The library is using NYS Archives and Civil Service references to set personnel and payroll files records retention and disposition.
A question arose regarding employee rights to request removal of materials from personnel records.
The committee’s question was specifically about removal of a negative matter after the minimum required retention time had elapsed.
In this instance there was no question about the accuracy of the record nor was there litigation involved or anticipated.
There are a lot of little details to address in considering this question, but first, there is one big principle I must emphasize. When it comes to records retention—and especially when it comes to employee-related records—nothing should be discretionary.
In other words, if an employer wants to create a process where every corrective action plan, performance evaluation, employment-related investigation, or incident report is removed after its minimum retention period has elapsed, that is fine. However, unless it is a benefit that has been carefully negotiated and confirmed in a contract, there should be no process for an employee to initiate optional removal of materials, and by no means should that process require the employer to make a “yes” or “no” decision.
The moment personnel records that could be interpreted as “negative” become subject to an employee-initiated, optional procedure, the employer, simply by having such a procedure, has: 1) admitted that possibility that the materials could have a negative impact on the employee; 2) created a system where such material could be retained inadvertently; and 3) set up a scenario where such a request could accidentally or deliberately be denied or perceived as somehow subject for debate, potentially triggering the possibility of a complaint, litigation, or a damage claim.
Unless retention is being considered for historic/archival purposes, record retention or destruction should never be discretionary (and of course, the decision to retain certain records for historic/archival purposes should be based on objective criteria). The best approach for management of employee performance-related records is simply that they be retained as required, or be purged when no longer needed, based purely on the category (not the substance) of the records’ content.
So, my answer to this question is: there should be no process for an employee to request optional removal of negative materials from a personnel file. Rather, the removal of material from personnel files should only happen per uniformly and routinely applied policy. If a negative review or incident report has served its purpose and is no longer needed, it may be removed as part of the routine purging policy and process. If it is still needed, it should be retained. There should be no middle ground; it creates risk. If your library is part of a collective bargaining agreement or uses contracts that include this approach, employees should all be notified and trained on how to exercise these rights.
Thank you for an insightful question.
 Just in case you are new to the Human Resources world, a “corrective action plan” is a time-limited plan with a clearly articulated goal and measurable steps to address a performance concern. Here is an example of a properly formulated Corrective Action Plan, taken from my domestic life: “To ensure optimal vegetable growth and family cohesion, for the next eight weeks, every family member will spend no less than ten minutes weeding per day. To enable verification, family members will place uprooted weeds on the Stick Pile.” Now, here is an improperly formulated version: “If you Ingrates don’t help me in the garden today, I will put a dead thistle by your pillow tonight.” Both techniques can, of course, yield results, but only one wins the “Happiest Workplace” award.
 Of course, a collective bargaining agreement could create the right to request removal of accurate information from a personnel file. Again, however, because such a discretionary approach might not be exercised or even known by all employees, I don't see this as a fair or helpful clause (to either employees, or the employer). A better option would be a simple records purge, or a purge tied to an objective performance metric (“after three years of ‘satisfactory’ reviews, this Corrective Action Plan will be removed from the employee’s record”).
 These are all the “little details” I mention in the opening sentence, but as you can see, they aren’t so little.
 With all due consideration of privacy.
 This could include, by the way, a Corrective Action Plan process with a “self-destruct” measure for the guts of the “negative” issue. In other words, the CAP policy itself could say “Upon satisfactory completion of a Corrective Action Plan, after # years, the only record retained will be the summary note confirming successful completion of a Plan of Improvement.” But again, this should be per a uniformly applied policy, not a discretionary request.
 By “needed,” I mean, among other things, that proof of the remedial action taken by the employer is no longer required to protect the employer. While many policies base this on statutes of limitations, most only start the clock after the employee’s period of employment is over, and that, in my view, is generally the most prudent choice.
My Director has asked me to ask you the following question. In normal circumstances the library would host the meetings of local organizations that do not have a building of their own. The library hosts the meetings of organizations like "Concerned Citizens", "Race Unity Circle", the "Bahá'í society", etc. All nonprofits that do not have large budgets and utilize the library for their meetings. Is the library legally allowed to use the library's Zoom subscription to host meetings for these groups as an Outreach Program? In the same way the librarian would be there to book the meeting, set up tables/chairs, and greet the group, the Zoom meeting would be booked, the link distributed to members, and the librarian there to open the meeting up at the specified time. I would be interested if your answer is different depending on whether the library is in an emergency closure situation or not.
Life is full of surprises. When I was in third grade, I was surprised to learn that this strange country called “Canada” occupied the upper half of North America. When I was in fifteen, I was surprised to learn that “brooch” rhymes with “roach.” And upon researching the answer to this question, I was surprised to learn that Zoom doesn’t have an “exclusive use” clause in their service agreement.
You may not offer or enable any third parties to use the Services purchased by You, display on any website or otherwise publish the Services or any Content obtained from a Service (other than Content created by You) or otherwise generate income from the Services or use the Services for the development, production or marketing of a service or product substantially similar to the Services.
In other words, Zoom doesn’t want you to “offer” your account out to another party (even if that party is a legit not-for-profit).
But the member has asked if they can serve as the “host” of the meeting, mirroring the way their library opens its doors for certain groups and gatherings. Both functionally and grammatically—and thus legally—this means the library is the one using the service. It’s like my law firm using our Zoom to host a board meeting for a client, since I need to be there anyway. Or, perhaps more closely, an educational institution letting a student group use its Zoom, so the student newspaper can soldier on.
So the stark, simple answer to the member’s question (“Is the library legally allowed to use the library's Zoom subscription to host meetings for these groups as an Outreach Program?”) is “YES.”
That said, being a detail-oriented, pro-risk-management, and liability-averse kind of attorney, I can’t just leave it there.
Physical meetings at your library all must follow some rules. Some libraries set these rules by policy, others confirm them with both a written policy and a facility use contract.
These documents ensure that the particular rules at that library will be followed. The same should apply when the library is hosting a Zoom meeting for your community.
Zoom’s “Acceptable Use” Policy expressly bars numerous types of activity, including but not limited to:
I imagine most libraries can endorse these conditions, but some may be (rightly) wary to impose content restrictions on meetings. While the limits your library has agreed to with Zoom is a contract the library has voluntarily accepted, I can see a (very) few instances where perhaps a first amendment concern could loom. So any library considering hosting Zoom meetings for users should think that aspect through thoroughly, and be ready to address it just as you address such concerns for physical meetings.
To help a library navigate these straightforward but choppy legal waters—especially the Zoom Terms’ bar on letting a third party use your account—here is a template “Virtual Meeting” Agreement.
NOTE: As always, template agreements should be reviewed by your library’s legal counsel to ensure they conform with your library’s charter, bylaws, unique identity, and other policies.
Videoconference Meeting Agreement—TEMPLATE ONLY
Person filling out this form [must be cardholder]
Meeting date, time, duration
Target date to send out the invitation
Please note: for the orderly operation of the meeting, pre-registration should be required, OR attendees should be given only limited participation ability.
Purpose of meeting (must be a purpose consistent with library operations)
Estimated number of attendees
Live stream meeting? Please list where the livestream will be accessible
Please list your group’s Meeting Facilitator
[see Meeting Facilitator Responsibilities below]
[To be filled in by library]
Library Staff serving as “host” on the videoconference.
Facility Use Policy
On the above date and time, the [NAME] library will host a meeting of the above-listed group for the above listed purpose.
It is understood that every attendee of the meaning will be expected to abide by both all the applicable rules of the library for meetings at our facility, and to observe any and all above-listed additional conditions.
The above-listed “Meeting Facilitator” should be logged in to the meeting at least 10 minutes before so they can discuss the orderly conduct of the meeting with Library Staff.
The Meeting Facilitator must discuss the functional aspects of the meeting with library staff before the start of the meeting; they should be prepared to discuss how attendees will be able to interact and how the relevant functions of the meeting will be used to meet the meeting's stated purpose.
The Meeting Facilitator should also be comfortable with using Zoom's capabilities to assist the Library Staff in hosting the meeting (monitoring the chat, moderating the discussion, muting or removing participants if needed).
When it is time for the meeting to begin, the library staff hosting the meeting will state:
“Welcome to [MEETING NAME]. Hosting an online meeting with your group is a service the library provides to our community groups without charge. Just as with hosting meetings in our physical space, the library must enforce rules regarding respect, non-discrimination, and accessibility. If you have concerns in that regard, please let me know by sending me a private message during the meeting. And now I’ll turn it over to [NAME] to start the meeting.”
It is expressly understood on behalf of the group that:
Please alert the library to any ADA considerations for hosting this meeting. For meetings with more than 50 participants, the Meeting Facilitator should be ready to discuss accessibility objectives with the Library Staff member.
We welcome your ideas for making our co-hosted meetings better. Constructive feedback may be sent to [e-mail].
Acknowledged: __________________________________ on DATE: ______________.
Unless there is a bylaw, policy, or contract barring staff serving as the meeting host, this is most definitely a service that can be offered even when your library cannot be physically open to the public. However, at all times, it must be clear that this is the library’s meeting. Account ID’s, passwords, and hosting capabilities should not be given away. Co-hosting should never be converted into changing the host. The meeting “intro-text” should be read every time; it is there to make sure that the library’s primary role is documented in every single meeting you host. Just like a meeting room should never be used when the library is not staffed, the virtual meeting room must remain in the control of your institution—otherwise, there could be concerns with the license.
And with that, I wish whoever at your library becomes the “virtual meeting staffer,” a stout heart, a quick finger on the mute button, and lots of community-oriented fun.
 I have since been informed that either pronunciation is acceptable. Fortunately, with my spare fashion sense, it is not a word I use often.
 The conditions in these documents will change from library to library. Some libraries have to enforce the rules of a landlord. Others will decide to charge a nominal fee (DO NOT do that for a Zoom meeting), or restrict use to a charitable use.
 By the time I got to this part of the list, I was thinking “Jeez, it’s an ugly world out there, and Zoom has a front-row seat to it.”
As we look to re-opening our public libraries with abridged services, we want to limit the chances of legal challenge from organizations who seek to make a statement about government response to COVID-19 and social distancing measures. We are considering a recommendation to have a brief policy manual addendum with policy adjustments that supersede the policy manual, have a short review and renew period (aligned with the library board meeting schedule), and are triggered by an objective, external to the library, event. What elements would we need to include in this addendum to make it legally enforceable, while not re-writing the entire policy manual?
Take, for instance, a library's meeting room policy. For a library with a 2,000 sq ft community room, with a normal occupancy of 250 persons and a seated occupancy of 150 persons (fake numbers), in which the board meets every other month.
- Initial addendum policy would have a line which said "Meeting Room: The meeting room is closed to all groups. Policy approved April 27, 2020. Will expire June 26, 2020."
- At the June board meeting the board passed "Meeting Room: The meeting room will open for library sponsored programming July 1st. Registration will be required and limited to 20 persons to follow current social distancing guidelines. Policy approved June 26, 2020. Will expire August 27, 2020."
And so on.
What are recommendations for the pre-amble of such an addendum? What should we make sure to include in the board motion to enact the emergency policy addendum such that it supersedes the standard manual?
This answer is being composed on May 9, 2020. New York is still fully on PAUSE, but the Governor has divided the State into ten districts who must hit seven defined metrics to begin rolling back various restrictions. Careful prognosticators are cautioning that what is rolled back can also be re-implemented, so caution and flexibility are the watchwords of the times.
In this context, many libraries are considering a phased resumption or extension of operations, and to do so, may need to adjust many of their standing policies.
As the member’s question highlights, the stakes for such adjustments can be high. The greatest risk in taking emergency and temporary measures are that: 1) they are not legal; 2) they create legal but mission-averse collateral consequences; 3) they are legal and perfectly mission-aligned, but still just make people mad.
Right now, libraries don’t have the luxury of time to fully mitigate these risks. But collecting, assessing, and documenting some steps, a library can do its best to avoid them.
Here is how to do that:
Step 1: Inventory your board’s authority and obligations
Library leadership seeking to temporarily adjust library policy to address COVID-19 must first assemble the following:
Many libraries will already have these assembled from previous such exercises.
Step 2: Inventory the specific policies your library needs to adjust
This “inventory” should include a citation to each policy your library needs to adjust, the basis of the need, any legal compliance considerations, what the precise terms of the proposed temporary change are, and, as the member writes, the reversion trigger of duration of the change.
This sounds painstaking and arduous, and it will be. Fortunately, when it comes to the painstaking and arduous act of organizing information, libraries have a home team advantage.
And don’t worry, in the next step I give you a chart to sort it all out.
Step 3: Identify what’s needed: alteration of the policy, or complete suspension?
In some cases, a policy will just need some small, temporary alterations to continue serving the requirements of the law and the needs of the library and its community. However, some policies are so complex, or so rife with temporarily unsafe practices, they will simply need to be suspended.
Here is a chart template that sets the “inventory” categories of Step 2, with examples the two types of adjustments:
1. Policy or obligation to adjust
2. Basis of need to adjust
3. Law or policy governing change
5. Reversion trigger or duration
Example: Policy temporarily altered
Policy B-2: Board Meetings
Limits on large gatherings and social distancing requirements requires limiting in-person contact
Board meetings are controlled by the Education Law Section 260 and Article 7 of the Public Officers’ Law (“Open Meetings Law”), but are temporarily governed by Executive Order 202.12.
As allowed by the EO 202.12, the Board shall meet via teleconference, and the audio shall be simultaneously available at a link on the library’s website, as well as recorded and transcribed.
This adjustment shall be in effect until the expiration of the terms of EO 202.12.
Example: Policy temporarily suspended
Meeting Room Policy allowing use on a reservation basis.
The Library wants to use the Meeting Room but must suspend community use to observe current social distancing requirements and health-oriented practices.
Executive Order # and #, as well as the usual laws governing use of library property.
To ensure observance of [cite EOs] the Meeting Room policy is suspended until two weeks after the last remaining restriction is lifted.
To allow time for cleaning and operational adjustment, the regular policy will go back into effect two weeks after the last remaining restriction is lifted.
Step 4: Contrast the adjustments with your library’s obligations
This is really a second look at the third column- “Law or policy governing change.”
It encourages your leadership—and ideally, your lawyer—to take a deep look at any standing legal obligations, and make sure your temporary adjustment doesn’t run afoul of them.
For instance, in the Meeting Room Policy example, let’s say that, per the policy, the library had a standing, written agreement for the room to be used by a writer’s group on a weekly basis. This might require an extra step in your adjustment to the policy, with some targeted outreach to cancel what might be regarded by the group as a written contract.
SPECIAL NOTE FOR LIBRARIES WITH UNIONS: Step 4 is especially critical if there is a union contract involved. Throughout this time of COVID-19 response, I have seen many examples of situations where a library’s prospective plans have been impacted by CBA provisions for emergency closure or other obligations. I have written about that at length elsewhere, so for now, will simply say: in all of this a library’s union should be an ally and critical stakeholder promoting employee well-being, and hopefully the need for any changes to routine policy and procedure can be approached in that spirit.
Step 5: Diplomacy Check
Technically, this is not a “legal” step, but I can say that in many ways this step is the most important part of avoiding needless legal threats and hostility.
Step 5 involves taking yet another look at the chart, and adding other two columns, covering: “Who will be impacted by this policy change?” and “How can we roll out the change to lessen any negative impact?”
Here is what these columns look like in my imaginary examples:
6. Who will be impacted by this policy change?
7. How can we roll out the change to lessen any negative effects?
Board Meeting Policy Example:
Everyone who relies on library board meetings as a chance to scour the budget and yell at the treasurer about how much was spent on new shelving, even though the purchase followed every bidding step required by state procurement rules.
The library will put up a sign on the front door, and in the usual places where the library sends formal notices about the meetings, saying:
“As you know, our board is meeting via telephone and working to keep our library ready to serve the community! You can hear our meetings at [link] or get a recording at [way]. We’ll have transcripts ready a month after the meeting. Please keep in touch by sending your comments to [NAME] at [ADDRESS].”
Meeting Room Policy Example:
People who really, really just want to see their writing group.
The director will ask [STAFF] to outreach to the regular groups, to see if they need assistance finding alternate resources while we wait to welcome them back.
And with all that legwork done, we can now answer the member’s core questions:
Question 1: What elements would we need to include in this addendum to make it legally enforceable, while not re-writing the entire policy manual?
The elements would be 1) a preamble setting forth the board’s authority, goal and process for the temporary changes; 2) a list identifying the policies that are temporarily suspended or temporarily altered; and 3) an articulation of the replacement policy or temporary changes.
Question 2: What are recommendations for the preamble of such an addendum?
Here is a template for the preamble:
The [NAME] Library was chartered in [YEAR] by the New York Board of Regents, and operates under the authority of that Charter, the New York Education and Not-for-Profit corporation law. In accordance with that authority and in compliance with the Library’s bylaws [OPTIONAL IF UNION AGREEMENT OR OTHER CONTRACTS ALSO GOVERN: and all other applicable obligating documents], to promote the mission of the library, the safety of all it serves and employs, and the needs of the community at this time, the following temporary changes to the following policies are made:
And here is how you link it to the other elements:
[INSERT chart with only columns 1, 4, and 5].
Question 3: What should we make sure to include in the board motion to enact the emergency policy addendum such that it supersedes the standard manual?
Here is template language for a board motion:
WHEREAS the State of New York is currently subject to Executive Orders governing the State’s response to the COVID-19 pandemic; and
WHEREAS the [NAME] Library’s mission is to [INSERT]; and
WHEREAS some of the Executive Orders impact the ability of the Library to fulfill its mission while abiding by its usual policies and procedures; and
[INSERT ONLY IF APPLICABLE] WHEREAS the Library is also subject to the terms of a collective bargaining agreement signed on DATE: and
[INSERT ONLY IF APPLICABLE] WHEREAS the Library is also subject to [variable]; and
WHEREAS the Library has developed temporary adjustments to its usual policies and procedures, with all due consideration of its standing obligations, to aid itself in operating safely and in compliance with the orders, and in period of recovery to follow;
BE IT RESOLVED that the following temporary changes, for the corresponding durations sets forth below, are enacted, effective immediately:
[insert chart with columns 1, 4, and 5]
AND BE IT FURTHER RESOLVED that the full chart setting forth these temporary adjustments shall be posted on the Library’s usual place for posting policies no later than [DATE]; and
AND BE IT FURTHER RESOLVED that the following measures to positively communicate these temporary adjustments shall be taken:
[INSERT measures identified in column 7].
When using these steps, it will be important to remember that an individual library’s response will be informed by not only their unique documents and priorities, but which of New York’s ten regions they are in. This means that what works for one library won’t necessarily work for a similar library in the next county over. Nor should one library be judged by what is being done at another.
And finally—and I have mentioned this in several columns lately, but I will mention it again—attorneys throughout New York State are stepping up to the pro bono plate these days. Now is the time to see if your library can enlist an attorney familiar with municipal, education, employment law, even if it is just to take a fresh, hard look at your final product. If you can’t find that attorney, you can ask for a referral from your local bar association.
By assembling the documents listed in this answer, and identifying your priorities and concerns in the chart, you’ll help that attorney help your library. In addition, I welcome questions from local attorneys who are helping their local libraries pro bono; they can reach me at email@example.com, or my library paralegal Jill at firstname.lastname@example.org.
As the member’s excellent question suggests, the more unified and well-developed the response of libraries can be, the more we can avoid challenges, and focus libraries’ energy on the business of serving the public. Sadly, the need for that energy will be great.
Thank you for giving me the opportunity to answer this very important question.
 Like a writers’ group saying: “Forget it. We’ll just meet at Starbuck’s.”
 For instance, if a patron brought a legal action under ADA, and the library reached a compromise it is legally bound to follow. Most libraries will not be subject to any such restrictions, but I want to ensure they aren’t forgotten.
 In my experience, unless the law mandates that you have one (for instance, certain libraries must, under the Education law, have an internet access policy) suspending a policy is also the way to avoid inviting arguments with people who will try and word-smith your temporary adjustments. As a lawyer, I do enjoy a good quibble, but there’s a time and place for it, and debating when a writer’s group can get back in the community room might not be the best use of energy right now.
 It really sounds like I am picking on this writer’s group! I’m not, we’re a fan of writer’s groups in my law firm (they produce writers, who are part of our client base). I think it’s just that in my mind everyone is, at this mid-May point, is very eager to resume normal social activity. I know I am. Meeting on Zoom is like eating low-fat olive oil.
 This is not a legal tactic tested on the bar exam. I learned this from my mentors at Niagara University, where I served as General Counsel for ten years. When legal strategy was proposed, their first thoughts were always about how it would hit the very real people involved.
 One of my favorite quotes about this phenomenon is from Parks and Recreation: “So what I hear when I am being yelled at is people caring loudly at me.”
 My poor staff. They just got used to New York being divided into nine library council districts, and 23 public library system districts. Val, our keeper of the “library map,” should be getting danger pay.
Can a library prevent someone from coming into the library if they refuse to wear a mask? I know that library behavior policies would need to be broadened to include mask-wearing. Are libraries required to provide a mask for the public - and what if a person wears the mask improperly - can they be asked to leave?
New York has numerous “types” of libraries, serving a diverse array of locations. All of them are empowered to take the steps needed to serve their communities safely.
For libraries who want to do just that—knowing it will be a vital part of their community’s response and recovery—here is how to enact and enforce the use of appropriate personal protective equipment (PPE).
Assess your library’s status under the current Executive Orders. Does your library regard itself as exempt from the Orders due to status as a governmental entity (like a school)? Or has your library been operating under compliance with the 100% workforce reduction…and thus, subject to further such restrictions (or them being eased)?
If your library is subject to the Executive Orders, linking your policy to future Orders is a good idea. That’s why you’ll see that as a variable in the template, below. And if your library concluded it didn’t need to follow them, well, that part doesn’t apply to you.
Assess what operations your library will resume. Will you resume lending books, but restrict reading rooms? Will you encourage curbside pickup, or perhaps lower your building capacity to ensure social distancing?
This step assumes that the return to full services might be incremental—but with the resumption of services tailored to the needs of your community. It is where the customization kicks in.
Once your library has confirmed which activities will resume, select the appropriate safety protocols for those operations.
This is why this will not be an exercise in one-size fits all. Some libraries may decide to expand reading rooms or acquire additional electronic devices to loan. Some will need masks, some may need gloves, and others might adopt different safety measures. What’s important is that the measures be tailored to the activity.
As a starting place for that selection, I really like this function-centered guidance from OSHA:
NOTE on this guidance from OSHA: While the common thinking might be that libraries are primarily “customer service” environments (as the term is used by OSHA), many libraries have back end and programming operations that are even more interactive and tactile than retail. That’s why I like OSHA’s approach for this—it sorts COVID-19-related safety practices by function (of course, ALA and other library-specific resources will further distill and assess these resources for libraries).
If the option is available to your library, I strongly recommend confirming your library’s operational choices and related safety practices with your county health department. Your local health officials may even have some thoughts about unique considerations for your locality (after all, that is their job). This is also a great way to show the public that your library has thought these measures through thoroughly, that your choices are rationally related to your activities, and that they have credentialed back-up.
As the member writes, once you have selected your operations and confirmed your safety measures, add the measures (temporarily) to your library’s Code of Conduct.
Here is a template policy for doing that (variables are in yellow, including whether or not your library must abide by the current Executive Orders):
The [Insert] Library is committed to serving its community during hard times and good.
The year 2020 has brought unprecedented challenges to our nation, state, and area of service.
To continue serving our patrons during this difficult time, while placing the health and safety of our community at the forefront, the Library Board of Trustees has adopted the below Temporary Safety Practices Policy.
The safety measures in this policy have been confirmed with the [Insert] County Health Department.
The board’s authority to adopt these measures is found in our charter, bylaws, New York Education Law Sections 255, 260, 226, 8 NYCRR 90.2, and Article 2 of the Not-for-profit corporation law. We also consider it our duty to develop these measures to keep our services accessible at this time.
Staff at the [Insert] Library have the authority to enforce these measures like any other of the Library’s Rules. Concerns about this policy should be directed to [Insert name]. Thank you for honoring these measures, which are designed to keep our community safe, while allowing access to the library.
[Insert Library] Temporary Safety Practices
Scope of Temporary Safety Measures
The [Insert] Library operates per relevant law and Executive Orders, including those pertaining to mandatory workforce reductions. Therefore, the temporary practices in this Policy may be further modified as needed to conform with relevant Orders.
Until the board votes to revoke this temporary policy, only the following routine activities may be performed on site at the library:
Until the board votes to revoke this temporary policy, the library will require all people on the premises to abide by the following safety practices:
[based on activities and confirmed safety practices, including but not limited to use of particular PPE, insert]
In the event any safety requirement is not practicable on the basis of a disability, please contact [Insert name] to explore a reasonable accommodation.
To aid the community in honoring these requirements, the Library will transmit this policy through social media, and use a variety of health authority-approved, age-appropriate, multi-lingual and visual means to transmit this message in a manner consistent with our mission and our identity as a welcoming and accessible resource to the community.
Code of Conduct
Adherence to these practices shall be enforced as a requirement of the Library’s Code of Conduct until such time as this temporary policy is revoked.
In developing this guidance, I have considered the long line of federal cases related to the library access (starting with Kreimer v Bur. of Police).
New York has a vivid array of people devoted to civil liberties, and there is a chance a community member could feel that conditioning library access on temporary protective measures adopted in the interest of public health could violate First Amendment or other rights. This is why careful consideration of what operations your library will resume, and enforcement of only those safety measures related to those operations (steps 1 and 2), are so critical.
The First Amendment tests of such measures will vary based on the circumstances, but the goal of combining a clear policy with well-documented, informed decision-making, good communication, and the backup of health authorities, is to avoid the need for such legal testing in the first place!
As with all things template, the suggested language above should be modified to fit your unique library. If there is a local attorney versed in First Amendment and municipal law, this is a good time to bring them in to review your final product. The town attorney for your municipality will have had to address similar First Amendment/safety concerns (and is probably doing a lot of that right now), so they might be a good pick.
And now, with all that as background, to address the members’ specific questions:
Can a library prevent someone from coming into the library if they refuse to wear a mask?
Yes (but follow the steps above).
Are libraries required to provide a mask for the public?
No (but hey, it would be nice, especially if you can get them donated).
And what if a person wears the mask improperly - can they be asked to leave?
Yes (but take care to consider any implications under ADA; some people might need to use alternate PPE).
Thank you for a great question. I wish you safe operations as you serve your community.
 Whatever your library decides should be consistent with its analysis in any decision to apply for the Paycheck Protection Program, or other aid.
 Of course—especially as the mother of a Type1 diabetic and Gen Xer with parents almost 80— as a finishing place, I like a world where we no longer need to socially distance, maniacally sterilize, and use PPE…but we don’t know when we’ll get that world.
 I like writing guidance for libraries because at a certain point, you can assume they know how to find the type of resources one is describing. It’s like telling a lawyer that something is in the penal law—I assume they can just find what I’m talking about.
 Citation: 958 F2d 1242 [3d Cir 1992]
 A recent good example of how First Amendment tests can turn on precise circumstances can be seen in Wagner v Harpstead, 2019 US Dist LEXIS 220357 [D Minn Nov. 12, 2019, No. 18-cv-3429].
 This First Amendment concern is less critical for association libraries, but since such libraries also have a vested interest in maximizing access to their areas of service, it’s a good exercise for them, too.
 I do run on, I know. Occupational hazard.
 Here is a good resource for ADA and COVID-19: https://askjan.org/blogs/jan/2020/03/the-ada-and-managing-reasonable-accommodation-requests-from-employees-with-disabilities-in-response-to-covid-19.cfm
[I work at the library of a public university.] Every year we have requests from students in Media Arts program to videotape in the library. They ask me to grant permission. I do not feel comfortable granting permission for others to be filmed.
Do students in the library have a right of privacy that would prohibit filming them as they go about their normal business in the library?
We would like to have a written policy.
The images would not be used for commercial purposes, just as an academic assignment.
When this question landed on my desk, I had recently watched a viral video on YouTube about how some people have no "inner monologue".
The video explained, in plain and accessible terms, that there are people who, rather than internally narrate their world, don't have constant chatter in their heads. They don't have an "inner voice." Rather, their brains "map" their reactions to the world, and those reactions are only put into words through vocalization.
The reason the video went viral is because for those of us with a strong inner monologue, the idea of living without one was mind-blowing.
My brain was still wrestling with this concept ("You mean there is no narrator in your head? None??"), when I read the member's question.
And when the question hit my brain, just like that, I got it.
When I read this question, I didn't hear the words, but I saw the answer. I couldn't articulate it, but it was there: a Venn Diagram of overlapping legal concerns, "mapped out" in my head, just like the video described: CPLR 4509; FERPA; NYS Image Rights Law.
Only after I had mapped out that diagram in my head could I unpack the details and start to compose.
So, before we delve into the question, I want to thank the member for inspiring a bit of neuro-diverse-empathy in yours truly. Our brains are endless mysteries; it's good to occasionally see ourselves differently.
And with that, here is my "(Academic) Library Right to Privacy Venn Diagram," unpacked and articulated, and, per the member's request, set out in a "Policy" format, ready to customize for your academic library.
(NOTE: Why are there TWO policy templates? Because people may have a context-specific first amendment right to film in a public library or the library at a state university, while at a private academic library, only the rules of the institution will apply):
[PRIVATE COLLEGE/UNIVERSITY NAME] Policy on Academic Library Privacy
[FERPA Compliance Policy,
Student Code of Conduct,
Patron Code of Conduct,
Campus Guest Policy,
Institutions' Data Security Policy]
Version: DRAFT FOR CUSTOMIZATION
Passed on: DATE
Positions responsible for compliance
FOR USE IN PRIVATE COLLGES AND UNIVERSITIES
The state of New York provides that library records containing personally identifying details regarding the users of college and university libraries ("Patron Records") shall be confidential, except to the extent necessary for the proper operation of the library.
To safeguard this right, the [NAME] library will observe the below protocols.
No Patron Records, including but not limited to circulation records, computer searches, information requests, inter-library loan requests, or duplication requests, shall be disclosed, unless 1) upon request or consent of the user; or 2) pursuant to subpoena, court order, or where otherwise required by statute.
The use of security footage showing access to library resources (computers, collection materials, duplation technology) is considered to be a Patron Record. NOTE: As authorized by law, the Library may release such records incident to promoting proper operation of the library.
No recording of library users by any third parties is authorized on the premises without the filmed individual's express consent. This includes recording for academic, professional, or social purposes.
To the extent Patron Records overlap with FERPA-defined education records, the Library shall interpret the law to provide maximum assurance of the privacy of the library user, while also reserving the right to promote the proper operation of the library.
[PUBLIC COLLEGE/UNIVERSITY NAME] Policy on Library Privacy
[FERPA Compliance Policy
Student Code of Conduct
Patron Code of Conduct
Campus Guest Policy
Institutions' Data Security Policy]
Version: DRAFT FOR CUSTOMIZATION
Passed on: DATE
Positions responsible for compliance
FOR USE IN PUBLIC COLLEGE AND UNIVERSITIES
The state of New York provides that library records containing personally identifying details regarding the users of public college and university libraries ("Patron Records") shall be confidential, except to the extent necessary for the proper operation of the library.
In New York, libraries at state, county and municipal institutions may have specific status under the Open Meetings Law and various civil rights laws, but such status does not eliminate their obligations under CPLR 4509, nor limit patrons rights to access services without fear of that record being accessed by another.
To safeguard this right, the [NAME] library will observe the below protocols.
No Patron Records, including but not limited to circulation records, computer searches, information requests, inter-library loan requests, or duplication requests, shall be disclosed, unless 1) upon request or consent of the user; or 2) pursuant to subpoena, court order, or where otherwise required by statute.
The use of security footage showing access to library resources (computers, collection materials, duplation technology) is considered to be a Patron Record. NOTE: As authorized by law, the Library may release such records incident to promoting proper operation of the library.
Individuals or representatives from the media who wish to make recordings in the unrestricted areas of the library must adhere to the following rules:
To avoid inadvertent violation of these rules, individuals or representatives from the media who wish to make recordings in the library may, but are not required, to discuss their projects with the Director; however, neither the Director nor staff can give permission to waive this policy or give permission to record patrons or students.
Conduct that would be barred by any other policy is not legitimized by the presence of a recording or transmitting device; this includes harassing patrons or staff, or any behavior that violates the rules of the institution.
To the extent Patron Records overlap with FERPA-defined education records, the Library shall interpret the law to provide maximum assurance of the privacy of the library user, while also reserving the right to promote the proper operation of the library.
Now, before I go, just a few words on working with these policy templates.
First and foremost, while templates can be a great starting place (and these are designed to inspire generative conversation), they should NEVER be adopted without a thorough analysis and scrubbing by your institution.
For instance, a public or private academic institution could already have a campus-wide policy on filming people. Or, on the flip side, the institution could have a strong Media Communications or Film department that relies on being able to send students out onto the campus for filming; a policy like this, with no warning, could cause an unnecessary confrontation. Policies within smaller units at a big institution can cause inconsistency and friction that can be hard to anticipate, unless you bring in some colleagues to pass the policy with.
The Director of the Library (I trust the reason why is obvious), and at least one staff member (the staffer will provide an in-the-trenches perspective; plus, collaborating on that policy is great training for following that policy).
The Director of Campus Safety/Security/Police. Why? Because 1) they might have to help enforce the policy; and 2) it is important that they understand the privacy obligations of the library. Further, at a public institution, they will likely be a ringer who understands the nuances of "quasi-public" space (for first amendment concerns).
The Dean of Students: Why? Because 1) they might have to help enforce the policy; and 2) it is important that they understand the privacy obligations of the library are for the benefit of the students.
The Director of IT: Why? Because 1) it is important that they understand the privacy obligations of the library; and 2) they must ensure those obligations are supported by the institution's current and future information technology.
A student government rep: Why? Because 1) it is important that students have a voice in policies that are meant for their benefit; and 2) students can help articulate the reasons and importance of policies in ways their peers can relate to. Bonus reason: participating will look good on their apps for grad school!
The institution's lawyer and/or compliance director: Why? Basically, you want the person who keeps an eye on all the rules at your institution, to make sure they are harmonized and are consistent with each other. Institutional policymaking cannot be done in isolation.
Optional, but a gold-star member: your institution's Family Rights Education Act (FERPA) compliance officer (for a discussion on how FERPA and library privacy obligations interact, see https://www.wnylrc.org/ask-the-lawyer/raqs/67.).
And, in the case of this member's question: the Chair of the Media Arts Department: because as you meet, you can explore setting up ways for the film students to get the permission and image releases they need, in a way that supports their projects but respects the rights of others…skills they will need in "real life."
Okay, I can hear some of you (in my inner monologue!) saying: that's a huge meeting! Do I really need to convene all those people?
Based on my experience as an in-house counsel at a University (ten years or so), my answer is: YES.
Why? Because you don't want your first discussion about privacy with Campus Safety to take place when they ask you for the internet search records of a student who was reportedly making a weapon in his dorm room. You don't want your first discussion about privacy with the Dean of Students to occur when they demand to know if a student was in the library at the time they are accused of driving drunk across campus. You don't want your first discussion about privacy with a student rep to be when a "first amendment auditor" shows up at your public university campus. And you don't want to jeopardize your relationship with the IT Director by finding out she set up security cameras you don't know about.
And most critically: Privacy, security and safety on any college/university campus are a collaborative effort, and your library deserves special consideration within that effort. Why?
No other space on campus has your precise mission and obligations. A team that knows and supports that mission, and those obligations, can be a great asset.
This is true whether your library's commitment to access and privacy is fully articulated by the team members' constant inner monologues, or is simply hard-wired into the "maps" in their heads.
By jointly working on a policy, and paying attention to the details, either is possible.
Thanks for a great question, and best wishes for developing a strong, coordinated, customized policy!
 NY CPLR 4509, FERPA, Civil Rights Law §50, the first amendment, 20 U.S.C. 1011(a), and a bunch of laws on trespass, Public Officers Law, etc.
 I'm a lawyer, so I am very happy about the concept of "necessary confrontation," but I like to save people time and stress whenever possible.
 This is not the place to dissect the first amendment's impact on public college/university libraries (see next footnote), but for the record, the "Higher Education Opportunity Act" emphasizes that ALL higher education institutions should be a place for "the free and open exchange of ideas."
 That said, an on-campus Health Services facility, Campus Counseling, Records, or other place with confidentiality obligations will have similar needs that might be instructive.
 I would like to apologize for any painful pseudo-science in this "Ask the Lawyer." Stupid viral videos.
What is the order of due process in a local library for employees?
Which laws/policies apply most in advocating employee rights?
Please let me know.
Wow, what a great question: what is the hierarchy of laws impacting the employment conditions of librarians?
The laws impacting the employment conditions of librarians are a complex logic tree with many branches. When I consider the amount of laws, and the permutations….
For a lawyer practicing in both library and employment law, this question is the equivalent of someone handing a librarian a huge box of materials while asking: “Can you catalog these, then use them in a ‘Library Employee Rights’ display for the lobby?”
I can’t wait to curate the display, but first, let’s take a look at what’s in the “library employment law” box. We’ll take them in rough order of hierarchy/priority.
The first item in the box is a huge, grubby tome that lawyers, even younger ones, use every day (if they are at a firm owned by a crusty Gen X lawyer): Black’s Law Dictionary.
A legal dictionary is in the collection because, although no lawyer would ever litigate an employment law matter based solely on a dictionary definition, legal concerns often turn on precise word meaning, and employment law certainly does. In fact, there are at least three different legal definitions of the word “employee” that apply to library-related issues.
The second is not a book, but a collection of CD’s containing a huge database. What’s on the database? It’s the “common law”—a body of case law and rulings that can influence how black-letter laws work together. The “common law” is a body of shared language and precedent that can influence (sometimes heavily) legal decisions. It is often the glue that holds legal decisions together.
And now, for a few volumes that are far less esoteric:
The Fair Labor Standards Act (“FLSA”): Among many other things, this is the law governing who must be paid overtime when they work more than 40 hours in the standard work-week.
Federal Civil Rights Laws: This is a compendium of laws governing rights protecting people under the jurisdiction of the USA from discrimination. It includes the Civil Rights Act and the Americans With Disabilities Act.
The New York Human Rights Law: This is a compendium of laws governing rights protecting people from discrimination in New York. It includes protections on the basis of religion, sexual orientation, gender expression, prior conviction and pre-disposing genetic characteristics (among many other things). It is why your library recently adopted a sexual harassment report form.
New York Labor Law & Regulations: Among many other things, this is the law that mandates one unpaid break every six hours for certain hourly employees.
New York Civil Service Law: Among many other things, this is the law governing the hiring, advancement, compensation scale, discipline, and termination of most public library employees.
Federal Laws Governing Benefits: This is a compendium of laws governing employee benefits in the USA. It includes a law called ERISA, and the Affordable Care Act.
The New York Laws Governing Employee Benefits and Protections: This is a compendium of laws controlling unemployment insurance, workers’ compensation for work-related injury, insurance for non-work-related injury, retirement benefits, and most recently, the Paid Family Medical Leave Act.
New York Education Law & Regulations/New York Not-for-Profit Corporation Law: These laws are combined in one handy volume to create the rights and duties of a chartered library, and its governing board (who, within a framework of laws, are the ultimate decision-makers regarding employment at their library).
Local Civil Service Rules: Based on New York’s “Municipal Home Rule Law,” many of the details of Civil Service-controlled employment practices can change from county to county (and municipality to municipality).
Local laws: Some municipalities adopt local law to create further protections for employees. These laws cannot be contrary to state, federal, and county law, but can expand employee rights further.
Random Authorities: This book is a vivid graphic novel depicting numerous opinions by the Equal Employment Opportunity Commission (“EEOC”), the U.S. Department of Justice, the National Labor Relations Board, the New York State Comptroller, the New York Attorney General, the New York Committee on Open Government, and the New York Commissioner of Education, regarding matters impacting library employees. One delightful example of this is an intricate decision by the State Comptroller about how much money could be spent on a party for volunteers.
And finally, some really cool, custom works are in the box…
A Choose-Your-Own-Adventure novel called A Journey Through Your Charter and Bylaws.
Why is this a choose-your-own-adventure? Because while neither a charter nor bylaws can change the above-listed law, the “type” of library an institution is chartered as will impact if and how those laws apply. And within the framework set by those laws and their application to your library, it is the board—whose composition and functions are controlled by the charter and bylaws—that is the ultimate party responsible for hiring and firing of employees, which sets the stage for all other employment-related actions.
A collection of scrolls labelled “Contracts.” This could be as simple as a contract with an Executive Director or Book-keeper, or as complex as a “Collective Bargaining Agreement” with an employee union. It is important to note that while a contract can create a great many additional rights, it cannot be contrary to the Charter and Bylaws, nor any of the laws listed above (UNLESS there is not an “exception” in the law, allowing it to be altered by the terms of a collective bargaining agreement, and if your library type means they apply).
And finally, the most valuable part of the collection: a weird device, rather like a flour sifter, that says in big, bronze letters on its handle “IT DEPENDS.” What does this screen do?
It tells you which laws apply to which libraries, in which order of priority, under which circumstances. When applied properly, this allows you to create…
Your Institution’s Employee Policies, drafted to comply with the law as it applies to your library, and to support your unique charter and mission. Such policies should be routinely re-assessed to ensure continued legal compliance and support for your library’s key objectives (like attracting, retaining, and developing the best staff possible).
In other words—and in direct response to part of the member’s question—the purpose of policy is to articulate and apply the law as it governs your library. No policy should ever contain a provision contrary to a governing law or regulation. This is why policy must be routinely assessed, revised, and updated.
And that’s the collection.
At this point, I imagine the member who asked this question might be feeling: Whoa, information overload!
Let me show you my display, here….
You probably thought it was going to be a tree, right? Nope. It’s a finely balanced array of media stacked to look like librarian assembling a sculpture of…a librarian.
Why is that?
No other entity created by law(s) has the type of support, mandates, restrictions, and—yes—latitude under the law that libraries do. Yes, libraries operate with a strict framework created by the laws and regulations listed above, and operate within exacting mandates…but within that framework, libraries have almost limitless discretion with policies. That is how they function and evolve as reflections of their communities.
That said, certain things fundamental, and cannot be trumped by much. Here are a few (with links to the laws that back them up):
How does this play out?
Let’s take breaktimes as an example.
In New York, employees have to take a break every six hours. It’s the law. In my office, when a paralegal gets so into the project they don’t want to stop, I have to order them to take a break. (at which point they do, because otherwise…irony).
Now, how I choose to support my employees as they take their break is up to me, and may become a matter of policy. Do I supply a break room? Do I have a fridge and a policy/procedure for keeping the break room clean and the fridge free of mold? All of those things are discretionary—and to govern the details, I might have a policy that goes beyond the minimum. But here is where things get complicated: If an employee doesn’t follow the policy, I may need to follow rules set by Civil Service to discipline them. But if I am selectively enforcing the policy in a discriminatory way, state or federal civil rights law could govern. Or perhaps the employee will first file a union grievance, which we’ll have to arbitrate…
And that is the hierarchy of employment law. It’s not really a heirarchy…it’s more of a fractal pattern. The good news is, library leadership gets some say in the pattern.
What shape does your library pick?
 If I were the sort to write via emoji, I would be using the icon for “Mind. Blown.”
 That’s me.
 There is a definition for purposes of liability, a definition for purposes of compensation, and a definition for purposes of copyright ownership of employee work product. And yes, they are all slightly different.
 “Black letter” laws are those “embodied in…statutes.” Thanks, Black’s Law Dictionary! (Centennial Edition)
 Due to changes in 2018.
 This opinion is here: https://www.osc.state.ny.us/legal/1990/legalop/op90-63.htm. The final decision? “A public library may sponsor a recognition dinner for volunteer library workers, but may not sponsor a party for the senior citizens of the sponsor municipality or school district..
 This “screen” is either a lawyer, an HR professional, a civil service professional, or a library system or council working with one of those to support your unique operations.
 And more….so many, many more…
 In layman’s terms, this means you are protected in the event you are sued for just doing your job.
 I was lucky enough to attend an excellent presentation by authors of this Guide at the 2019 NYLA Conference.
 My team is great! Every employer should have this problem.
With the NYS Shield Act taking effect in March 2020 what changes or precautions should libraries be thinking about to comply with the law and minimize the risk of data breaches?
There are many technical aspects to this question, and this answer will explore many of them. But first, I invite each reader to sit back, close their eyes, and envision the types of information their library takes in, maintains, or manages digitally.
Name…address…phone number…e-mail…library card number and account information. Perhaps a driver’s license, or other photo ID. Credit card information? Job applicant information, payroll, and employee data…. Donor information. Survey responses. Licensed lists. Content related to digitization. And (of course) every digital record related to a library’s core function: providing information access.
Now envision what someone with less-than-ethical intentions could do if they accessed or appropriated that digital information:
Disclose confidential library records…sell active credit card information on the dark web...use the information to design a very convincing phishing scheme….
And I bet you can easily think of more.
Scary? You bet it is. This is the type of risk-management New York’s lawmakers had in mind when they enacted the SHIELD Act, a far-reaching amendment to the state’s laws governing data security.
And as the member points out, the changes will impact your library.
So, what does this law require?
And here is where we get technical. Because the law will hit different types of institutions differently, this “Ask the Lawyer” can’t give you a word-by-word recital of the precise obligations the SHIELD Act will impose on your institution. But it can give you a plain-language DIAGNOSTIC FORM to help your board, your director, and your (internal or external) IT team a tool to start assessing your obligations.
So here, without further ado, is the ‘ASK THE LAWYER’ SHIELD ACT DIAGNOSTIC FORM. If you have a buddy to fill this in with, I suggest you invite them to help, this is not the type of exercise to do alone.
[NOTE: Any member of a library council in the State of NY is licensed to make a copy of this form for diagnostic purposes. However, THIS IS NOT INDIVIDUALIZED LEGAL ADVICE and no legal conclusion about the obligations of your institution should be made without the input of a lawyer. That said, filling this out will help that lawyer help you a lot faster.]
Does your library collect electronic versions of “personal information” as defined by SHIELD?
Here is the definition of “personal information”:
"Personal information" shall mean any information concerning a natural person which, because of name, number, personal mark, or other identifier, can be used to identify such natural person.
If your library collects “Personal information” as defined by SHIELD, it may be subject to SHIELD’s requirements.
So, if you marked “yes,” keep going!
Does your library’s network or equipment collect electronic versions of “private information” as defined by SHIELD?
Here is the type of data that, when combined with “personal information” becomes “private information” protected under SHIELD:
(1) social security number;
(2) driver's license number or non-driver identification card number;
(3) account number, credit or debit card number, in combination with any required security code, access code, [or] password or other information that would permit access to an individual's financial account;
(4) account number, credit or debit card number, if circumstances exist wherein such number could be used to access an individual's financial account without additional identifying information, security code, access code, or password; or
(5) biometric information, meaning data generated by electronic measurements of an individual's unique physical characteristics, such as a fingerprint, voice print, retina or iris image, or other unique physical
representation or digital representation of biometric data which are used to authenticate or ascertain the individual's identity; or
(ii) a user name or e-mail address in combination with a password or security question and answer that would permit access to an online account.
If your library collects “private information” as defined by SHIELD, it may be subject to SHIELD’s requirements.
So if you marked “yes,” keep going!
(NOTE: if any libraries out there are using biometric records like retina scans in place of library cards, please let me know, because that is Bladerunner-level cool).
Does the “private information” your library collects include information from residents of New York?
If your library collects “private information” relating to New Yorkers, it may be subject to SHIELD’s requirements.
So if you marked “yes,” keep going!
Is your library part of a larger institution such as a school, college, university, museum, religious institution, or hospital?
If the answer is “yes,” then STOP.
Your work on SHIELD ACT compliance should be coordinated with your full entity, who should be sensitive to not only your library’s obligations under CPLR 4509, but your institution’s obligations under SHIELD and other data security laws like FERPA and HIPAA.
Don’t go rogue!
Does your institution contract with another entity, like a library system, to maintain private information?
EXAMPLE: When a person applies for a library card, does the personal information supplied stay on the local library’s network, or does it simply flow through a terminal at the local library to a system’s network? This is a very common arrangement in NY.
If “yes” list and attach the contracts, along with the information maintained by the contractor.
This question applies to both parties.
If the answer is “yes,” gather the contract(s) governing the arrangement(s), and be ready to check the contracts for assurance of SHIELD compliance. This includes assurance of “reasonable security requirements,” and a clause governing data breach notification.
Now, aside from information maintained on another entity’s network as listed in #5 above, (library system, payroll service, credit card service provider, etc.) does your institution maintain any computer system with private information?
If yes, list the information gathered and where it is maintained:
If the answer is “no,” you only have to follow step #7, below.
If the answer is “yes,” make an appointment with your IT team, and be ready to do steps #7 through #15, too.
Contract compliance check:
If you answered “yes” to #5, above, the contracts governing that relationship would be clear about SHIELD Act compliance, including the notification procedures for data breach.
Who is the person at your institution who will do this work with your contractors?
This is a smart step because contract vendors must meet this standard:
Any person or business which maintains computerized data which includes private information which such person or business does not own shall notify the owner or licensee of the information of any breach of the security of the system immediately following discovery, if the private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.
Okay, so it looks like my institution has to comply with the SHIELD Act. What does that mean?
Any person or business which conducts business in New York state, and which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New York state whose private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.
So, does your institution have a policy for data breach notification?
Your institution may already have one! If so, it should be updated to reflect the changes in the law.
If it doesn’t have one, now is a good time to get a policy in motion.
The law lists the steps and requirements for notification. Among other things, those requirements can depend on the size and nature of the breach.
NOTE: a data breach response is something a library should respond to with a qualified IT team and, if there are concerns about liability and compliance, a lawyer and your insurance carrier.
Any person or business that owns or licenses computerized data which includes private information of a resident of New York shall develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information including, but not limited to, disposal of data.
Does your institution have a policy to implement these “reasonable security requirements?”
Your institution may already have one.
If so, it should be updated to reflect the changes in the law.
If it doesn’t have one, now is a good time to get a policy in motion!
NOTE: ***I have put the SHIELD Act’s criteria for a data security program next to three asterisks in the text following this form.
Thirdly, are you a small library and feeling panicked about your security requirements?
Don’t worry, if you’re a “small business,” the law has a provision related to your obligations.
Here is the SHIELD Act’s definition of a “small business”:
"Small business" shall mean any person or business with (i) fewer than fifty employees; (ii) less than three million dollars in gross annual revenue in each of the last three fiscal years; or (iii) less than five million dollars in year-end total assets, calculated in accordance with generally accepted accounting principles.
So (deep breath) are you a “small business?”
If the answer is “yes,” then your “reasonable security requirements” are tempered:
…if the small business's security program contains reasonable administrative, technical and physical safeguards that are appropriate for the size and complexity of the small business, the nature and scope of the small business's activities, and the sensitivity of the personal information the small business collects from or about consumers.
This analysis is why having an inventory of the private information maintained by your library (or for your library) is critical; depending on the “sensitivity” (or use) of what you maintain, your plan can adjusted for what is “appropriate.”
Just to reiterate: if you have gotten this far into the assessment diagnosis, you should probably have a “data breach” plan—even if it is just for coordinating with the entity who holds most of your data.
So: do you have a “Data Security and Data Breach Notification Policy and Procedure?”
As can be seen in the factors cited in the sections above, policy and procedures related to data security and data breach notification cannot be a cookie-cutter based simply on what other libraries do. Your policy and practices will be governed by many factors.
Are you insured for data breach and recovery?
This is a great question to ask your insurance carrier! You should also be familiar with their notice requirements in the event of a hack or breach.
Who at your institution is responsible for coordinating your data security program?
This responsibility should be confirmed in a job description and reinforced with regular training. Working with your system or other larger supporting entity may be important, too.
Who are your outside contractors assisting with emergency response in the event of data breach?
This is a good standing contract to have, and one that systems and councils might consider jointly negotiating for on behalf of members (and hopefully it is a service you never need to invoke!).
Did you ever think, when you chose a library career, you’d get to moonlight in IT?
IT and libraries: two great tastes that go great together….with enough planning.
And that’s the SHIELD Act.
How does a small not-for-profit tackle this expansion of data security laws? Like anything else: inventory your status under the law, establish a goal for compliance, develop a budget and a plan, make sure the responsibility is appropriately allocated, confirm insurance coverage alignment, use all the resources at your disposal (your system, council, insurance carrier, and board members who have lived through data breach compliance) and get it done.
In practical terms, this is also means:
The penalties for violation of the SHIELD Act are $5,000 per violation, in an action brought by the New York Attorney General (the law doesn’t create a private right to sue). Other changes to the law make it easier for the AG to learn of data breaches, and to coordinate with other law enforcement agencies trying to combat them. As we envisioned at the beginning of this article, the states for a breach are high.
But don’t worry. No matter where your diagnosis falls, remember: libraries have been operating under heightened privacy obligations since before there were computers. That mindset—awareness of an ethical duty to protect privacy--is the most important part of a program to minimize the risk of breaches.
You’ve got this.
Thanks for a great question.
***A data security program includes the following:
(A) reasonable administrative safeguards such as the following, in which the person or business:
(1) designates one or more employees to coordinate the security program;
(2) identifies reasonably foreseeable internal and external risks;
(3) assesses the sufficiency of safeguards in place to control the identified risks;
(4) trains and manages employees in the security program practices and procedures;
(5) selects service providers capable of maintaining appropriate safe-guards, and requires those safeguards by contract; and
(6) adjusts the security program in light of business changes or new circumstances; and
(B) reasonable technical safeguards such as the following, in which the person or business:
(1) assesses risks in network and software design;
(2) assesses risks in information processing, transmission and storage;
(3) detects, prevents and responds to attacks or system failures; and
(4) regularly tests and monitors the effectiveness of key controls, systems and procedures; and
(C) reasonable physical safeguards such as the following, in which the person or business:
(1) assesses risks of information storage and disposal;
(2) detects, prevents and responds to intrusions;
(3) protects against unauthorized access to or use of private information during or after the collection, transportation and destruction or disposal of the information; and
(4) disposes of private information within a reasonable amount of time after it is no longer needed for business purposes by erasing electronic media so that the information cannot be read or reconstructed.
 “We just need your bank information to refund your library fees since 1987 with interest!”
 SHIELD stands for "Stop Hacks and Improve Electronic Data Security".
 Why? Well, if you’re lucky, it’s because it will be boring. But chances are, it will be all too exciting, as you discuss the different types of data your library maintains and explore the data security obligations that come with it. And if that happens, you’ll need one person filling in the form, while the other one looks up information—and you’ll both want someone to share your sense of urgency when it’s over.
 NOTE: This is a huge change in the law, which used to only apply to businesses in New York. Now it applies to any business that collects the information of New Yorkers; a big difference and one that impacts businesses out-of-state.
 Institutions subject to HIPPAA have special provisions to ensure disclosure obligations aren’t redundant.
Is it legal for libraries to ban smoking on all of their owned property rather than 100 feet from entrances?
Not only is it legal, but it is required by law.
When the new provisions of New York’s Public Health § 1399-o first went into effect June 19, 2019, “Ask the Lawyer” got a question about enforcement, so we wrote a guide for implementation.
While hopefully the “guide” has been useful (it warmed my heart to see one library getting media coverage for putting up signs with wording I suggested), it might be easy to miss the actual heft of this law as we think about the details of implementation.
So here, without too much distracting commentary, is the text of the new law:
Smoking shall not be permitted and no person shall smoke within one hundred feet of the entrances, exits or outdoor areas of any public or association library as defined in subdivision two of section two hundred fifty-three of the education law; provided, however, that the provisions of this subdivision shall not apply to smoking in a residence, or within the real property boundary lines of such residential real property. [emphasis added]
Seems pretty straightforward to me…“outdoor areas” as in: the outside (with an exception for nearby residential properties).
Despite this straightforward language, since I wrote the “guide,” we have gotten some questions from members stating that their local health department claims they will only enforce compliance within 100 feet of exits and entrances.
This feedback really concerned me. First, it is contrary to the plain language of the law. Second (but really first), libraries are finding new ways to reach out to the public every day; this includes outdoor programming. “Outdoor areas” of the library serve the public, too.
So, inspired by this latest question, and the feedback we’ve received, I called my local Erie County Department of Health, and reached Rob Tyler, who works on smoking enforcement.
Rob and I had a nice chat about how sometimes the language in these laws can be open to interpretation, but this seemed pretty clear. But then he suggested: “You should probably call the State. They are one ones who can give guidance on the law.”
So, after thanking Rob for his time, I called the General Counsel’s Office at the New York State Department of Health, and was directed to attorney Megan Mutolo.
Megan also agreed with me on the plain language of “outdoor areas.” That said, she urged me to urge libraries to build a relationship with their county health departments so libraries are ready to enforce the new law together.
This is good advice from Megan. Since New York tries to encourage “municipal home rule,” as much as possible is left to local officials from within a particular community. This means that local health departments can have their own take on the new law…one that you can discuss with them while forming a meaningful alliance.
So, to the “helpful tips” in the “guide,” inspired by this question, I add: Consider making a connection with your local health department, and reviewing the precise language of the new law together. Many departments, if they have not given the new law a careful review, might overlook the requirement about “outdoor areas.” But that language is there, and when read in context, is very clear—as is the library’s obligation to enforce this law.
Thanks for your question!
 Here’s to you, Saratoga Public Library!
 As but one example, the Buffalo and Erie County Public Library’s Central Library has a great new “Reading Garden” in downtown Buffalo.
 NOTE: I called both these people on a Friday afternoon. Not only did I get quick answers, but they were friendly, too! I guess you don’t go into health law unless you really care about people.
 My words, not Megan’s.
 I know they have enough on their plate already, but this might be something a library system can help with.
My question is: do public libraries have any legal obligation to collect emergency contact information for children (age 17 and under) attending library programs without a parent or caregiver present/on the premises? Our library is located on the campus of a school district, and we have access to the school district's library automation system, in addition to our own, so we could easily and quickly locate contact information for the parents/caregivers of children who attend our programs in the event of a medical or other type of emergency situation. We already have an unattended minor policy as well. Our Library Board wants to make sure that we are in compliance with both Federal and New York State law on this issue. Thank you.
This question is rather like asking an astronautical engineer: When on a spacewalk, are there any safety procedures specifically related to securing my helmet as I exit the airlock?
Such a question could inspire an initial reaction like: Safety concerns? In SPACE??? Blazing comets, the safety concerns start the moment you blast off!
But upon reflecting on the actual question, the calm, composed answer might be: “To ensure integrity of the pressure garment assembly, double-check the neck-dam’s connection to the helmet’s attaching ring.”
Lawyers get this way addressing questions related to children and liability. Our first reaction is to think about everything that can go wrong. But then we calm down and focus on the specific issue at hand.
So, here is my calm, composed answer to the member’s very specific question:
There are two potential instances where a public library offering a program for unaccompanied minors might be obligated by law to collect emergency contact information.
If the program the library is hosting is a camp required by law to have a “Safety Plan,” applicable regulations arguably require that the library gather the child’s emergency medical treatment and contact information.
If the library is paying a child performer as part of an event, the law requires that the library must collect the child performer’s parent/guardian information before the performance.
Other than the above instances, while such a practice may be required by an insurance carrier, a landlord, or event sponsor, there is no state law or regulation that makes collecting emergency contact information a specific requirement of a public library.
I do have two additional considerations, though.
“Emergency contact” information provided by the parents/guardians, in a signed document drafted expressly for your library, is generally the best course of action when welcoming groups of unaccompanied minors for events not covered by your library’s usual policies.
I write this because Murphy’s Law (which is not on the bar exam, but remains a potent force in the world) will ensure the one time there is an incident at your youth program, the district’s automation system will be down.
Which brings us to the….
Libraries and educational institutions sharing automation systems must make sure that such data exchange does not violate either FERPA (which bars educational institutions from sharing certain student information), or CPLR 4509 (which bars libraries from sharing user information).
Emergency contact information maintained by a school is potentially a FERPA-protected education record. If FERPA-protected, it is illegal for any third party—such as a public library—to access it unless there is an agreement in place with certain required language AND the library’s use of the information is in the students’ “legitimate educational interests.” 
Of course, given the right circumstances, meeting these criteria is perfectly possible. In fact, such agreements can be a routine part of a school’s operations. But just like with a space helmet before leaving the airlock, its best to confirm that everything is in place before you take the next step.
Thanks for a thought-provoking question.
 I imagine aeronautical engineers swear like the rest of us, but I like to image they sound like characters Golden Age comic books.
 Thanks, NASA.gov!
 I know this question isn’t really about camps, but libraries do host them. And since the NY State Health Department’s template for a licensed camp’s “Safety Plan” includes eliciting emergency contact/treatment info, I have to include this consideration. For a breakdown of what types of camps requires licenses, visit https://www.health.ny.gov/publications/3603/
 This is a requirement of Title 12 NYCRR § 186-4.4. Since the library would also need said child performer’s license to perform, this requirement would not likely be missed! I also appreciate that this example is on the far side of what this question is actually about.
 Call your carrier to check. They may even have preferred language for your library to use when crafting registration documents.
 The definition of “education records” under FERPA (and its many exceptions) is here: https://www.ecfr.gov/cgi-bin/text-idx?rgn=div5&node=34:184.108.40.206.33#se34.1.99_13. Interestingly, a student’s name, phone number, and address—three critical components of an emergency contact form—are potentially not FERPA-protected “education records” as they may be considered “directory information” if specifically listed in a public notice from the school, as required by FERPA Section 99.37. FERPA violations can turn on these small details!
 What language is that? Under FERPA Section 99.31, an educational agency or institution may disclose such information to another party (like a library on its campus) if that party is: 1) performing a function for which the school would otherwise use employees; 2) the library directly controls the contractor’s use and maintenance of the records; and 3) the contractor is required to not further disclose the records. This formula can also be found in the link in footnote 4.
 Who says that simile can’t make a second appearance?!
I need clarification about the IRS regulations on 501c3 organizations. A local political group asked to use our meeting room space for a 'meet the candidates' event, a library trustee thinks this is not compliant with the "The Restriction of Political Campaign Intervention by Section 501(c)(3) Tax-Exempt Organizations" https://www.irs.gov/charities-non-profits/charitable-organizations/the-restriction-of-political-campaign-intervention-by-section-501c3-tax-exempt-organizations
I think our meeting room policy is very out of date and restricting access to the room based on content of the meeting violates 1st amendment rights, as outlined by ALA: http://www.ala.org/advocacy/intfreedom/librarybill/interpretations/meetingrooms
No staff are involved in this event, we have not helped plan it and it was made clear on all the publicity the political group put out that the library is only the venue, we are not hosting, this is not a library program.
This answer comes with many disclaimers, because the legal parameters of room access and rental at chartered libraries in New York is variable territory. In other words: the answer can depend on the library’s “type” (set by its charter), its fundamental rules (found in the bylaws), its IRS status (the “501 (c)(3) mentioned by the member”), its day-to-day rules (controlled by policies), its lease (not all libraries own the space they occupy), and any deed restrictions (although deed restrictions on the basis of speech would bring concerns).
That’s right: education law, not-for-profit corporation law, tax law, real property law…this question has it all!
That being said, the member’s question centers on federal tax law; specifically, the library’s 501(c)(3) status, which not only makes the library tax-exempt, but allows it to receive tax-deductible donations. This status is an important fund-raising asset, and its many conditions (including not engaging in politics) cannot be taken lightly.
Here is what IRS Publication 557, the go-to for creating a tax-exempt entity, has to say about political activity:
If any of the activities (whether or not substantial) of your [501(c)(3)] organization consist of participating in, or intervening in, any political campaign on behalf of (or in opposition to) any candidate for public office, your organization won't qualify for tax-exempt status under section 501(c)(3). Such participation or intervention includes the publishing or distributing of statements. Whether your organization is participating or intervening, directly or indirectly, in any political campaign on behalf of (or in opposition to) any candidate for public office depends upon all of the facts and circumstances of each case. Certain voter education activities or public forums conducted in a nonpartisan manner may not be prohibited political activity under section 501(c) (3), while other so-called voter education activities may be prohibited. [emphasis added]
Like many guides from taxing agencies, this one is superficially helpful (I put that part in bold), but upon examination, employs a disclaim that gives very little concrete guidance (I underlined that part). So, what’s a library with a spare room to do?
As alluded to in both the member’s question and my opening paragraph, this question doesn’t turn solely on the IRS. Any 501(c)(3) library that rents or allows free use of space should have a robust “Facility Use Policy” that considers not only IRS regulations, but safety, equal access, and operational priorities (requiring users to clean up after their meeting, to not be noisy, to respect the space). For a library in a municipally-owned building, care must be taken to ensure use fees are applied in a way that does not violation the NYS Constitution. And for a library that rents, the Facility Use Policy must harmonize with the lease.
But the member’s question is about 501(c)(3). So, having established that this consideration is but one of many when giving access to or renting space, here are the three things to consider when a 501(c)(3) rents or gives access to space:
1) Rental income needs to be a very small percentage of the library’s revenue.
Section 501(c)(3) requires that income from renting space can’t outweigh donations and other sources of income related to the library’s tax-exempt purpose. This is something to discuss with the library’s accountant; while rental income isn’t barred, it can bring funding ration and tax consequences that warrant the attention of a professional.
2) The use of the space can’t “inure” to the benefit of any one company or individual.
Section 501(c)(3) also requires that a qualifying organization’s resources can’t directly benefit any one person or entity more than the general public. For example, free use of the spare room by a person conducting a stained-glass workshop with an admission fee (even a nominal one), can be considered an “inurement.” 
3) As raised by the member’s trustee, the use of the space cannot violate the bar on lobbying (influencing legislation) and political activity (supporting a particular candidate for office).
And as reviewed, Section 501(c)(3) bars political activity (as further defined in the excerpt from 557, above).
“Ask the Lawyer,” has had some fairly large answers, but I don’t have space to address every occurrence that could run afoul of the bar on “political activity.” But what about renting space, on the same terms as to any other entity, to an event like the one described by the member?
Here is what the IRS has to say:
Can a section 501(c)(3) organization conduct business activities with a candidate for public office?
A business activity such as selling or renting of mailing lists, the leasing of office space or the acceptance of paid political advertising may constitute prohibited political campaign activity. Some factors to consider in determining whether an organization is engaged in prohibited political activity campaign include:
a. Whether the good, service or facility is available to candidates in the same election on an equal basis,
b. Whether the good, service or facility is available only to candidates and not to the general public,
c. Whether the fees charged to candidates are at the organization’s customary and usual rates, and
d. Whether the activity is an ongoing activity of the organization or whether it is conducted only for a particular candidate.
When developing a Facility Use Policy, if a library is a 501(c)(3) charitable organization, and wishes to be able to rent space to (among others) political organizations for event, the above-listed factors should be built right into the policy.
Here is some sample language (some of it will sound familiar):
As a 501(c)(3) organization, the NAME library does not participate or intervene, directly or indirectly, in any political campaign on behalf of (or in opposition to) any candidate for public office depends upon all of the facts and circumstances of each case. Therefore, the use of space in our facility by political organizations or for partisan political events is only available on the same rental terms as for the general public, and is subject to a rental fee that is charged equally to any political group or other individual or group. NOTE: Certain voter education activities or public forums conducted in a nonpartisan manner may qualify for a fee waiver, just as do other free and open events conducted by a charitable entity for the benefit of the public.
So, what about the member’s scenario? In the absence of a spot-on facility use policy, I suggest the following process:
If the library’s past practices make following those three steps too blurry, it is best to take a pass on this precise event, and take the time to develop an up-to-date and thorough Facility Use Policy that considers the types of uses the library will allow, and how and when it will charge for them. There are many good models out there to draw inspiration from, but before the board passes such a policy, it would be good to have it reviewed by a lawyer (who has ready the charter, bylaws, other policies, lease, deed, and any other relevant documents).
The member’s library is fortunate to have leadership that is thinking about both the first amendment and safeguarding the organization’s tax status. Good work. No matter what the final decision, awareness and commitment to these values serves your community.
 The member has stated their policy might not be suited to addressing this situation. We’ll tackle that in a bit.
 If this just caused a stab of panic because your library let’s an instructor host a “Yoga for Seniors” class for a minimum fee to the instructor, don’t worry, this event can happen…you just have to do it right.
We have a pretty exhaustive personnel policy on the use/limits of use of Library technology and property, both for compliant work-related purposes and for personal purposes.
What we do *not* have, and are wondering if we should, is a policy that speaks to the permitted (or restricted) uses of *personal* phones and similar devices while at work.
The question has come up because of supervisors needing to repeatedly remind staff to not use personal phones while on the public service desk, without having an explicit "policy" to fall back on.
On the surface, this is a simple issue: if people are using their cell phone for personal use on the job, a simple policy to stop the use should solve the problem, right?
Not these days.
As technology continues to transform the workplace (and the world), “cell phones away, please,” is not as easy as it once was. People use their cell phones to monitor health, track their steps, and get emergency calls from kids at school. Some may even use their cell phones to save their lives, serve as a witness to illegal activity, and exercise their right to free speech.
Many of these functions depend on the proximity of the person to the phone (or the watch that connects them to it), and because of this, cell phones are becoming extensions of the people who own them. So a policy to keep them stowed and away, or secured in a locker, can be met with resistance.
Here are a few examples of how this “resistance” can play out on the job:
As can be seen, many of the reasons to keep a cell phone on one’s person are compelling; other uses may not be. And many of reasons/uses overlap with other library policies.
The goal, of course, is not to bar an employee from important connections and a tool for their well-being, but to make sure the use of personal electronics does not distract from the library’s professional environment and employee productivity (even on a slow day). To achieve that, there are two broad solutions: 1) rely on a collection of policies to address the variety of purposes for personal cell phones while at work; or 2) create a catch-all policy.
In a work environment where consistency for staff members is critical for professionalism and productivity, I prefer a combination of both. What does that combination look like?
It starts with policies for:
…which should all allow for appropriate use of personal cell phones and electronic devices. This doesn’t mean the policy has to mention cell phones specifically—just have enough flexibility to address them.
At the same time, assuming the above-listed policies harmonize with it, creating a specific “Policy on Use of Personal Cell Phones and Electronics,” as proposed by the member, can help employees and management navigate these issues in a rapidly changing world.
Here is an example of such a policy:
[INSERT LIBRARY NAME] Policy on Personal Use of Cell Phones and Electronics
The mission of the [INSERT LIBRARY NAME] depends on employees maintaining a professional, productive environment.
To maintain that environment, use of personal cell phones and electronics should only divert employees from work duties in the case of an emergency.
To achieve this, cell phones and personal electronics should be stored in a carrier, purse, or pocket where the screen is not visible during work time, and watches synched with other electronics should not divert employees from work except during designated breaks in designated break areas.
Sudden personal emergency needs that require use of a cell phone or other personal electronics should follow the established procedures for use of break time and personal time.
Use of cell phones and personal electronics for ADA accommodations, FMLA arrangements, personal emergency, and personal safety needs are exempted from this policy, and should be arranged on a case by case basis with a supervisor per the relevant policy.
As with most HR policies, this one sounds simple, but can be complex to administer. The need to be flexible and allow some cell phone use (especially ADA use, the basis of which may be confidential), can cause seeming inconsistency in enforcement. To address this, employees must be sensitized to the fact that some people may depend on a personal devise for an authorized (and confidential) use, while at the same time be given the clear message that keeping in touch with social media and personal contacts during work time is not allowed.
As technology puts pressure on the norms of society, it is important to draw (and re-draw) reliable and clear boundaries…especially in the workplace. So should a workplace have a policy on personal cell phones? Done right, and with due consideration of the law, it can help.
Thanks for a timely question.
 There are electronic devices and apps that enable sharing of blood glucose levels at all times; it’s both cool, and terrifying, since if blood glucose is too low, a child can faint, and if too high, a child’s blood can become toxic.
 Do not use stock language to create an employment policy without having a lawyer review the final product. Union contracts, local laws, other policies, current handbook language, and work conditions can all impact what a catch-all employment policy can look like.
The new NYS smoking ban in regards to public libraries states that smoking is banned "within 100 ft of all entrances, exits and outdoor areas”. Does that mean all of the library property including the parking lot and grassy areas attached to other grassy areas? e.g. [A nearby business]’s property line abuts our property line a few feet from their building and their staff stand in that area to smoke. On three sides of our property line the 100 feet includes a road and commercial enterprises across the streets.
This member is thinking ahead!
Starting June 29, 2019, any space within a 100-foot perimeter around a public or association library, including adjacent businesses, is subject to a state-wide smoking ban. The sole exception is residential properties (inside and out).
Any person or business violating this new ban may be subject to a $2,000 fine.
This new law is part of Section 1339-o of New York’s Public Heath Law. It reads:
Smoking shall not be permitted and no person shall smoke within one hundred feet of the entrances, exits or outdoor areas of any public or association library as defined in subdivision two of section two hundred fifty-three of the education law; provided, however, that the provisions of this subdivision shall not apply to smoking in a residence, or within the real property boundary lines of such residential real property.
This is a powerful new law, and it has many libraries thinking about implementation.
As the member’s question illustrates, complying with, taking advantage of, and rolling out this new law may take some effort—as well as some tact and diplomacy.
Here are some tips for a graceful transition (and how to not ignite the fuse of nearby, non-residential smokers and their landlords):
First, some new signage can go up, alerting people to the impact of the new law. Per Public Health Law Section 1399-p (“Posting of Signs”), smoking signage should meet the following requirements:
“Smoking” or “No Smoking” signs, or “Vaping” or “No Vaping” signs, or the international “No Smoking” symbol, which consists of a pictorial representation of a burning cigarette enclosed in a circle with a bar across it, shall be prominently posted and properly maintained where smoking and vaping are regulated by this article, by the owner, operator, manager or other person having control of such area.
Signage to assist with compliance should add “…within 100 feet of this boundary. NY Public Health Law 1399-o.”
Second, it might be helpful to amend or create library’s policy on smoking so it states:
Per Section 1399-o of New York’s Public Health Law, it is forbidden to smoke within 100 feet of library property (except for residential properties). To promote compliance, the library will maintain signage consistent with Section 1399-p of that law, and will work with impacted neighbors to enforce and encourage compliance with this law.
Third, a simple plan of outreach to “impacted neighbors,” can help your library collaborate on compliance (instead of waiting for a clash of employees or customers). This is not a legal requirement, but it is the type of law-based, thoughtful, pro-active rollout can forge and maintain healthy neighborhood relations.
Part of such a “Smoking Ban Rollout Plan” could include a letter such as:
Dear [Non-residential Neighbor within 100 fee of library property]:
As you may know, effective June 19, 2019, New York’s Public Health Law makes it illegal to smoke within 100 feet of a public or association library like the [NAME] Library. The sole exception to this law is a residential property.
As you can see on the attached map, your property is within 100 feet of the library’s. Please let us know of any concerns you have about alerting your [employees, customer’s, etc] to the requirements of this new law. Please also let us know who we may contact it the event of a concern.
Our board and library staff are working to alert everyone and make sure our transition to this new law goes smoothly. [We are installing new signage, as well.] If you need to discuss any aspect of this, please contact [name] and [number or email].
Thank you for your consideration!
Your friends at the [NAME] Library
Any contact with neighbors should bear in mind that under the law, certain facilities (ironically, hospitals and residential health care facilities) are allowed to “designate” a smoking area on otherwise-non-smoking premises (this might be the scenario in the circumstances described by the member). Further, if a business or person can allege an “undue hardship,” they can request a waiver of a smoking ban under Section 1399-u. Since you don’t want a confrontation to spur a request for a waiver, “friendly outreach” is a good tone to strive for.
And finally, it is good for your library to consider that enforcing a smoking ban can cause a lot of stress, and use up a lot of director and staff energy. Think about it: Librarians already have to be on the lookout for illegal porn use, opioid overdoses, and destruction of library property. Now they have to patrol for neighborhood smoking, too? That’s a lot of social work for someone who just wants to help the world find information.
For those moments, in addition to your library policy, a short statement endorsed by the board, for staff can hand out, might be helpful. Something like:
Consistent with New York’s Public Health Law (Section 1399-0), there is no smoking allowed within 100 feet of the [NAME] library. Thank you for supporting New York State’s public health initiative, and helping our library honor this law. –The Board of the [NAME] Library
When facing a needy smoker, backup from both the state, the law, AND your board can be a great morale booster.
Libraries should also note: while Section 1339-o of the Public Health Law bars smoking AND vaping in many areas, this new library-specific section (section 6) bars only SMOKING (and yes, under the law, “smoking” and “vaping” are distinguished. “Smoking” means “the burning of a lighted cigar, cigarette, pipe or any other matter or substance which contains tobacco.” “Vaping” means “the use of an electronic cigarette.”). So in addition to the compliance steps outlined above, get some binoculars, so you can be ready for some precise enforcement!
So that’s it. Libraries needing to check their property line maps to establish their 100-foot perimeter can use their property survey and the county’s tax maps (this is also how you can check for a property’s actual owner, in addition to simply observing and notifying their tenants).
I wish every public and association library in New York smoke-(but not vapor)-free property lines!
 From the relevant county health department, or, in some places, another designated enforcement official.
 Yes, this law uses almost the entire alphabet.
 I was a smoker in the 90’s. I quit around Y2K, but I still remember the feeling of being an addict needing to smoke…it can make you act grumpy to even a very nice librarian.
 At some point I will check JSTOR to see if there is hard info as to why vaping within 100 feet of library is somehow better for the public health than smoking.
 The definitions are in Section 1399-n.
My library has long been in the practice of charging what we often refer to as a "research fee" or "consulting fee." I am familiar with some libraries who have a similar practice, but wonder if it's legal for us to charge an hourly rate for work done by volunteers? The workflow has always been as follows: a reference request is received by the Librarian, a determination of whether the question is appropriate for our collection is made, then the work is delegated to a volunteer. In general, we've never taken on a job of over 2 hours, and most questions relate to our genealogy collections / searching vital records.
It is well established that a not-for-profit organization can benefit from volunteer labor. This is true even when the labor brings the organization tangible benefits, like the money from a bake sale, or as in this case, a research fee.
But when using volunteer services and charging a fee, a library (or any chartered not-for-profit) in New York must engage in a systematic analysis to ensure the arrangement is in step with numerous laws and regulations. How can a library, museum, or archives do this?
Follow the three-step process below.
First, identify the services the institution would like to provide through volunteer labor.
This is rather like writing a job description or hire letter. An example based on the member’s scenario could look like this:
Under the general oversight of [paid position] in [department], the Research Volunteer performs specific research tasks related to personal requests by [institution] members and other users. These tasks are not to routine operations of [department], but benefit the public and [institution] by serving members and others in a way directly related to [institution]’s mission to [insert mission], as well as raising revenue in support of that mission.
Your hours and participation as a Research Volunteer are voluntary, but we do ask that you work with [person] to coordinate your time; this will enable us to support your work, and keep things organized. This work is a valuable service [institution] can only provide through the services of volunteers, and we thank you for your dedication and hard work!
The essential elements of this first step are:
You’ll see why these are important in the Steps Two and Three!
Next, check your organization’s founding laws, charter, founding documents, bylaws and plan of service (I call these “core rules”) for any terms that apply to the service you defined in Step One.
Look at the laws and documents. Is there something preventing the institution from charging a fee for this specific service? Is there any cap on that fee?
This exercise will vary greatly from institution to institution, since many variables can impact what’s in the “core rules.” Here are just a few examples:
A public library could never charge a member to borrow a book or to use the internet, because Education Law Section 262 requires that public libraries be free (to cardholders).
For a private library, its charter could contain an express rule that certain services must remain free—a restriction that might not be found in the law, but could be just as enforceable. A similar condition could be in its bylaws, or a donation document.
And if an institution is a 501(c)(3), care must be taken to make sure the revenue generated by the service is “substantially related” to the institution’s not-for-profit mission, or the institution could risk having to pay “unrelated business income tax.” The service should also be reviewed to ensure it is not an “excess benefit transaction” or a non-disregarded membership benefit. A mis-step on any one of these could have serious tax consequences.
When doing the “Step Two” analysis, it is ideal to confirm your conclusions with a lawyer.
Once an institution uses Step Two to confirm it can charge for a service, it is time to return to your description from Step One and make it official, by putting the scope of work and details in a “Volunteer Letter.”
Why so formal? Because in recent years, the State of New York has cracked down on enforcement of quasi-volunteer, or just plain muddy, instances of volunteer labor at not-for-profit institutions. This has even included examining perks and partial payments to volunteers!
Why is that? While not-for-profit volunteering is unequivocally allowed, like anything, the system can be abused. To avoid that, and to create clarity in these critical relationships, the New York Department of Labor has issued some pretty strict guidelines, such as:
Unpaid volunteers at not-for-profits may not:
Sound familiar? This is where the work you did in Step One pays off! By identifying the work as part of a “Volunteer Program,” clarifying that the service is offered through the hard work of volunteers (and never paid staff), and that there is no compensation to the volunteer, your documentation will be ready to show compliance in the event the Department of Labor audits your institution (which, from time to time, they do).
Volunteers can be critical contributors to an organization. If allowed by your organization’s core rules, a not-for-profit can absolutely benefit from the fruits of their labor. By following the steps outlined above, and setting the relationship up carefully, a not-for-profit (and its volunteers) can reap great rewards.
The essential element of this is clear documentation. A letter to every volunteer, stating their role, the rules of the position, that it is not replacing or supplementing paid staff, and thanking them for their service, will position an organization to easily demonstrate compliance.
A quick annual check with the institution’s insurance carrier, to make sure volunteers and their activities are covered by the institution’s insurance, is wise, too.
Thanks for a great question!
 A trust, endowment, deed, or other founding document that may also impose conditions on the entity.
 Per IRS Publication 526, the following 501(c)(3) membership benefits can be “disregarded” (not considered a taxable benefit) if a member gets them in return for an annual payment of $75 or less. These “benefits” can include any rights or privileges that a person can use frequently while you are a member, such as: a. Free or discounted admission to the organization's facilities or events, b. Free or discounted parking, c. Preferred access to goods or services, and d. Discounts on the purchase of goods and services. [emphasis added]
 Since volunteers can be critical contributors to the work environment, they should attend the annual sexual harassment training put on by your library, and be trained along with the employees.
A community member is interested in gathering at the library for a non-staged, dramatic reading of a play published in the UK in 2016. The idea is offered as a potential library program, though it could also be viewed as a separate community meeting without library sponsorship. It is my rough understanding that, regardless of whether an audience is brought out for the performance or not, regardless of who is 'sponsoring' it, this would be in violation of the creator's (who is still alive) copyright claim to the work. Further, that the library would most likely be the liable party.
Am I right?
This question has two parts: 1) liability for copyright infringement based on a live reading (without staging) of a dramatic work; and 2) liability for events at library facilities.
Let’s tackle part 1 first.
Section 110 of the Copyright Act sets out a number of exceptions for educational and charitable use of copyrighted works. Unfortunately, “dramatic works” (plays) are largely excluded from those exceptions. So while Section 110 is generous (for instance, there is a total exemption from liability for performance of non-dramatical musical works at horticultural fairs!), “performance” of dramatic works (even without staging) is not as excused as other types of use.
The other exception that could apply to the member’s question is of course “fair use.” I won’t take up too much of this “Ask the Lawyer” to discuss that option, since the event described here does not sound like it would meet the criteria. 
For this reason, any library or venue asked or planning to host a reading of a dramatic work—even without staging it, even without charging admission—should be very cautious. Unless there is a confirmed exemption under 110 (which would be for classroom use, or for a performance for people with visual impairments), or a documented “fair use” under 107, proper licensing should be obtained.
And now for part 2.
Most libraries have some form of policy, and maybe a “facility use contract,” allowing groups or individuals to use their space. Some charge a small rental fee, others do not. Some have express restrictions on use by businesses or political groups, others do not.
What’s important to the member’s question is that any use of library facilities should be governed by clear, uniformly applied, mutually-understood terms that:
When it comes to copyright, this last part is essential, since the copyright law allows for “vicarious” liability that can include “innocent” (meaning, they didn’t know about it, or didn’t instigate it) infringers.
This is what the last Congressional committee amending the Copyright Law has to say about “vicarious liability” for performances:
Vicarious Liability for Infringing Performances.
The committee has considered and rejected an amendment to this section intended to exempt the proprietors of an establishment, such as a ballroom or night club, from liability for copyright infringement committed by an independent contractor, such as an orchestra leader. A well-established principle of copyright law is that a person who violates any of the exclusive rights of the copyright owner is an infringer, including persons who can be considered related or vicarious infringers. To be held a related or vicarious infringer in the case of performing rights, a defendant must either actively operate or supervise the operation of the place wherein the performances occur, or control the content of the infringing program, and expect commercial gain from the operation and either direct or indirect benefit from the infringing performance. The committee has decided that no justification exists for changing existing law, and causing a significant erosion of the public performance right.
As a not-for-profit institution, a library may have some more defenses than the average night club owner, but there is still a threat of liability.
So how do venues reduce the risks posed by “vicarious” liability? Often, they ask the main performer, or the entity renting the facility, to “indemnify” the venue for any liability related to the performance. To ensure they are actually protected, they also demand a certain amount and type of insurance, and require that the venue be a “named insured.”  Later, if they are sued for an infringing performance, the venue will invoke the indemnity, and be defended by and have their damages paid by the renter or performer.
So, to recap, the following factors are potentially relevant to both parts of the member’s question:
This assessment of risks and ways to mitigate them is called “risk management,” and the member’s question is a great example of how to start the process. So, what was that question again?
…regardless of whether an audience is brought out for the performance or not, regardless of who is 'sponsoring' it, this would be in violation of the creator's (who is still alive) copyright claim to the work. Further, that the library would most likely be the liable party.
Am I right?
Except for would changing “the liable party” to “a liable party”: yes, the member is correct…there is a risk. How can this assessed risk be managed? One of four ways:
Thank you for your careful question!
Exeunt lawyer, stage left.
 For a thorough discussion on that, I recommend the Congressional “Notes,” to section 110 of the Copyright Act, found at https://www.law.cornell.edu/uscode/text/17/110. These are exceptions education and information management professionals should know.
 See Section 110(6) of the Copyright Act. NOTE: The exemption extends only to the governmental body or nonprofit organization sponsoring the fair…the on-site concessionaires do not benefit from the exemption. Not fair.
 That said, it is possible that a live reading of a dramatic work could be a “fair use.” For instance, if a group wanted to use excerpts from six plays to illustrate varying depictions of a certain archetypes in drama—something that requires a partial performance of each work to make its point—that could be a “fair use” requiring no permission. But such a use would need to be more than a simple reading of the play, and the overall performance would need to be carefully assessed to show it met the four “fair use” factors.
 That’s a whole other column!
 For those of you out there who have booked a convention at a hotel or conference center, this might sound familiar (and tedious) to you. But this type of protection allows business to get done.
We are a school district public library, and a governmental entity, considering crafting a policy relating to debts discharged in bankruptcy, if the library is named as a creditor.
Are replacement costs for library materials exempt from or subject to discharge of debt? Overdue fines?
Fees levied in an attempt to recover materials (i.e. collection agency fees)? (We do not submit overdue fines to collection agencies, only the replacement costs of materials, in an attempt to recover them)
Are we allowed to impose restrictions on borrowers whose debt has been discharged, if they have not returned materials owned by the library? For example, can we deny loans to a borrower until they return library materials, or pay for them, if the debt has been discharged; or can we limit the number of items loaned for a period of time?
The following is an example of a such a policy. Is it problematic?
The Library will comply with Discharge of Debtor decrees by bankruptcy courts. Once the library is notified that a bankruptcy has been filed, collection activity is suspended on the customer’s account and on the accounts of any minor children (to the extent that the charges existed prior to the date of the bankruptcy filing) until the library is notified of the outcome.
Cardholders who have:
Only charges owed to The Library as of the date of the decree will be waived. Fines and fees incurred after the period of time covered by the bankruptcy proceedings are not covered by the discharge document and will remain on the borrower’s account and those of any minor children.
Thanks for any guidance!
Before we get to the nitty-gritty on this question (and we will), let’s reflect on why libraries charge fines and replacement costs in the first place:
And always, lurking in the background, is the notion that fines and replacement costs are an alternative to the most under-utilized section of the NYS Education law, the criminal provision in Section 265:
Whoever wilfully detains any book…belonging to any public or incorporated library…shall be punished by a fine of not less than one nor more than twenty-five dollars, or by imprisonment in jail not exceeding six months…..
So far, I have not had a client use their “one phone call” to let me know they have been arrested on an “265,” but the possibility is never far from my mind.
Of course, no one picks a library career to pursue their dream of arresting people who love (and lose) books. And, although less draconian, I bet no one picks a library career for the joy of assessing late fees. That said, library materials costs money, and people can be irresponsible about returning items to the library. So what’s an institution to do?
Some libraries are experimenting with no-fine models, since fines can have a disproportionate impact on those in poverty. Others have great success with routine “amnesty” days and other creative ways to take the sting out of returning books late. And still others want to make sure that the traditional model is as streamlined and legally compliant as possible. That is what the member’s question is about.
A “bankruptcy discharge policy” is a logical component of a library’s approach to fines, replacement costs, and efforts to collect them. It addresses the potential “dischargeability” (wiping out) of library fines when a person seeks the protection and “fresh start” created by bankruptcy. It can also help libraries (and their collection agencies) follow the law, which gives people seeking bankruptcy very specific protections.
Before we address the member’s specific questions about adopting such a policy, it is important to take a moment to reflect on (legal) language. This is because there is a basis to argue that overdue fines and replacement costs, while valid conditions of having a library card, might not qualify as typical commercial “debts;” this could mean that in many cases, libraries owed fines and replacement moneys might not be precisely “creditors.” This is pointed out in the 1997 case Riebe v. Jeurgensmeyer, where the judge writes:
The origin of this federal case is a minor's failure to return a library book. In 1995, Elizabeth Riebe, a minor, borrowed a library book from the St. Charles Public Library ("the Library"). The due date came and went without Ms. Riebe returning it. The Library waited. After Ms. Riebe failed to return the book for six months, the Library retained Defendants [a collection firm] to write to her parents ("Plaintiffs") requesting payment of $ 29.95.
Addressed to Plaintiffs, the letter, as Plaintiffs see it, implied that they, or their daughter, could be arrested and imprisoned for intentional theft of public library property. Attached to the letter was a copy of the provisions of the Illinois Criminal Code. Rather than paying the $ 29.95 or at least returning the book, and thereby putting the matter to rest, Plaintiffs filed a complaint in federal court, alleging that Defendants' letter violated the Fair Debt Collection Practices Act ("FDCPA"), 15 U.S.C. § 1692, et seq.(1996).
In ruling that the FDCPA doesn’t apply to attempts collect library fines (and thus that the library could not be liable for the zeal of their collection agency under the FDCPA) federal Judge Charles R. Norgle (who clearly esteems libraries) wrote:
Here, there was no initial "business dealing" creating an obligation to pay, only an obligation to return a library book. In theory, this may have created some type of contract, but not in the context of a "business dealing" as contemplated by the FDCPA, e.g, the purchase of consumer goods or services. … Rather, the borrowing of a library book is a public privilege that largely depends on trust and the integrity of the borrower. [emphasis added]
Now, the FDCPA is not the Bankruptcy Code, and it is possible that a person seeking relief from debt under the Code and might be able to reduce or completely discharge their fines and replacement charges from a library. But for over twenty years, Riebe has been cited as good law, so it is possible that this view of library fines and replacement costs as something more fundamental that a business debt could carry over.
I emphasize this because it means some types of library fines and costs might be dischargeable, but others, since they are not consumer “debt” in the traditional sense, might not.
So, with all that, let’s get to the nitty-gritty:
Are replacement costs for library materials exempt from or subject to discharge of debt? Overdue fines?
Because of the factors cited above, there can be no one-size-fits all answer to this! It will depend on a few factors. Under certain circumstances (replacement costs, fines connected to vandalism or wanton theft) the court might rule that what’s owed to the library is not a “dischargeable” debt. But that might not be the case for the average family declaring bankruptcy because they got swept at the knees due to illness or job loss, and who might have additional hardships to show to the court. As with many things in bankruptcy, it will depend on the circumstances.
Fees levied in an attempt to recover materials (i.e. collection agency fees)?
I would argue that imposing additional administrative costs for retaining a collection agent risks transforming the library-patron relationship described so well by Judge Norgle in Riebe. In doing this, the likelihood of the costs being dischargeable increases. But again, it will depend on the underlying nature of the fine or cost. Someone who checked out 10 DVD’s on their first week as a cardholder and never returned them might have a tough time proving that the costs aren’t the result of theft (and thus non-dischargeable).
Are we allowed to impose restrictions on borrowers whose debt has been discharged, if they have not returned materials owned by the library? For example, can we deny loans to a borrower until they return library materials, or pay for them, if the debt has been discharged; or can we limit the number of items loaned for a period of time?
Regardless of where your board may fall on its philosophical approach to fines and collections, any time a cardholder declares bankruptcy, all efforts to collect fines or replacement costs should cease. Critically, this means if borrowing privileges are only suspended due to unpaid fines, borrowing privileges should immediately be reinstated. On the flip side, suspension due to unreturned materials (for which no replacement cost is being charged) can continue.
The most important thing, as the member suggests, is to respect the process when your library is notified of it. Any library, or agent of a library, who gets a notice that a cardholder is filing bankruptcy should cease all financially-related sanctions. If there are extenuating circumstances (let’s say the amount owed is related to an act of vandalism, or failure to return 50 full-color art books) refer the matter to library’s attorney, or alert the bankruptcy trustee, who might contest discharge under the precise factors of the bankruptcy code.
With all that in mind, I suggest some alternative language for a policy, which would addresses both the human aspect of bankruptcy, and some of these subtleties:
Bankruptcy Discharge Policy
The Library understands that sometimes people must seek relief from debt in bankruptcy and are entitled to a “fresh start” after such relief is obtained.
Cardholders seeking a discharge in bankruptcy of moneys owed to the library should notify the library of having filed for bankruptcy.
Once the library is properly notified that a bankruptcy has been filed, the library and/or its agent will immediately cease contacting the cardholder about the financial amount(s) owed.
The library shall then evaluate its response to the notice. In making such an evaluation, the nature of the conduct leading to any fines, costs, and suspended privileges will be considered. In particular, but not exclusively, the discharge of any costs related to wanton destruction or significant failure to return borrowed items may be contested.
After notice of filing, but prior to discharge, if borrowing privileges are suspended solely on the basis of unpaid fines and replacement costs, borrowing privileges will be immediately reinstated; borrowing privileges suspended on the basis of unreturned items, for which no replacement cost is sought, will remain suspended.
To ensure all charges are listed on the bankruptcy schedule, the cardholder or their attorney may contact the library to request a statement of account at any time; such contact must be in writing so there is no risk of the library appearing to have violated the bar on collection activity. An attorney or trustee requesting this information on behalf of the cardholder must include permission from the cardholder as required by CPLR 4509.
The library supports that people seeking relief in bankruptcy are entitled to a “fresh start” after the discharge of debt(s). Upon presentation of a “Discharge of Debtor” listing the library, all moneys owing shall be removed from the cardholder’s record, up to the date of discharge, for the cardholder and any minor children in the family.
Further, if replacement costs are discharged, the library will not regard the failure to return the corresponding item as a basis to bar reinstatement of borrowing privileges.
Late returns or losses after the date of discharge will be subject to routine policies, including fines and suspension of borrowing privileges.
This approach both maximizes the potential for a bankruptcy discharge to be the compassionate re-set of the cardholder’s account it is intended to be…while taking into consideration that not all charges might be worthy of discharge (which is up to the bankruptcy court to decide).
Thank you for this careful question.
 United States District Court for the Northern District of Illinois, Eastern Division, October 31, 1997.
 The member’s question states that the library is a “government entity,” an assertion that is potentially relevant under the Bankruptcy code. Without making this response pages longer, I will simply state that I don’t believe a public library has quite the same status governmental entities do under the Bankruptcy Code; however, as shown in Riebe, libraries can occupy a unique position that should inform their approach to this issue.
Our library has a number of older Environmental Impact Studies (both draft and finals) which are taking up space, and we were wondering if we could discard them. Can a library make its own retention schedule for these or do libraries need to keep these for a certain amount of time so the public can access them?
If we can make our own retention schedule, do you have a recommendation as to how long they should be kept?
Draft and final Environmental Impact Studies (or “EIS”) must be accessible during the “public comment” period of a construction or remediation project. After that, a library can discard them.
For readers who aren’t familiar with these documents: EIS are mandated reports that show the complete scope of possible “significant negative environmental impacts” certain types of projects can have. They are produced by a project’s “Lead Agency” (generally a major figure in the project), who must ensure that copies of both draft and final EIS are made available to the public for a period of “public comment.”
To comply with these disclosure requirements, the Lead Agency must both post the EIS on the internet, and provide a hard copy upon request. As an alternative to providing on-demand hard copies, environmental regulations also allow the Lead Agency to place copies of an EIS “in a public library…,” where they must be available for viewing and copying during the public comment period (which is a minimum of 30 days, but can go much, much longer).
This “public comment” period is critical. When done right, it enables clarity and transparency even when a project’s approvals span multiple agencies (like zoning boards, preservation boards, and a legislative body). This allows the average citizen to provide timely comments about on things like environmental hazards, land use, historic preservation, and design. So the role of the library in ensuring public access is valuable.
As the member’s question appreciates, EIS can have value even after the “public comment” period is closed. Long after a project is complete, an EIS can reveal site conditions relevant to health and safety. For professionals like urban planners, environmentalists, architects, and attorneys, the information in an EIS can be very useful. And from the local history perspective, an EIS can show, decades later, what a village, town, or city perceived as a danger, asset, or cultural resource. Coupled with building permits and variances, that information can show who was allowed to build what in a particular village, town, or city. For this reason, I predict EIS will be important resources to the historians of the future.
To assess if a printed EIS should be retained by the library, libraries can use their normal accession evaluation process. One thing to consider in such an evaluation: the NY Department of Environmental Conservation retains copies of all EIS (in a manner that accords with the DEC’s own record-keeping policies). Personally, I do think there is value in retaining the local hard copy, but as the member states, these things can take up a lot of room!
One thing that can make the entire process around EIS easier for a library is having an “EIS Acceptance Form” that is signed by the “Lead Agency” when they drop off the copies for required disclosure. Remember, use of the library is a courtesy that allows the Lead Agency to escape making numerous on-demand copies, so they should be very gracious about signing such an agreement!
I have supplied the essential elements of such a form below, and added a few non-required but library mission-centric terms to them.
The most helpful feature of this template form is the requirement that the “Lead Agency” notify the library that the public comment period is over; this way, a library can receive express confirmation of when the time to officially make the EIS available has ended, and the decision to dispose of or accession it can be made.
Thank you for this thoughtful question.
TEMPLATE EIS AVAILABILITY REQUEST FORM
The State Environmental Quality Review Act (“SEQRA”) requires that draft and final Environment Impact Studies (EISs) be posted on publicly accessible web sites by the “Lead Agency” for the project, and to provide hard copies on demand.
Regulations allow a lead agency to place copies of the EIS in a public library instead of making a large number of individual copies. By filling out this form, you, as “Lead Agency,” are requesting that the [NAME] Library place ____ printed copies of an EIS for availability to the general public, and expressly authorize the creation of as many copies as needed by the public, to fulfill your disclosure obligations under SEQRA.
Further Terms Agreed to By Lead Agency
As a condition of assisting with access during the public comment period, the ___ [insert number] physical copies provided by Lead Agency shall become the physical property of the Library, who shall have an irrevocable license to duplicate the EIS, in any medium now in existence or further developed. After being notified by the Lead Agency of the close of the comment period, the library may retain the physical copies, or dispose of them, at its sole discretion.
Lead Agency also hereby commits to remunerate the library for any request for a copy to be modified per ADA accessibility needs, including but not limited to conversion to braille, large print, or for use with an electronic reader. Such copies shall remain the property of the Library.
Lead Agency will notify the library via an e-mail to [ADDRESS] when the EIS is no longer required to be available for public comment and duplication.
The Lead Agency employee or agent signing this EIS AVAILABILITY REQUEST FORM is an authorized signatory of the Lead Agency.
CONTACT AT LEAD AGENCY: ___________________________________
TITLE OF CONTACT: ___________________________________
PHONE NUMBER: ___________________________________
PROJECT NAME: ___________________________________
PROJECT ADDRESS(ES): ___________________________________
PUBLIC COMMENT PERIOD START DATE: ___________________________________
PUBLIC COMMENT PERIOD END DATE (if able to be determined): ___________________________________
SIGNED ON THIS __________ DAY OF ____________, 20_____.
[NOTE: Any template form should be reviewed by a library’s attorney for conformity with charter, bylaws, and current policy]
 From the “SEQRA Handbook” page 162: “The minimum public review period is thirty days, calculated from filing of the Notice of Completion. If the draft EIS is lengthy, there is delay in distribution of copies, or there is substantial public interest, the lead agency should extend the review period. In practice, the time allowed for draft EIS review is often considerably longer than the minimum. The lead agency may wish to negotiate a mutually acceptable extension with the project sponsor. If a hearing is held to receive comments on the draft EIS, the SEQR regulations require that the review period must remain open for 10 days following the close of the hearing, for the receipt of additional written public comments.” It is not the job of the library to do these calculations!
 Just to reiterate: this template is just a starting place. Any template form should be reviewed by a library’s attorney for conformity with charter, bylaws, and current policy.
We have a question that relates to the intersection of New York state level library privacy laws (https://www.nysenate.gov/legislation/laws/CVP/4509) and FERPA. Our campus has a newish system that is attempting to correlate student actions and activities with academic success and retention. As such, it could be helpful to include things like visits to the writing center, appointments with academic advisors, and also library activities, such as whether a class came in for a library information literacy session or whether a student made an appointment for a library one-on-one consultation. FERPA lets institutions share academically related information within certain bounds.
We are wondering what the privacy balance is here given that the information would stay in-institution, but not in-library. Here's what we are considering doing:
1) Noting in the system which classes had a library session(s). Within the system, that would identify individual students within those classes.
2) putting an opt-in statement on our one-on-one research appointment form and if the student consents, then providing to system the student name, appointment date/time, and course that the help was for (but not anything about the specific content of the appointment).
Have we crossed any lines here? Do we even need the opt-in statement? Is this something clear or fuzzy/grey? What should we be considering that we haven't thought of? Thanks.
Depression. Burn-out. Dissatisfaction. Lack of connection. Lack of money. Lack of parking.
These are just some of the reasons students give when they choose to leave—or are forced to leave—their college or university before graduating.
Many times, these reasons snuck up on them, although in hindsight, they could be seen: a pattern of missing classes, a downward trend in grades, maybe even dropping out of clubs and other campus activities. And almost always, after a student leaves (often in tears) faculty and staff, coaches and friends, are left wondering: could they have done more?
No matter what events led up to it, for each such incident of student “attrition,” the stakes are high: student loans, a sense of failure, the end of a career dream, and perhaps even a medical condition that went untreated while the student struggled on their own.
But what if the clues could be seen earlier? What if the downward spiral could be stopped?
Fueled by increasing technological capabilities, many institutions of higher education are developing cross-campus, inter-sector systems to do just that: hoping to correlate the warning signs and fight student attrition through early intervention. Using a variety of commercially available and home-programmed tech, they are tracking everything from dining hall meals, to class attendance, to visits to the gym. These factors, as well as comments from concerned faculty or staff, are then routinely assessed and cross-checked for red flags.
Because libraries are increasingly hosting classes and providing adjunct space for group work, it makes sense that such a system would consider tracking library usage. After all, it can be a good sign that a student is just getting out of their dorm room!
But there is a tension within this well-meaning system. College is where young adults journey to find their independence and privacy; promoting this maturation is part of a college or university’s purpose. Further, a net of privacy laws constrains the easy sharing of certain types of information. But knowing the painful consequences of unchecked student struggles, many institutions work hard to find the right blend of metrics and policies to be able to intervene.
Part of this hard work is finding the right path through that net of privacy laws. As the member writes, the biggest privacy law of all, FERPA, does allow such inter-departmental sharing, and even parental notification about safety concerns, when the time is right. It does this through both application of the law, and “FERPA waivers.”
But in New York, FERPA is not the only privacy rule to apply to these information-sharing systems. As the member states, New York’s Civil Practice Laws and Rules (the “CPLR”) §4509 (“4509”) also governs a student’s records—at least, their library records. And it sets the bar high.
4509 is a short law where every word matters, so it is worth quoting in full here:
Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state, including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute. [emphasis added]
As you can see, “college and university libraries,” even though they are part of larger institutions, are clearly covered by this law.
So how does 4509 impact the member’s question?
First, every library (academic or not) should have a clear sense of what it regards as “library records.” As can be seen in the statute, the term is not precisely defined (“including but not limited to” leaves a lot of room for argument!). Some of the obvious ones are listed in the law (circulation records, database searches, copy requests) but unnamed others could be just as vital to privacy (use of a 3-D printer, security footage covering the circulation desk, and in the member’s example, the use of research appointments). And still others activities that use the library may or may not apply (classes conducted in the library, but not part of library programming, are arguably excludable).
To protect the records as required by law, a library must know precisely what records it must protect. This is why, just like a public or association library, a college or university library should have a “Privacy of Library Records” policy clearly showing where it draws the line. Such a policy should also have a “subpoena response protocol,” so the library can train staff on how to receive internal and external third-party demands for information.
And in a perfect world, this college or university “Privacy of Library Records Policy” should be known and supported by the institutional officer who oversees the library (a Provost or Academic VP). This officer’s authority, from time to time, may be needed to ensure the policy is respected by campus safety officers, student disciplinary administration, and any other department that might want library records in service of another institutional purpose. Librarians should not hold the 4509 lines alone!
Now, back to the member’s scenario. Once a library knows precisely where it “draws the line” on library records, the member’s instinct is right: any access to information that falls within the institution’s definition of “library records” should be either denied, or allowed only as the law requires: via a signed consent from the user/student.
I know, just what every student wants—to fill out another form! But these 4509 consents, just like a “FERPA Waiver,” are not only mechanisms to ensure legal compliance, they are a chance to educate students about their right to privacy.
For instance, the consent form (I imagine it would be a digital click-through on a password-protected student account, but it could be a paper form) could say:
“The privacy of library records is protected by the law in New York State (CPLR 4509). Your enrollment in the [SYSTEM NAME] will ask the library to disclose certain library records that are protected by this law. As a library user at an library in New York, you have the right to keep your library records private. A list of what [LIBRARY NAME] considers to be library records is here [link to policy]. If you would like to consent to the [NAME OF LIBRARY] sharing your library records with only [SYSTEM], please check the below consent:
[ ] I am at least 18 years of age, and consent to the limited sharing of my library records for purposes of sharing the information with the [SCHOOL NAME] [SYSTEM]. This consent does not allow sharing my library records, even within the school, for any other purpose. No consent to share the records with external entities is give.
I understand I will need to renew this consent every fall semester, and that I may revoke this consent at any time.
Of course, there is no legal requirement for annual renewal, but it is worth considering. A year is a long time in the life of the typical undergraduate student, who may enter college with one set of civil rights values, and leave with another. With an annual renewal, the library not only complies with the law, but educates the student about their privacy rights on an annual basis.
So, to address the member’s final questions:
Have we crossed any lines here?
No. By thinking about this issue during the planning phase of the system, you are making sure the lines are bright and well-defined.
Do we even need the opt-in statement?
You could call it that, but I recommend calling it a “4509 Consent.” That would build awareness of this important law in our future leaders (and librarians). Of course, as a lawyer, I may be biased as to how important that is (but it’s really important!).
Is this something clear or fuzzy/grey?
Not so long as your library has a clear and routinely evaluated policy defining what it regards as “library records.” This can be tough at an integrated institution, where so much information technology crosses through different sectors. But it should be done.
What should we be considering that we haven't thought of?
I think you should consider buying yourself a nice cup of coffee or tea for doing your part to support a commitment to personal privacy in the United States of America and State of New York. Unlike in the European Union, our privacy currently risks death by a thousand cuts. Every bit of armor counts.
And thank you.
 I was a general counsel at a university for ten years…even as the in-house lawyer, I had a few of these moments.
 The “Family Education Rights Privacy Act,” a federal law often blamed for institutions not telling families about students’ struggles sooner.
 If this answer were to address those bases, it would be about ten pages longer, so we’ll just assume the system in this scenario complies with all the regulations and guidance listed here: https://studentprivacy.ed.gov/audience/school-officials-post-secondary.
 Neither is CPLR 4509. These systems have to navigate HIPAA, state health and mental health laws, and depending on what they do, even PCI and defamation/libel concerns.
Should an event occur, is it legal in NYS to institute a lockdown in a public library?
This question brought back a lot of memories for your “Ask the Lawyer” attorney.
Between 2006 and 2017, I was a full-time in-house attorney on a college campus. On April 16th, 2007, my time in higher ed was forever changed, when the entire campus froze to watch the reporting from Virginia Tech. 32 people dead. 17 wounded.
Over the years, as incident after incident occurred on schools and college campuses, my colleagues in higher education would wonder “Are we next?”
I was lucky; my campus had no such incident during my time there (or since). But I was there for the development of our active shooter response protocol, there for our on-campus trainings, and there, as an administrator, for our “incident response” trainings with local, state and federal law enforcement…getting ready for a day when we might not be lucky.
Large (and small) public institutions and facilities like schools, museums, malls, and of course libraries have been struggling with how to prepare for the day someone brings a gun and threatens or perpetrates violence on their property. It is a horrific thing to contemplate, and a scary prospect to plan for…especially because there is a diversity of opinion as to what the best prevention and training techniques really are.
Some institutions have the benefit of mandates. In New York, all schools must practice active shooter response, and there are laws, regulations and experts in place to guide those mandated drills. And college campuses are mandated to prepare for emergency response.
Public libraries, on the other hand, do not have such a state-wide mandate. Although chartered and operated in connection with a municipality, they are independent operators. This means that though they may choose to follow whatever policy or procedure their municipality has developed for emergency response, or to adopt their own, that choice requires board approval.
But the member’s precise question is: is it legal in NYS to institute a lockdown in a public library?
First, let’s clarify what is meant by “lockdown.”
Per §155.17 of Chapter 8 of New York’s Rules & Regulations:
Lock-down means to immediately clear the hallways, lock and/or barricade doors, hide from view, and remain silent while readying a plan of evacuation as a last resort. Lock-down will only end upon physical release from the room or secured area by law enforcement.
To some people, “lockdown” (hiding, barricading) in the face of an active shooter sounds like a really good idea. Others might prefer to run. And still others think the best option would be to fight.
According to the New York State Division of Homeland Security and Emergency Services, depending on the situation, any of these could be the right choice. Watch the video, “480 Seconds” at this link. It depicts, in stark and practical terms, the different “best” responses, depending on an active shooter situation. http://www.dhses.ny.gov/aware-prepare/step3.cfm
“Lockdown,” as defined in the NYS Education Law, was determined to be the best option for schools because they house a large, vulnerable population of minors. While many of us only hear about this procedure through our kids (as we try to conceal our terror), school librarians know first-hand that the drills our kids do are only a small part of a system that requires:
Any lockdown plan should be this well-developed, because as “480 Seconds” shows, sheltering in a secure place is not the only response to an active shooter situation. Further, even in a place with a lockdown plan, responses will vary by building type, function, and population served (consideration of people with different disabilities, for instance, requires continually renewed attention). Given certain variables, a lockdown procedure might be the best option, but even once that has been determined, ensuring doors can be secured, signage is properly posted, and staff are trained, are all critical elements of the plan.
So, is it legal to institute a lockdown procedure in a public library? Yes. Library boards can (and should) pass emergency response policies, include active shooter policies, and a lockdown plan might be determined to be the best response. That said, unlike schools entrusted with minors, libraries serve a large population of independent, autonomous adults. Unlike law enforcement responding at the scene, a staff directive to stay in place will only have the force of library policy…which is different from an order by law enforcement. A person who wants to leave (and whose biology is telling them they MUST leave) might do so.
For me, the most important aspect of this question is not if a lockdown policy at a public library is “legal,” but how a public library develops its active shooter response plan and trains its staff. This can be no cut-and-paste job; it is a work for a credentialed and experienced expert. There is grant money and aid out there for not-for-profit libraries to seek this critical input. And in many places, simply reaching out to local government can put you in touch with all the resources you need.
Just like “480 Seconds,” the services of an expert will help your library apply the collective wisdom about active shooter situations to the somber but vital act of planning for an actual situation.
We can never be truly ready for an active shooter incident, but we can be prepared. Lockdown might be part of that preparation. Thank you for this important question.
 It was probably a false sense of security, but these were the times when I was glad to have ROTC on campus.
 There is one exception to this: a public library that rents its property may be required, in its lease, to follow the rules of its Landlord. But that would still mean the board had approved the terms of the lease.
 This video is not graphic, but it is very serious. I suggest you not watch it at your library unless it is part of an in-depth and well-considered training on active shooter response, led by a credentialed and experienced expert (local law enforcement should be able to assist in finding that person).
 See NYS Education Law §2801-a.
 An emergency response plan, along with plans for an active shooter, is listed as a recommended policy in the NY Library Trustees’ Association’s 2018 Trustee Handbook, page 115.
 Of course, some libraries have private security, or coordinate with law enforcement. If that is the case for your library, their training and level authority must be incorporated into your plan, and that may change the dynamic.
 This is very serious: your plan and training should be put in place using a contracted, person with established credentials and experience writing and training on emergency preparedness and active shooter response. There are many accredited and recommended programs for this. For a public library, this would be through the usual procurement process.
Pornography and public computers in libraries have gone hand-in-hand for some time and I'm doing some research on how library policies should handle addressing this in a realistic and proactive way. The question that I am researching is whether or not it is legal to explicitly list pornography as something that cannot be accessed on library computers. I understand ALA and the Intellectual Freedom Committees stance on this issue as well as the first amendment ramifications and I am certainly not advocating for censorship, however, I've seen several policies that have tried to circumvent the issue by having vague, unhelpful policies and others that have flat out said that it is not allowed. Any clarifying help from a legal standpoint would be appreciated.
My understanding is that it would not be constitutional to have a policy restricting pornography, however, there could be something in the policy that restricts the displaying of pornography or other offensive content.
Because libraries are guardians of the first amendment, and because there is no consistent definition of “pornography,” the answer is: NO. I cannot offer legal guidance that simply bans porn…any more than I could suggest that a public library start charging admission. Such guidance would cut into the fundamental heart of a library’s mission.
But there is a way to achieve your underlying objective: Focus on civil rights.
How does a “focus on civil rights” keep porn off library computers, you ask?
Let’s start with the fundamentals: why would a library would need to consider limiting internet porn in the first place? The answer is pretty simple. Aside from the malware—and the abysmal amount of copyright theft perpetrated by many porn sites-- no one wants to work or congregate in a place where other people are watching porn.
At best, it’s icky. At worst, it creates an atmosphere of gender-based discrimination (of any gender…of any sexual orientation…and of those who do not gender-identify, too). So in New York, where the stakes for a sexual harassment claim have never been higher, providing a porn-free environment is an unquestioned goal at most places of employment…including libraries.
And so the true question here is not if a library can outright restrict access to internet pornography, but rather, how can a library make sure it’s not honoring one civil right at the expense of another? How does a library remain a beacon for the first amendment, but stand as a bulwark of equal access and fair treatment, too?
This balance can be achieved. The key, just like in other matters involving fundamental rights, is to have a clear, well-developed policy, applied by trained professionals, well-documented and guiding you every step of the way.
Every library policy should be customized for its unique environment (and harmonized with other policies), but here is a quick example of the type of document I describe, designed to fit into a library code of conduct, patron access agreement, or other behavior-related policy:
The[INSERT NAME] library absolutely respects users’ rights to reliably and confidentially access content, but also has a duty to ensure that its shared community space is free of behavior that demeans, intimidates, or discriminates against patrons, other visitors, and employees.
Therefore, to ensure compliance with local, state, and federal civil rights laws, anyone using or displaying library resources in a manner that creates an atmosphere that could harass, sexually harass, or discriminate against others may be asked to modify their behavior.
Examples that may require staff to ask you to modify behavior include, but are not limited to:
Any request for modification, action or determination under this policy will place the highest priority on the right of patrons to access content, and will seek ways to address the concern without restricting that access. Modification could include:
In some cases, however, “modification” may simply mean a request to discontinue the behavior. Examples include but are not limited to: deliberately leaving images of violence in a children’s area; prominently displaying sexually graphic content in full view of other patrons and employees; any activity that uses content to negatively target another person in the library.
Patrons who refuse to modify their behavior or to collaboratively resolve a concern may be found in violation of the library’s Code of Conduct and subject to restriction of privileges, per library policy.
“Prominently displaying” means the content is intentionally or incidentally visible to others, risking a hostile atmosphere.
By focusing not on the restriction of “pornography,” but on the creation of a respectful and welcoming environment for all, a library positions itself to ensure optimal access to content, but to follow state, local, and federal civil rights laws, too. And since one person’s anatomy textbook is another person’s porn, a policy that allows for proactive solutions, using incremental and creative adjustment, helps balance liberty with a respectful environment.
What part of first amendment jurisprudence allows this? The first amendment does prohibit the government from abridging the freedom of speech. However, it does not guarantee that all forms of protected speech may be heard on property owned or controlled by the government. Instead, the state (just like an owner of private owner property), has “power to preserve the property under its control for the use to which it is lawfully dedicated.” Further, as in any case “where the principal function of the property would be disrupted by expressive activity,” courts will not consider the main reading and reference area of a public library to be public forum where expression cannot be regulated.
Here is an example: let’s say I am working on book about inter-generational trauma. With only the best of intentions (writing a book exploring how the trauma of one generation can impact the next) I claim a table for myself near the reference desk, and start laying out books with pictures from the Jim Crow era. At the next table over, a young person sees the pictures, and suddenly finds the library is not the warm, happy place it was ten minutes ago. She gets very emotional, and the reference librarian notices. Using the policy, the librarian could then say: “I see you are working on an important project. Since this is a high-traffic area and these are some very stark imagines, can you consider moving to a table where you can access the material, but not risk a negative impact on others? That would help us serve you while also making sure the reference area is welcoming to all.”
If I say “yes,” and move, we all move on. If I say “no,” there may be a need for further discussion, but under the library’s policies, one way or another, an adjustment is made.
How could this work with a patron accessing porn on a public computer? The librarian states: “This is a public area that serves many people, and its environment must be respectful of our visitors and employees. What you are viewing is not consistent with that requirement, so it cannot be displayed is this area. Please stop now.”
If I say “yes,” and move, we all move on. If I say “no,” there isn’t much need for further discussion, since under the library’s policies, one way or another, an adjustment will be made.
This is what is called in first amendment jurisprudence a “time, place, and manner” restriction. Considering the mission of the library—to serve all—a policy of keeping the common areas free of graphic violence, invective, and sexually explicit content is very reasonable…especially since most parts of a library are not considered a “public forum.” It is the same restriction that allows librarians to ask people to speak quietly or not play music on their cell phones that others can hear.
I appreciate that this approach does require library staff to make and enforce value judgments about content—and some librarians may feel uneasy about that role. But the essential function of libraries rests on the ability of librarians to make content-based decisions. In fact, because they are trained to categorize and assess various types of information, librarians are some of the best-qualified people in the world to take such a burden on.
The case Sund v. City of Wichita Falls—also called the “Heather Has Two Mommies” case—shows the importance of qualified professionals making content decisions using consistently applied, well-reasoned policy. In that case, a town board tried to allow patrons to over-ride a head librarian’s decision as to where to shelve a children’s book depicting a positive, happy tale of a girl and her two mothers. When striking down the law, the judged cited the library’s careful accession policy and the level of training required of the librarian—and then confirmed that she had the final say in shelving decisions.
Librarians use such content discernment on a routine basis, and today’s civil rights laws demand they apply it to not only collections, but the library’s environment, as well. A policy that is well-developed, harmonized with other policies, and the subject of routine training and practice for staff can give this responsibility a reliable formula. Like all critical policies, such a policy should be custom-drafted and carefully considered before being approved by trustees, since if the resulting discernment is ever challenged, the board will need to stand by—or overrule—how it was applied in the field.
Balancing conflicting civil liberties requires careful analysis and diplomacy. But at the end of the day—I’m just gonna say this—unless they work in a very unique type of place, librarians have the right to expect a workplace largely free from internet porn. That freedom—and the freedom of patrons to access content without undue restriction—starts with your library’s commitment to civil rights.
Thank you for this important question.
 The only reason I know this is because I am a copyright attorney. No, really.
 See the new laws passed in 2018 about increased employer liability for sexual harassment.
 Obviously the sound editor at an erotic film production company hopes for a steady stream of work, but that’s the exception, not the rule.
 See the case Citizens for Cmty Values, Inc. v. Upper Arlington Public Library Board of Trustees, 2008 U.S. Dist LEXIS 85439 (2008), United States District Court for the Southern District of Ohio.
 I have no pre-emptive solution for people who bring their own laptops and are able to reserve a room, unless you have a policy that employees may enter such a room at any time, in which case my same advice applies.
 This case is a good read for any librarian seeking a refresher on the important of clear policy and a supportive board of trustees. It is also very laudatory of the librarian who fought for the right of the library to properly shelve the book.
I am not a judge, so I get to have a definition! Here is it: “Anything on the internet depicting a sex act, that comes with at least two pop-up adds.”
Beginning on October 9, employers in NYS are required to make interactive training which meets state outlined minimum standards to their employees to combat sexual harassment in the workplace. As a cooperative public library system which serves a membership of public libraries including those which employ 1-3 staff members, we would like to support our members by providing the training centrally. We have no governing or financial authority over these independent libraries. Their employees are not our employees.
Can we provide training centrally for the employees of member libraries, as long as the training itself meets the minimum training standards?
Do different levels of employees need to be provided with different training sessions, for instance do library staff persons need to be provided a training space free of the library director?
Do trustees serving on library (or any non-profit) board need to participate in this training and if so, do they need their own session?
It is my understanding that training can only be shared if all the institutions have agreed to the state version of the policy AND been given the state created training module. Is that true?
The member is right: New York State has taken the huge step of requiring ALL employers—whether they employ one, or one thousand—to train their people to recognize and report sexual harassment and illegal retaliation.
But this training requirement does not stand alone. Also as part of the amped-up law:
The resulting need to revise policies, adopt reporting forms, and organize trainings has hit many strategic plans and budgets hard. Libraries, who always feel budget pressure, are among the not-for-profits feeling the pinch.
Since this law passed along with the budget this spring, I have been counselling clients that this training requirement should not be viewed as simply another unfunded mandate (although it is), but an opportunity. What kind of opportunity? An opportunity for library leadership to gather and train their valued people to recognize and reject discriminatory behavior right from the start.
But at the end of the day, no matter how worthy the topic, convening personnel and hiring a qualified trainer costs money. Which brings us to the member’s great questions (underlined below).
First Question: Can we provide training centrally for the employees of member libraries, as long as the training itself meets the minimum training standards?
My answer to this is…Hold on. Before we talk about resource-sharing, let’s talk about scope:
Trustees, interns, and volunteers should be part of this training. 
Why trustees? When a small institution has a concern related to sexual harassment, trustees become front-line decision-makers. Further, trustees are generally the “supervisors” of directors—and the new law specifically requires that supervisors be trained. And finally—but most critically—library trustees set the tone for mission and leadership at the library. You cannot change or evolve a library’s culture without trustee involvement.
Why interns and volunteers? This new law comes with liability for harassment directed even at “gig” workers. This liability can be caused by any person acting on behalf of the library—even a volunteer. So every person who works at the direction of your institution should know this law, and how to work within it, together.
With that scope of attendance in mind, based on the guidance from the state thus far, if the policy and reporting form track the model policies provided by the state: my answer is YES.
Second Question: Do different levels of employees need to be provided with different training sessions, for instance do library staff persons need to be provided a training space free of the library director?
NO! In fact, I believe a library would lose much of the value of the sessions if it did so.
Why is that? While the stark requirement of the policy is to review the law, a side benefit of such a training is creating an esprit de corps for combatting bad behavior together. That can best happen if each level of authority—from trustee, to supervisor, to employee to intern or volunteer—hears and honors the obligations of the other.
If the different authority levels are balkanized into different trainings, a valuable opportunity to build trust and accountability in service to the library’s mission of equal access is lost.
Third Question: Do trustees serving on a library (or any non-profit) board need to participate in this training and if so, do they need their own session?
The new law does not mention training trustees or directors specifically. But since boards generally supervise the Director or Executive Director, and are responsible for a library’s legal compliance in all matters, it is my conclusion that library trustees must be trained.
And—although my comments above recommend against it—they can be trained separately.
There is a related area, however, where separate training might be appropriate and warranted. In this day and age, governing boards should know: 1) the library’s insurance coverage for sexual harassment/discrimination claims, 2) the procedure for notifying the insurance carrier of a claim, and 3) how and when to call in third-party investigator to look into a complaint. Having trustees aware of these things, before a mandatory training under the new law, would be optimal.
Fourth Question: It is my understanding that training can only be shared if all the institutions have agreed to the state version of the policy AND been given the state-created training module. Is that true?
Let’s start this answer with what a library is looking for when arranging the required training—a required element of which is a live, in-person trainer that attendees can ask questions of.
What does the library need from this trainer? At bare minimum, the trainer needs to provide a session that meets the requirements of the law. Therefore, my guidance to those arranging trainings for a single entity is that the contract or hire letter contain assurance such as:
On [DATE/S], [PROVIDER] will provide [SINGLE INSTITUTION] with an interactive session based on the State of New York’s “Model Sexual Harassment Prevention Training” guidance and [Institution’s] Sexual Harassment Policy and Reporting Form. When the training is complete, trainer will certify that all elements for sexual harassment trainings required by applicable NYDOL and NYDHR guidance, and the laws of New York, have been met.
For a multi-institution training organized by a membership alliance or network, I suggest that the contract or hire letter contain some extra details, such as:
On [DATE], [Provider] will provide [Institution]’s members with an interactive session based on the State of New York’s “Model Sexual Harassment Prevention Training” guidance and [Institution’s] Sexual Harassment Policy and Reporting Form. When the training is complete, trainer will certify to each institution that all elements required by applicable NYDOL and NYDHR guidance, and the laws of New York, have been met.
As this is a multi-institutional training, to enable certification for each attending institution, the following practices will be observed:
Attendance is limited to 5 institutions, 60 attendees.
I based this guidance on what will no doubt be the next chapter in this legal saga: allegations of liability due to failure to properly update policies and train personnel.
The “certification” approach I am suggesting above is not required by the new law. Rather, it is designed to help your members, or your institution, create a record that will easily demonstrate that they endeavored to follow that law. It is designed to show that, even if a system or group had to share resources and do a mass training, a truly interactive and meaningful experience was intended. This is a key element of limiting liability.
Of course, in a perfect world, people attend sexual harassment trainings not only to limit liability and because they are compelled to, but to learn how to ensure such behavior is rare, quickly called out, and immediately corrected.
The importance of such training cannot be over-stated. When I was a 16-year-old page at a public library in the 1990’s, I was harassed by a patron. I was too young and inexperienced to know my rights, or what to do. Fortunately, I had the good luck to be on shift with an amazing assistant director. When the bad behavior started, this graceful woman walked over to the patron, and simply said, “This has to stop now.” And despite his displeasure, it did.
Many decades later, her unambiguous, dignified, and immediate action inspires me, as I hope it does you.
Done right, these mandatory trainings are an opportunity for your library’s team to practice this type of skillful handling. It is also a chance for supervising staff--who now have the term “mandatory reporter” in their job descriptions—to be assured that they are supported and backed up by informed and committed trustees.
Finding ways to collaborate and share resources to make such training and practice as accessible and rewarding as possible is a great initiative. Thank you for this excellent array of questions.
 Uber drivers who transport your interlibrary loans, for example.
 The State’s late issuance of required guidance—released less than 2 months before the effective date—didn’t help, either.
 I know, that’s not really the question. But this is very, very important.
 Yes, some of those volunteers might be very young! It will be the job of your trainer to train your employees both well, and appropriately.
 September 26, 2018. A I write this, they are assessing thousands of public comments—including some submitted by me—and that may change the basis of my advice. So if you are reading this in 2019, please check for updates.
 Just so you know, “my firm belief” is based on years of conducting anti-discrimination trainings, ten years as an in-house counsel at a university, and time as an Interim HR Director. I am not just going with my gut here.
 Nor does the current model policy, report form, or training materials. Considering that New York is a hive of corporations, this void is rather mind-boggling, but these State resources were compiled with haste. I imagine this will be addressed in later versions.
 Or some other reasonable number. This is just a recommendation. Basically, you don’t want the number of institutions or attendees to make the “interactive” requirement arguably meaningless.
 But by no means the only element. The most important one will be following the new law, and documenting that you are following it!
 Bernice Cosgrove.
 The patron was quite upset. In retrospect, he may have had some mental health concerns. These matters often come with complications that require tact, diplomacy, and compassion.
The director of the college print shop has come to me for copyright assistance. Our faculty often ask for photocopies of materials for distribution to students in class. She asks the faculty member if they have the appropriate permissions for making copies but is not always convinced by their answers. Is there any form she can ask faculty to sign attesting to their right to reproduce the materials that will protect the college in the case of copyright infringement? Thank you!
This question seems simple, but it actually involves some high-end concepts of business law and liability.
Most libraries, museums, theaters, and other units within large institutions are actually part of the same entity. In other words, although they may have a distinct identity within their institution (“The Michael Library” “The Peter Museum” or “the Catherine Gym”), there is only one actual legal entity (“Romanov College”).
Many people find these niceties hard to grasp, but here is why it is important: in this scenario, the single entity (the college) includes the on-campus copy shop. This means that what the shop does, the entity does…including alleged infringement.
This same unity generally applies to employees, too. In a body of law called “Master and Servant,” if an employee is performing a task related to their job, and not deliberately violating employer policy or the law, for purposes of the legal system, the employee’s actions will generally be imputed to the institution.
This is why institutions are best served in this area by educating their employees about copyright, and documenting the employees good-faith efforts to abide by the law (it is also why many HR manuals have warnings about the consequences of not following policy: it limits the institution’s ability to protect you).
This puts lot of pressure on the employees who staffing the in-house copy shop. What are their responsibilities? Do they need to educate their co-workers on copyright risk? Are they expected to protect the entire college? Each institution has different policies and job descriptions that answer those questions differently.
That said, is there a simple approach that can help with this? Yes. For the in-house copy shop (NOT for an on-campus contractor), below is a framework to address copyright priorities with diplomacy, tact, and helpfulness. It is designed to be used with an institution’s “Fair Use Assessment” form, and to route people to the person responsible for permissions at your institution.
NOTE: All that said, any copyright-related form not custom-designed for your organization should be reviewed for cohesion and consistency with other institutional policies, including those in the employee manual. Never use any copyright-related form without considering your institution’s unique needs and approach to copyright and liability! If your institution has an in-house lawyer, compliance officer, risk manager, or insurance carrier, make sure they are part of finalizing any such form or solution.
[INSTITUTION NAME] COPY SHOP COPYRIGHT HELPER
Hello! Thank you for coming to the [INSTITUTION NAME] copy shop to arrange duplication of your class materials.
As an instructor who generates your own copyright-protected material, you know the value of copyrights to others, and you know there are penalties for improper, unauthorized duplication.
Please follow the process below. When you check “yes” to 1 or 3, we are happy to assist you with your copies!
1. Do you have written permission from the copyright holder or their agent to make copies?
If “yes,” attach the permission, and let’s get copying!
If “no,” please move to question 2.
2. Do you have verbal permission from the copyright holder or their agent to make copies?
If “yes,” please confirm the permission in writing, return to us and check “yes,” above, and we’ll get right on this for you!
If “no,” please move to question 3.
3. Do you regard this copy as a fair use?
If “yes,” please fill out the attached [INSTITUTION NAME] fair use assessment form, and we’ll get your copies made!
If “no,” or “I don’t know,” please move to question #4.
4. Do you find this process frustrating and need help arranging permission to use this material, or more input on fair use?
If “yes,” please see XXXX at OFFICE LOCATION, who assists with permissions at INSTITUTION NAME. You can also call them at NUMBER or reach them at EMAIL. We hope to see you again soon!
MATERIALS (Title, number of pages):_______________________________
 This is one of the reasons many institutions opt to host a separate company for on-campus duplication services.
 I know! The law needs to move on. Perhaps “Captain” and “team member” can replace this.
 That said, never assume that is the case! Every allegation of liability must be carefully reviewed by a lawyer, as there are many exceptions and precise formulas that control such things.
 Demonstrable, good-faith effort to abide by the law can actually limit damages when copyright infringement is attributable to a not-for-profit education institution.
 If you don’t have either or one of these, share this RAQ with the decision-maker at your institution who could make that happen. Both the form, and a person who can facilitate permissions, are worthwhile risk management investments.
We are finding that librarians within larger institutions (like colleges and museums) are the go-to resource for copyright questions, which could also include institutional copyright concerns. What should a librarian do if the "question" they are presented with is really an allegation of copyright infringement?
“Ask The Lawyer” has touched on this topic a bit before. In our a 9/19/17 RAQ post “Skating the Line Between Helpful Information and Legal Advice,” we discussed the risks posed when patrons and co-workers confuse the helpful attitude and boundless information provided by librarians with legal services.
The bottom line from that guidance was:
When [asked for legal advice], librarians must emphasize the boundary between good service and legal advice. Here is a formula for that:
I [the librarian] provide access to library materials based on the law and policy of my profession and institution; you [the user] should consult your own attorney regarding any legal concerns about your use of the materials being provided.
The current question takes this issue one step further: what if, when asked to play this front-lines role, the librarian is alerted to a potential claim of infringement against their institution?
Here are a few examples of how this can emerge:
Coach to librarian: “I thought I would check with you…this guy called us and said we used his photo of the volleyball team on fliers without his permission. But we’re not-for-profit, so copyright doesn’t apply, right?”
Curator to librarian: “We used a photo of the artist to promote the current installation on Facebook and some photographer is claiming we need a license? But the artist said it was okay!”
HR Director to librarian: “You are our go-to on copyright. This person says they generated it on their own time, but we own everything our employees create on our computers, right?”
Before anything else, it is important to say: many institutions have an established protocol for handling ANY threat of litigation, be it copyright infringement, slip-and-fall, or breach of contract. So first and foremost, librarians at larger institutions should know their institution’s policy or procedure for when a lawsuit is threatened. The risk manager, business manager, in-house legal counsel, or the employee who coordinates insurance coverage is often the point person for this.
When your institution has such a protocol, the reply to questions that reveal a threatened claim of infringement should be “That sounds like it could be a claim of copyright infringement. You should refer that the XXX, who handles claims.” And whether or not the inquirer follows through, to protect both the librarian and the institution, the librarian should then e-mail XXX to say “Today I referred Coach/Curator/HR Director to you, as they were contacted by someone who might have a legal claim.” This makes sure the legal hot potato doesn’t stop at the library, even if the other employee doesn’t follow through.
Of course, not every place will have an XXX, and not every person will seek advice the moment the threat of a claim arises. Here are some alternate versions of our three scenarios:
Coach to librarian: “This guy called us about three months ago and said we used his photo of the volleyball team on fliers without his permission. We also put it on t-shirts. Can you look at this “cease and desist” letter?”
Curator to librarian: “Remember that awesome installation? Well, I’m forwarding you some emails between me, the artist, and his photographer. They say we owe like $2,000.00 in licensing fees, but it’s fair use, right?”
HR Director to librarian: “I need to send this letter about work-for-hire, can you review?”
In these scenarios, institutional debate or engagement with the claimant is well under way. Even though things might be further along, and tempers hotter, the priority is still to end the engagement and get the matter in the right hands as soon as possible. So, even if your institution doesn’t have an XXX, and the situation arrives at your door a little more “hot,” the best thing to say to your co-worker is: “This sounds like a legal matter. We need to connect you with our attorney.”
If your co-worker has been so kind as to refer the (often angry) claimant to you without warning, and you are now on the phone with them, it is generally wise to:
1. Listen, and make notes of what the claimant is saying.
2. DO NOT ARGUE, DEBATE, or SUPPLY INFORMATION.
3. Use your customer service skills to simply say “This sounds very important. I have made a note, and will make sure someone gets back to you by [date].”
4. When arranging appropriate follow-up, minimize internal e-mail discussion, which could become discoverable evidence. Remember, the back-and-forth the employees engage in, unless it involves an attorney providing legal advice, is not subject to attorney-client privilege.
5. Get that legal hot potato to your attorney or insurance carrier and get out!
I realize that budgets are tight in the not-for-profit world, and not everyone has an attorney in-house or on call. This is where your insurance carrier could be a key player. Most bigger institutions have some form of coverage that addresses copyright. Your carrier does not want you to spend time arguing with a claimant, generating potentially damaging evidence! So in the absence of a lawyer, your insurance liaison and carrier (who will use a lawyer) might give your institution a place to send the “hot potato.”
The bottom line: every institution has a slightly different way it approaches litigation risk, but every institution should have an established way. Making sure library staff are aware of and comfortable with their institution’s protocols, and are supported in those protocols by trustees, officers and key personnel, are the keys to this issue. The statutory damages and mandatory attorneys’ fees often involved in copyright litigation make this a high risk management priority.
Librarians should be on the front lines of information access and fair use, but not the first line of defense for copyright litigation. Hopefully your institution appreciates this critical distinction, and supports it.
Or there’s always law school….
 I am sorry if any of these fictional scenarios have triggered stressful memories.
 If there isn’t one, I pose an alternative in a few paragraphs, but in most instances, there is.
 See the helpful script in paragraph two to remind people you are not a lawyer.
 Some alert carriers right away, others are wary of having a high claim number. Some carriers want to know the moment there is even HINT of a claim. This is something the person responsible for insurance will know.
 I am writing this guidance to be shared with such stakeholders, if it can be helpful.
Are libraries legally required to obtain photo releases from all patrons (children's parents, teens, adults), even if we don't name those patrons before publishing photos to our social media accounts and/or press releases?
This is a huge question. To answer it, let’s start with where the mania over image releases comes from.
New York Civil Rights Law, §50, states:
A person, firm or corporation that uses for advertising purposes, or for the purposes of trade, the name, portrait or picture of any living person without having first obtained the written consent of such person, or if a minor of his or her parent or guardian, is guilty of a misdemeanor.
In this age where every “click” and post is potentially monetized (and thus “advertising”), this rule is tough to advise on. If I post a picture of my sister on Facebook, and her smiling face helps Facebook get attention for a sidebar advertisement, can she fulfill a threat made back in 1987 to get me in “sooooooooo much trouble?” Not quite. But if I create an ad for an event to be held at my law firm, and I use someone’s image without permission, that could be problematic.
The next layer of concern could come from Facebook itself. As they say in their “Terms,” users may not:
…do or share anything:
So, if my sister alleges that I have “violated her rights,” by posting her picture, am I risking my Facebook account, too?
A lot of this comes down to how Civil Rights Law §50 is being applied these days. As of this writing, I did not find any case law where simply posting an image to Facebook violated §50. Further, recent case law gives insight into what the courts will consider to be “advertising.”
“Under Court of Appeals precedent, the statute is to be narrowly construed and strictly limited to nonconsensual commercial appropriations of the name, portrait, or picture of a living person. A use for advertising purposes has been defined as a use in, or as part of, an advertisement or solicitation for patronage.” 
This sounds helpful, until you starting thinking that, in the world of Facebook, everything is only one degree from being an advertisement. So how does a library post photos of patrons using their library without losing sleep at night?
The 2013 case of Leviston v. Jackson is instructive. In Leviston, a woman sued the rapper 50 Cent for posting a sex tape (not made for commercial use) featuring her on his unmonetized web site. During his testimony, 50 Cent stated that he posted the video to antagonize an opponent in a rap war. During his testimony, 50 Cent admitted that rap wars are conducted in part to test the mettle of different rappers, and to bring attention to the combatants. The judge, seizing on this admission that rap wars are in part for “attention” (of the commercial variety) refused to dismiss the Plaintiff’s claim.
So, if your public library is at war with the association library across town, or fighting a budget battle, and you would like to post pictures of patrons claiming “Our Books Our Bigger!” your library should get written image releases. If, however, your not-for-profit library is simply publicizing “new hours!”, the person whose image you use would have a very weak claim (if they had a claim at all).
That said, in general, it is a good practice for libraries to get image releases whenever possible. First, you never know when you might snap the perfect picture to illustrate why a new resources or a bigger budget would really help your mission. Second, asking for permission to use a person’s image will emphasize your library’s respect for personal privacy and patron confidentiality. And finally, by memorializing permission to use an image, you reinforce the patron’s connection to the library…and generate a great record for the archivist who will be trying to catalog your photos in 2118!
Thank you for your question.
 Leviston v. Jackson.
We are planning on installing a bike rack for our community members. With it begs the question, should we also loan bicycles? Many libraries already do. Here is but one example: http://cpl.prl.ab.ca/about-us/policies/bike-borrowing-agreement. My question is, as long as you have a policy in place, and the borrower signs the agreement, are all injuries waived once off your property? Is it really as simple as that? Please help me identify any worst case scenario possibilities that I should be prepared for.
From tools, to bikes, to digital printers, an increasing number of libraries are providing access to more than information.
I imagine someone has named this phenomenon, but I got a J.D., not an MLS, so I couldn’t find its overall name. Therefore, I call it “The Library of Things.” 
Joining “The Library of Things,” signals a sea change in the identity of a library. It expands its lending model beyond information (books, media, data) to capability (printers, kayaks, cameras). It converts a community asset from a place of intellectual access to a source of physical action and production.
This combined role is re-framing community awareness of libraries. But whether it’s called a “makerspace,” or a “tool library” or simply a “3D printer,” these resources are challenging traditional library laws and ethics governing access, liability, and patron privacy. The member’s question is a perfect example of the complications that brings.
What complications? The “Library of Things” is not simply about accessing assets, but using them, applying them, and sometimes, riding them. Most library law (parts of the education law, CPLR 4509, a robust array of civil rights jurisprudence, and a body of case law regarding library operations) is built around that premise that a library’s mission to provide access to information must be safeguarded at all costs. But that jurisprudence is largely silent on the issues posed by using equipment to take action or produce something. That function, while important, is not enshrined in the law. Prediction: the Library of Things will soon start testing the conventions of libraries’ legal status quo.
But let’s get down to the brass tacks (or the greased chains). What about the bikes?
Regarding the member’s precise question (“…as long as you have a policy in place, and the borrower signs the agreement, are all injuries waived once off your property? Is it really as simple as that?”), the answer is “no.” The liability for lending equipment is a varied as the disclaimers and warrantees that equipment comes with, and in general, a simple policy and waiver are not the only things needed to anticipate risk and reduce liability. So how does a library do it?
First (and I cannot say this enough): no library should contemplate the loan of functional equipment without thoroughly considering the risks and conditions of that equipment’s use. The member’s question says it all: Please help me identify any worst case scenario possibilities that I should be prepared for.
When it comes to lending bikes, here an initial laundry list or “worst case scenario” thinking:
Don’t worry…there are many ways to address the risks these questions highlight. One solution, which can greatly ease the burden on a library, is to have the liability assumed (and insurance provided) by a third party through a rental contract. With that approach, rather than accession the bikes, the library picks up the fee (rather like paying for access to a database), and the patrons, following an established policy, check the bikes out on their card. In such an arrangement, the library’s contract, the underlying policies, and the agreement signed by the patron, could be drafted to promote safety and to shift the liabilities away from the library…an arrangement that must be confirmed by the right combination of contract provisions and proof of insurance.
Second: no library should contemplate the loan of functional equipment without thoroughly considering the unique nature of their library. Is the library a public institution? Is it affiliated with a larger organization? What are the limits of its insurance? Are there physical hazards near it that warrant enhanced care? If your public library is at the top of a steep hill with a railroad crossing at the bottom, it should not use the same bike loan policy as the college library in the flat town with no CXS line.
Third (but in many ways, first): Is the contemplated asset critical to the mission of the library? Is fulfilling the patron need for this equipment consistent with the library’s strategic plan and goals? If the answers are “yes,” then addressing the first two questions should be easier, since clearly the identified risks and complications will be worth it. If bikes with baskets help fulfill the mission to deliver books to the senior center, then bikes with baskets it is.
And finally, there are ancillary considerations. Is the loan of equipment a “circulation record” subject to privacy laws? Is the service as accessible as possible per ADA? Do you need to follow a procurement policy when seeking a third-party bike provider or a purchase source?
When developing a bike loan program, it’s essential to consider:
That’s a lot, but there are resources to help you. The library’s insurance carrier should be consulted at the outset. The NY Department of Transportation maintains a list of current bike laws. There are an array of groups that offer free safety training, and many civic organizations offer free helmets. If possible, a third party vendor is the way to go, since it can help limit the library’s liability. Liability waivers should be custom-drafted to fit your library and the precise arrangements it has made for the bikes, but drafting your waiver should be the last step, after you’ve made your decisions about safety and conditions.
With a little coordination, you can address all the bells (but by law, leave off the whistles).
There’s a lot to wade through, but one thing is clear: libraries are evolving. This means that with a few fits and starts, the law will evolve with them. So once your organization decides to join the Library of Things, know the assets, know your library, stick to your mission, and roll with it.
With the right planning, it’s as easy as riding a—
 I invented this term as I wrote. During editing, my husband (who does have a library degree) checked “Library of Things,” and found that it’s been in use for quite a while. So I got to think I was clever for about 2 hours.
 I’m not a historian, either, but I really do think this change is significant. Think about it: Ben Franklin, who founded this continent’s first formal lending library, was a printer. But did that library give members free access to a printing press? Or a candle mold? Lending things has not been baked into the model.
 These documents should be reviewed by the library’s lawyer. It doesn’t hurt to have them reviewed by the library’s liability insurance carrier, too.
 For instance, Camrose, AB, the library in the member’s question, is in Canada, a country with a markedly different approach to risk and health issues.
A member asks…[We] are switching to a Paid Time Off (PTO) model in 2018 and are looking for guidance on how to handle payout of the benefit when an employee terminates from employment. We would like to offer each employee their full yearly amount of PTO at the beginning of the calendar year (or start date of employment for new hires). However, we are concerned about the budget impact of having to pay out for every hour of PTO an employee has amassed in situations where employees terminate early in the year. As such, we are exploring a policy in where an employee receives all of their PTO hours at the beginning of the year and is free to use those days for time off. But if they terminate, they would only be paid out for a prorated amount of the PTO balance they have based on the number of hours they worked during the calendar year in which they terminated. Would such a system, if made clear in our Personnel Policy and not impacting any time accrued under a previous policy, be acceptable? Alternatively, would the Library be able to cap the amount of hours paid out upon termination to an amount we determine (35 hours/70 hours)? … Any feedback you could provide would be greatly appreciated. [Emphasis added]
Libraries are service-intensive environments, which means they depend on their employees to report to work. However, since so much depends on staff, libraries are also wise to give their employees the tools for self-care and a proper work-life balance. A PTO policy is a great way to facilitate this.
What is “PTO?” Put simply, PTO is a finite amount of paid time off work (scheduled or unscheduled), to be used for vacation, short illnesses, “mental health days,” or whatever else is needed (note: often, bereavement is excluded). By not dividing time off into distinct types, PTO enhances employee privacy and flexibility—while decreasing the administrative burden of tracking the type of time.
The increasing use of PTO also makes sense as the ADA, the FMLA, and the upcoming New York Paid Family Leave Act have changed the landscape of medically-related time off.
Before we get to the heart of the member’s question, let’s start with some crucial basics. Under NY labor law, employers must have a written policy (or policies) governing sick leave, vacation, personal leave, and holidays.1 Under that law, as governed by the policy, the value of these “wage supplements” must be paid out at termination.
That said, conditions can be put on the terms of these “supplements”; according to the DOL the amount of time that can be cashed out “depends upon the terms of the vacation and/or resignation policy.”
This guidance is backed up by case law: New York courts2 have held that the required policies about PTO can specify that employees lose accrued benefits if such loss is a condition of the policy.
Among other things, conditions in PTO policies may cover the following:
How PTO accrues (annual, or more incremental);
How eligibility and earned amounts are governed (for instance, part-time vs. full-time, or based on years of service);
How much PTO can be paid out at termination;
If eligibility for payout survives termination for misconduct;
How “scheduled” and “unscheduled” (sick, emergency meeting, etc.) PTO is granted;
If a certain amount of reasonable notice before quitting is required to get the payout;
If a restriction on the number of employees using PTO at once is needed (this is critical for service-intensive environments like libraries).
In addition, any transitional/new policy can (and should) expressly address already accrued wage supplements (for instance, converting any unused vacation to PTO, or paying it out). As the member shows sensitivity to in their question, the new policy should never nullify wage supplements already accrued.
So, here we are, at the heart of the member’s question: can the amount of PTO cashed out at termination be pro-rated based on the time of year the resignation happens? The answer is: Once given, PTO should not be clawed back based on a variable factors, even those factors are set out in the policy. However, the solution is just as the member posits (and as is listed in the third bullet, above): uniformly capping the amount to be paid out, and applying it without fail.3
The nature of the library (public, private, part of a larger entity, etc.);
The bylaws and role of any board policy or committee (for instance, if there is a personnel or HR committee, this topic would be of interest to them);
Any union contracts or other contractual obligations at play;
The full suite of employee benefit policies, and the recruitment, development, and employee retention and compliance goals they serve;
The budget impact of any changes.
Once a library arrives at draft policy, prior to it being enacted, a lawyer should review the policy to ensure it is compliant, and works well with related legal obligations, contracts, policies and procedures. Further, it is ideal if the policy is reviewed by the treasurer, and/or the person preparing the budget, and/or the person who files any tax forms on behalf of the entity. I’m no accountant, but I know PTO is logged in a specific way on balance sheets, and it can have an impact on financial statements.
So once you have your draft PTO policy, invite your lawyer, your treasurer, and your accountant (there’s a joke in there somewhere, I know), over for a quick cup of coffee, and make sure everyone says you’re ready to launch!
1 Section 195.5 of the Labor Law states: Every employer shall notify his employees in writing or by publicly posting the employer's policy on sick leave, vacation, personal leave, holidays and hours.
2 [See Glenville Gage Company, Inc. v. Industrial Board of Appeals of the State of New York, Department of Labor, 70 AD2d 283 (3d Dept 1979) affd, 52 NY2d 777 (1980).]
3 PTO can also be given on a more incremental basis, but this nullifies some of the flexibility benefits it can bring. That said, the policy should consider when an employee first qualifies, and if starting employees get a pro-rated amount based on their start date.
Can a library report a crime based on use of library resources while honoring CPLR 4509 (assuring the confidentiality of circulation records)?
CPLR 4509 is a critical caisson in a library’s foundation, protecting users from those who would draw negative inferences based on access to the library. The law sets out, in bold, simple language, that librarians shall not disclose such records to law enforcement (or others), unless there is an appropriate subpoena, court order, or disclosure is required by law.
That said, there will be instances when serious patron misconduct might require a report to law enforcement—but the mere act of reporting it will disclose a circulation record (for instance, a patron signing onto a library computer that is then used for a crime). How does a library report the criminal behavior, while honoring the letter and spirit of 4509?
The American Library Association has compiled a great array of information on balancing these priorities, and it is clear that the answer lies in the library’s policies. I will not re-create this excellent list of considerations here, but when it comes to this particular question, it is clear every library should have:
The New York Library Trustees Association has a thorough database of policies addressing, from a variety of libraries, addressing these topics. But just use these for inspiration, since policies must be crafted, evaluated, and periodically revised to serve the mission, legal requirements, and operational needs of your particular library. Ideally, your lawyer should not only review the final product, but be ready to assist with any law enforcement request, is a good idea.
A library that makes sure it has addressed the points in the above bullets, and has trained their staff on these priorities, is ready to protect circulation records, while safeguarding the “proper operation of the library!”
 Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state, including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute.
 Note the ALA guidance on steps to minimize creating/retaining circulation records.
It has come up at our Reference meetings that patrons are using our technology to alter documents such as doctor’s notes (extending days of medical excuse, for example) and our staff is increasingly uneasy about assisting patrons with this. We try our best to ignore what people have on the screen but sometimes they ask for our help with altering scanned documents, and it's impossible to pretend we don't see what they are doing. We are uncomfortable telling patrons we decline to help them based on ethical reasons, because that would show admitting we have read what is on the screen. We are somewhat concerned about liability and potential obligation to report illegal activity. What are some ways we can shield staff from having to help patrons commit fraud?
Wow. There is really just no hum-drum day for librarians, is there?
Okay, let’s take this in stages.
First, the member’s question starts with the premise that the alteration of certain documents is illegal. That premise is correct. And although there are any number of crimes such alteration could be (depending on the type of document), here in New York, the catch-all term would be “Forgery.”
Forgery is a crime that comes in many degrees, but whatever degree, it involves the act of falsely making or altering a document (meaning the forger invented it wholly, or—as in the scenario—somehow manipulates or alters the original). However, it is important to note that a critical element of Forgery, no matter what degree, is the intent to defraud, deceive, or cause injury.
Second, the member raises the concern that, if library staff assist a patron who turns out to be a forger, they could risk being implicated in the crime—or feel an obligation to report what they have seen. While I found no case law addressing this precise scenario, these are valid concerns.
We’ll start with some good news: for staff to be (legally) implicated, they would have to be aware of the forger’s criminal intent. In other words, the staff would have to know that the person was planning to defraud, deceive, or cause injury; the mere suspicion would not make them part of a crime.
That said, if the content visible on the screen makes it difficult to ignore a crime in progress (for instance, the manipulation of child pornography) or the possibility of imminent harm to another (someone changing the checkboxes on a Power of Attorney, for example), both library operational integrity, and staff well-being, may require removing personal service, removing privileges, and/or alerting law enforcement.
Unfortunately, after looking at case law, guides from the ALA, and numerous policies in the field, I could find no graceful way for staff to simply discontinue service, without telling a patron why. Since staff assistance is in many ways as much of a right (once it is routinely provided) as access to your collection and technology, withholding it without a clear basis is a due process concern (for public libraries) and a professional ethics/best practices concern (for private libraries).
That said, I can offer the following steps to making sure staff are ready to address this difficult situation:
First, every employee and volunteer assisting patrons should have the phrase “service to patrons, in accordance with established policies and procedures” in their employee handbook, job description or volunteer letter (the wording doesn’t have to be precisely this, but the requirement of staff to follow library policies should be express).
Second, an institution providing access to “maker equipment” (computers, scanners, 3D printers, recording devices, tools, etc), should have a posted, public policy forbidding use of library equipment for illegal activity. Something like:
“Use of library equipment for illegal activity is forbidden. Examples of illegal activity include but are not limited to: manipulating illegal content, engaging in forgery (falsely altering documents), gaining unauthorized access to other computers or networks, and 3D printing of illegal devices. Staff assisting you, who suspect illegal activity, are authorized to discontinue assistance, and the library may discontinue your library access and contact law enforcement. Patrons using technology to alter official or signed documents should be aware that such activity may be perceived as potentially in violation of this policy.”
As with any library policy impacting access and privileges (including staff assistance), such a policy should have an established procedure, and at least one level of appeal.
Third, staff and volunteers should be trained on how to withdraw service while honoring the rights of patrons. A very simple policy (coordinated with current bylaws and other institutional policies before implementation), such as the generic one below, could assist with balancing staff well-being with patron rights:
It is the policy of the library that, to promote the integrity of operations, and the well-being of staff, use of library equipment and staff services in furtherance of illegal activity is forbidden.
Staff concerned that a patron’s use of library technology may violate the law shall withdraw their services and/or patron access to the technology, per the below procedure.
In making this policy, the library re-affirms that unless authorized by law, patron records, including those generated by the use of technology, are confidential, and that users of the library technology have a right to privacy.
In making this policy, the library re-affirms that all patrons are entitled to excellent service and access, and that such service and access shall not be removed without due process.
A staff member identifies a potential violation, withdraws from the patron, and consults a supervisor to confirm that withdrawing service and/or access is appropriate.
If the supervisor, upon further assessment, agrees that the use violates the policy, and that withdrawing service and/or access is appropriate, the supervisor will initiate the removal, and provide in writing to the patron:
On [DATE], your access to [/SERVICE/TECHNOLOGY] was removed, on the basis that the use was barred under our posted policy (copy enclosed). This removal may be appealed by sending a letter of appeal to [PERSON], at [ADDRESS] by [DATE]. The library respects your privacy and does not require you to appeal or to provide any further information regarding this matter, unless you choose to do so.
If an appeal is filed, the [PERSON TO WHOM APPEAL IS DIRECTED] shall consult leadership and legal counsel as needed, and shall notify the patron, in writing, as to the result of the appeal within [#] business days.
If there is concern that IMMINENT HARM may be caused by patron use of technology, staff shall immediately alert XXXX, who shall determine if law enforcement must be called, or if there are any additional immediate action take, per governing procedures.
I am sorry to not have a more graceful solution, but I cannot advise that staff simply withdraw services and not return to the patron. I have designed the above generic policy to provide a “uh-oh” moment for the patron, when they can remove themselves from a situation, and the supervisor can choose to not pursue the matter further. This is a delicate dance on the tightropes of confidentiality and operational integrity.
Further, I have added the final clause in bold so the person in charge at the time is reminded to use the “buddy system” when it comes to making tough calls about safety, inferring criminal intent, and assessing imminent harm. These are decisions that, whenever possible, should not be made in isolation.
This balancing, giving a situation time to breath, and due process, are the best way to shield library staff while honoring library principles. I hope you don’t have to use it too often! But with more and more people relying on libraries for service beyond the traditional quest for information, I suspect more institutions will be addressing this issue.
 NY Penal Law 170.00
 Of course, a prosecutor can pursue criminal charges if they believe they can prove such awareness…and they can try and prove it by using knowledge of the content. And for certain documents, merely altering them is a crime. So erring on the side of caution is wise.
 At the heart of this question is staff who don’t want to be implicated in wrongdoing, but honor their professional ethics, including the obligations to:
· Provide the highest level of service to all library users, and accurate, unbiased responses to all requests for assistance;
· Distinguish between personal convictions and professional duties;
· Strive for excellence via use of professional skills;
· Protect each patron’s right to privacy and confidentiality;
 This is advised by the ALA at http://www.ala.org/advocacy/intfreedom/guidelinesforaccesspolicies, and of course is required for municipal institutions.
 As part of this training, staff should be alerted to the library’s policies about any signs of activity posing a risk of imminent harm (which may be a result of illegal activity).
 This coordination is critical. Please don’t use any model language without considering your full suite of bylaws, manuals, policies, and procedures already in place.
We are looking to determine if there is a specific time frame for which email must be held. Can we designate in a policy that email will not be considered original documents - that all original documents must be in print format? AND if this is possible, how long then are we required to hold onto archived e-mail?
Please also comment on how, for state institutions, this issue is impacted by the NYS Archives Schedule MI-1 Schedule, which states:
“Generally, records transmitted through e-mail systems have the same retention periods as records in other formats that are related to the same program function or activity. E-mail records should be scheduled for disposition in conjunction with any other records related to the program function. Local governments may delete, purge, or destroy e-mail records provided that the records have been retained for the minimum retention established in this Schedule and are not being used for a legal action or audit.”
WNYLRC ATTORNEY’S RESPONSE
This has been a tough question to mull over! That is because the answer is superficially “yes,” but in reality: “no.”
How do we get to this disjointed conclusion? Schedule MI-1, as the member did, is a great place to start.
From there, although it is a bit older (in Internet years), the 2010 guidance from the New York State Archives, “Developing a Policy for Managing E-mail” (to which the Schedule MI-1 refers), speaks to this issue. On page 7, it states:
“Another management strategy has been to rely on the “lowtech” method of printing out important emails to integrate them into a paper recordkeeping system. Printing emails is still a viable option for a small organization with limited technology support and finances, provided that individuals across the organization consistently apply records retention requirements to the printed emails, capture all essential metadata, and file the emails with their respective attachments.” [emphasis added]
This would suggest that, for certain institutions, under certain circumstances, e-mail does not need to be retained in its original form to be an “original document.”
However, while it would be elegant, I cannot endorse this approach. As the guidance further states on page 13:
“The concept of “official copy” is problematic when dealing with email because of the volume of emails, the difficulty of controlling all copies, and the occasional need to prove an email was received as well as sent.” [emphasis added]
Since 2010, even more concerns make this a dubious solution. For a private institution, the requirements of accreditors, insurance carriers, and other stakeholders must be considered…while for libraries and archives that are part of local governments, per NYS regulation, the conversion of archival electronic records must be conducted in consultation with the State Archives, who may or may not endorse such a policy, based on the categories of documentation it would impact.
That said, for certain categories of documentation transmitted or received as e-mail (as defined by MI-1 or private policy), the “print approach” may work. As a wholesale solution, however, it is not legally viable.