to ask authors for copies of their articles? Number two, should our document delivery service be providing copies of PDFs from ResearchGate to our library patrons? I am personally very hesitant to refer anyone to ResearchGate as I find most faculty researchers are not aware of who truly holds the copyright to their published articles. Thank you!
I first heard about “ResearchGate” at a copyright training I was conducting for librarians.
There I was, holding forth about Section 108 and Fair Use, when out of the blue, an academic librarian asked me: “What do you think of Researchgate?”
This question triggered my number one rule for lawyering: never assume you know an answer; always do your research. So even though my brain figured that “Researchgate” was a new scandal involving falsification of data, I instead replied: “I have to admit, I am not familiar with that.”
Good thing I followed rule number one!
But first, here’s what I have learned:
Notably, as the member points out, ResearchGate’s “Terms” for submitters reinforces the rights of authors:
As a member, when you post full-text articles or supplementary materials on ResearchGate, you do not transfer or assign copyright to us. Rather, you make the content available to the public through ResearchGate.
…about encourages users to respect the rights of others:
If you choose to privately archive or publicly post content, we encourage you to first confirm your rights before doing so. … As we do not have any information about rights you may hold, or any license terms or other restrictions which might apply to such content, we necessarily rely on you to understand your rights and act accordingly.
ResearchGate’s relationship with users is also governed by clauses on “Liability” and “Indemnification”—with ResearchGate attempting to pass all liability for a copyright infringement onto the users who supply content.
And finally, as also shown in their policies, ResearchGate also takes advantage of the “notice and takedown” provisions under the Digital Millennium Copyright Act to assure itself “safe harbor,” in the event a user posts infringing content.
What I found at ResearchGate.com was what looks like a thorough attempt to dot all the “i”s and cross all the “t”s to respect intellectual property. They probably have a very good lawyer.
But as I said, “always do your research,” so in addition to visiting their site, I also visited PACER to see if ResearchGate is being sued by anyone for copyright infringement. And boy, are they ever.
ResearchGate GmbH (its corporate name in Germany, where it appears to be based) is being sued by Elsevier, Inc., Elsevier Ltd., Elsevier B.V. and the American Chemical Society (“ACS”). The basis for the suit, as set forth in paragraph “three” of the plaintiff’s complaint, is the ResearchGate’s use of “Published Journal Articles” (which the suit calls “PJA”s):
This lawsuit focuses on ResearchGate’s intentional misconduct vis-à-vis its online
file-sharing / download service, where the dissemination of unauthorized copies of PJAs
constitutes an enormous infringement of the copyrights owned by ACS, Elsevier and other
journal publishers. The lawsuit is not about researchers and scientists collaborating; asking and
answering questions; promoting themselves, their projects, or their findings; or sharing research
findings, raw data, or pre-prints of articles.
And, just in case that doesn’t sound too bad, here’s the next paragraph:
ResearchGate’s infringing activity is no accident. Infringing copies of PJAs are a
cornerstone to ResearchGate’s growth strategy. ResearchGate deliberately utilizes the infringing
copies to grow the traffic to its website, its base of registered users, its digital content, and its
revenues and investment from venture capital. ResearchGate knows that the PJAs at issue
cannot be lawfully uploaded to and downloaded from the RG Website. Nevertheless, in violation of the rights of ACS, Elsevier, and others, ResearchGate uploads infringing copies of
PJAs and encourages and induces others to do so. ResearchGate finds copies of the PJAs on the
Internet and uploads them to computer servers it owns or controls. In addition, ResearchGate
lures others into uploading copies of the PJAs, including by directly asking them to do so,
encouraging use of a “request full-text” feature, and misleadingly promoting the concept of “selfarchiving.”[sic] ResearchGate is well aware that, as a result, it has turned the RG Website into a focal point for massive copyright infringement.
Yikes, that sounds dire, right? And very akin to the member’s concerns.
So, with all that established, I’ll share my thoughts, and address the member’s questions.
Number one, should libraries be directing individuals to ResearchGate to ask authors for copies of their articles? Number two, should our document delivery service be providing copies of PDFs from ResearchGate to our library patrons?
Questions like this may be informed by law (and risk management), but must always start with ethics.
The ALA Statement of Ethics has very clear language regarding intellectual property: We respect intellectual property rights and advocate balance between the interests of information users and rights holders.
When it comes to a source like ResearchGate—ostensibly trying to operate within the bounds of the law, but alleged to have a seamier side—the ALA’s further musings on this statement on copyright are also instructive:
Library workers are increasingly critical resources for copyright information in their communities. Consequently, they should be informed about copyright developments and maintain current awareness of all copyright issues. Library workers should develop a solid understanding of the law, its purpose, and the details relevant to library activities. This includes the ability to read, understand, and analyze various copyright scenarios, including fair use and other copyright limitations, using both good judgment and risk mitigation practices.
Library workers should use these skills to identify their rights and the rights of their users. Further, they should be ready to perform outreach surrounding copyright topics and refer users with questions pertaining to copyright to reliable resources. However, library workers should avoid providing legal advice. They may provide information about the law and copyright, but should recommend that patrons consult an attorney for legal advice. [emphasis added]
I can’t answer the member’s questions for any particular library. But based on the ALA Statement of Ethics, its further comments on copyright, and risk management principles drawn from the law, I can suggest a methodology for a library to apply when asking them.
First, if a librarian, using their own observations, and applying ALA ethics, believes a source to be dubious, it is clear that they are ethically obligated to “us[e] both good judgment and risk mitigation practices” about “relevant to library activities,” and to work with decision-makers at their institution to develop a clear position on that source.
This is not a simple nor easy exercise. Further (and frustratingly, for some) it may vary from institution to institution. Some libraries dance on the cutting edge of copyright. Others err on the side of caution. The decision to do either should be based on an informed assessment that considers the library’s mission, insurance, tolerance of risk, and its comfort level with the status quo.
The member is already applying personal experience and modeling this balancing. Remember the last part of the question: I am personally very hesitant to refer anyone to ResearchGate, as I find most faculty researchers are not aware of who truly holds the copyright to their published articles.
To that type of informed concern, there are two considerations I would add for libraries making this type of determination:
1) Under Section 108 of the Copyright Act, a library’s exemption from infringement can turn on their lack of awareness of a scheme to make exploitive commercial copies. Your library’s insurance may also deny coverage if a library is knowingly referring users to an infringer. So, if your institution is aware that a source is an infringer (which is different from suspecting a source is an infringer), that is a factor to balance.
2) On the flip side, libraries should not be willing (and generally have not been willing) to roll over to support the unchecked dominance of traditional commercial publishers. Without pushback, rates will continue to go up, while terms will get more onerous. But there is a difference between thoughtful pushback (like the current, organized fight against the McMillan Embargo), and systematic copyright infringement (like Napster).
Questions like this one show that librarians are thinking about the difference.
Thanks for a great question. It will be interesting to see if the case against ResearchGate goes the distance, and to see libraries decide where they stand.
 When this question first put the name in my brain, the “g” was lowercase.
 For over ten years, I was in-house counsel at a university, and had a reason to read “The Chronicle of Higher Education,” every week. Every year the Chronicle reported on one research-based scandal after another; it’s a miracle I didn’t hear the term “ResearchGate” before this!
 Am. Chem. Soc'y v. ResearchGate GmbH, 2019 U.S. Dist. LEXIS 98372, 2019 WL 2450976.
 Yes, this is one monster paragraph within the law suit.
What, if any, are the ramifications if a school district public library board of trustee member refuses to sign the code of ethics and/or the conflict of interest/whistleblower policy?
I am sure there is a very interesting set of facts, personal convictions, and conversations behind the stark facts presented in this question (there always is). But we’ll address just the stark facts.
Because a library’s Code of Ethics, Conflict of Interest Policy, and Whistleblower Policy are rooted in different areas of the law, a refusal to sign these documents creates an array of ramifications. We’ll explore each type in turn.
But first, it’s important to establish certain base factors.
In New York, most libraries (unless they are part of a larger institutions like a college or museum) are not-for-profit corporations chartered by the New York Education Department’s Board of Regents. This means that, just like other not-for-profit corporations registered with the New York Department of State, libraries are subject to the Not-for-Profit Corporations Law (the “NFPCL”). This includes school district public libraries.
Without getting too technical, this means that all libraries in New York are governed in accordance with not only their charters and bylaws, but the applicable parts of the Education Law and the NFPCL, too.
This governance structure impacts questions related to conflicts of interest, whistleblowing, and codes of ethics. With the basic features established, let’s look at the different type of policy in the member question.
Conflict of Interest Policy
Here is what the law says about a refusal to participate in the “Conflict of Interest” policy, as governed by the NFPCL:
The conflict of interest policy shall require that prior to the initial election of any director, and annually thereafter, such director shall complete, sign and submit to the secretary of the corporation or a designated compliance officer a written statement identifying, to the best of the director’s knowledge, any entity of which such director is an officer, director, trustee, member, owner (either as a sole proprietor or a partner), or employee and with which the corporation has a relationship, and any transaction in which the corporation is a participant and in which the director might have a conflicting interest.
So, to give a stark answer to the member’s question, per the law, no person should actually be elected to serve as a trustee until the nominee’s Conflict of Interest statement (the “COI”) is completed and submitted. In other words, if the COI is not turned in, that person should never initially be elected as a trustee (we’ll pick that back up in a few paragraphs when we discuss the election criteria for school district public library trustees).
A requirement to “sign” the Whistleblower Policy is a slightly different matter. Unlike the law related to conflicts of interest, the law requiring any not-for-profit with over 20 employees (or revenue in excess of one million dollars) to have a Whistleblower Policy does not come with a requirement for trustees to sign any document.
Of course, a refusal to abide by the Whistleblower Policy (for instance, a trustee failing to keep a report confidential), could result in a violation of the law, and the libraries’ bylaws, as well.
Code of Ethics
Public school boards must have Codes of Ethics, but libraries—even school district public libraries—do not. There is no requirement in the NFPCL, nor the Education Law, nor any applicable regulations, that a public library have such a code.
That said, to clearly express and enforce a library’s values, a Code of Ethics is often built into a library’s bylaws or adopted as a stand-alone policy of a library’s board. The bylaws, or policy itself, could also require that it be signed. Once it is a requirement of the bylaws or policy, it does not have the force of law, but it can be enforced by the board.
Refusal to Sign
Which brings us to: whether it a requirement of law or policy, the refusal to sign of a board member must be addressed under the library’s charter, bylaws, and the NFPCPL.
Under NFPCL §706, a board is empowered to remove a board member per the procedures in its bylaws. Therefore, if a board determines that failure to sign the Code of Ethics or Whistleblower Policy is unacceptable, or that a failure to sign a Code of Ethics makes the library non-compliant with the law, then that board member can be removed, provided the remaining trustees are careful to follow the bylaw’s procedures for doing so.
This can be a divisive issue, since I imagine someone could present a debatable reason for not signing a Code or other policy, but since a Code of Ethics or mission statement is something every board member must support as part of their service to the library, the root cause of the refusal might be just as serious as the refusal, and in any event, must be resolved. And that is, except for one wrinkle, the lay of the land.
School District Public Library
At school district public libraries, board members are elected per the requirements of Education Law §260.
§260, and by reference, §2018 of the Education Law, include very precise conditions for the nomination and election of a school district public library board member—none of which is a pre-vote signature on a COI, or a signed acceptance of a Whistleblower Policy or Code of Ethics.
Of course, per Public Officers Law §10, all school district public library trustees must take and file an oath of office “before he shall be entitled to enter upon the discharge of any of his official duties.” This means, somewhere in the “pre-term” area after the election but before the newly elected trustee starts working, there is a zone where they can, based on a refusal to take the oath of office, not be qualified to start the term.
The consequences of a refusal to sign a COI are a little less well-defined, but it is clear that if a board tolerates a refusal, the organization is not in compliance with the NFPCL. The refusal to sign a Whistleblower Policy is not controlled by law, but the failure to actually follow it is. And the failure of a board member to sign a Code of Ethics is a matter to be decided by the rest of the governing board.
What Happens Next?
The refusal to sign and participate in critical board policy cannot simply be ignored. It has to be addressed, and the rest of the board has to follow the rules as they address it.
Barring any obvious provision in the bylaws or wording in a particular policy, what does the board use as a playbook for dealing with this type of challenge? Upon confirming the factors leading to the refusal, a board’s executive committee, consulting with the library’s lawyer and working from copies of the charter and bylaws, must consider the facts, could develop a solution. The solution could be a revision of a policy to address a particular concern, or, in the case of an incomplete COI, removal of the member. In no event should this be done without the input of an attorney, since the stakes are high, and feelings may be strong.
Thank you for an important question.
 In their quest to impose order on the universe, lawyers often use capitalization to express when a “thing” is a “Thing.” For purposes of this answer, the various policies the member references are each Things, and so while certain style guides may disapprove, the capitals are there to stay!
 The way corporations are created in New York is a type of legal conjuring. For more information on this particular type of conjuring, check out the New York State Education Department’s Division of Library Development Guide at http://www.nysl.nysed.gov/libdev/charter/index.html, and Education Law §255.
 This application of the NFPCL is set forth in NY Education Law §216-a, which is a fun read on a rainy day.
 Intricate arrangements like this are why people like me have jobs!
 In the law, “director,” “board member” or “trustee member” all refer to elected members of the board of trustees.
 This is from NFPCL §715-a (c). This language, or something substantially similar, should be in every library’s Conflict of Interest Policy.
 NFPCL §715-b.
 §806 Section 1(a) of NY’s General Municipal Law.
 Boards of museums and other cultural agencies chartered by the Regents are required to have a code of ethics; see 8 NYCRR § 3.30.
 I cannot imagine a good reason for not signing a COI, unless the policy was badly worded, there is confusion about the policy, or the director really does believe they should be allowed to vote for their wife’s company to install the new library floor.
 It’s 2019. We really need to work on the pronouns in our legislation.
 As but one example of this, see 2001 Op Comm Ed No. 14,710
 Or the trusteeship committee, or the board, working as a committee of the whole…whatever group will ensure thorough assessment and the preparation for, if needed, a removal vote.