The New York Archives Conference recently posted a formal Code of Conduct (https://www.nyarchivists.org/nyac/code). While discussing our procedures for implementing this code, we began to wonder about the legal implications for enforcement. Are there any considerations for the standards we use in evaluating a complaint? What should we use for the burden of proof? To what extent are we empowered to investigate claims? What happens if someone challenges any resulting board action? Can we be sued for taking action and besmirching someone’s professional reputation? To summarize, we're wondering what legal ground we can stand on while enforcing our code of conduct.
It would be great to have a response before our conference on June 11. Thank you
Before I dive into this meaty and spectacular question, here is a necessary disclaimer: this answer does not apply to chartered libraries.
Who does it apply to? The following:
Specifically excluded from this answer are municipal, school district, and special district libraries, because their rules of conduct must accord with state and federal requirements of due process. Indian and association libraries must also be cautious about this issue, since the law and practices that form those libraries may have express and at times unique provisions about access.
So, to be clear: NO PUBLIC LIBRARIES should rely on this answer (unless you are using it to help a private museum answer questions about enforcing its code of conduct). 
Okay, with that established, here is the answer:
At the heart of this question is the charter (or certificate of incorporation) and bylaws of an organization. Close to the beating heart are its policies.
In New York, most not-for-profit organizations are made "official" through a filing with the NY Department of State. However, many cultural not-for-profit organizations (including the New York Archives Conference) are made "official" via "chartering" or "incorporating" through the State Department of Ed.
Both types of entities--"chartered" organizations, and "not-for-profit corporations"--are "real" entities, created by law.
It is this act of creation--through charter, or incorporation--that sets the stage for how an organization gathers its participants and conducts its business...which is exactly the member's question.
So, before anything else, to determine "what legal ground we can stand on while enforcing our code of conduct" one must look at those documents, which are the key to the identity of the entity.
3.1 Membership. Membership shall be open to all persons interested in the purposes of the Corporation. The Members and Board may establish such other criteria for membership, including a schedule of dues, as they deem appropriate.
Meanwhile the Conference's membership terms on its website state:
The constitution and by-laws reflect as much as possible the traditional informality of NYAC. Traditionally, membership in NYAC has been based on attendance at an annual meeting. A single attendance put a person’s name on NYAC’s mailing list for a long time, resulting in a cumbersome list with many out-of-date addresses.
The membership year will coincide with the fiscal year of NYAC, from July through June. The annual meeting registration fee will include the membership dues (currently $15.00). For people unable to attend the annual meeting, membership dues should be sent to the NYAC treasurer to ensure receipt of the following year’s program. If, by some strange chance, a member pays the annual dues prior to conference registration in a given year, his or her registration will be reduced accordingly.
The authority of the Conference's board to adopt the criterial for membership, including adherence to a "Code of Conduct" that can apply to members (and guests), is found back in the bylaws, which state:
4.2 General Powers. In addition to specific powers delineated in the By-Laws, the Board may adopt such rules and regulations, not inconsistent with the Certificate of Incorporation, the By-Laws, or applicable laws, as it may deem proper for the conduct of its meetings and the management of the Corporation.
The "Code of Conduct" the member's question links to is one of the "rules and regulations" mentioned in Bylaws section 4.2.
Looking at the Code, you can see that it encourages certain (welcome) behavior, and bars certain (unwelcome) behavior, with the following being used to enforce the requirements:
All participants are expected to observe these guidelines during the conference or any NYAC proceedings, including virtual settings. If you may witness or experience any inappropriate or harassing behavior please report this concern using the form below.
Dial 911 for immediate medical emergencies or to report a crime. All reports to NYAC will be followed up and taken seriously in order to protect our participants from further abuse.
The policy then sets out multiple options for reporting, including an online form, which states:
We can't follow up on an anonymous report with you directly, but we will fully investigate it and take whatever action is necessary to prevent a recurrence.
...all of which brings us to the member's question: how can this be enforced?
First, it is important to consider just what is being prohibited. Here is the list from the Code (as stated at the bottom of the Code, this policy is inspired by Codes adopted by other archival organizations):
NYAC does not tolerate harassment of any shape. If any participant engages in any demeaning, abusive, coercive, discriminatory, or harassing behavior, appropriate consequences will be taken against such individuals. This could result in something as minimal as a warning or more serious as being handled by the authorities. Harassers may lose privileges to the conference(s).
Second, it is important to establish: as a not-for-profit corporation operating in New York, the New York Archives Conference already has to follow the below-listed laws:
So even without such a policy, there is not only authority, but could be an obligation, to receive reports of certain behavior, and deal with them as required by law.
A good example of this, from the Code, would be derogatory comments based on sexual orientation (which could be a violation of New York's bar of sexual harassment).
Third, it is important to consider that some of the conduct listed in the Code is criminal. Examples of that include:
For instances involving the alleged commission of a crime, a report and investigation could quickly become complicated by questions such as: will the reporter want to contact law enforcement? Does the venue have an obligation with regard to the incident? Does the Conference have evidence that could later become relevant in a criminal proceeding?
And finally, it is important to see that this Code requires conduct that "rises above" the bare minimum set by various laws.
For instance, the Code bars interruptions, rudeness, and demeaning conduct. While sometimes such conduct can be a part of illegal "harassment" or even "coercion," barring even one minor instance of such conduct is more about setting the professional atmosphere for the Conference, rather than simply obeying the law.
"Setting the professional atmosphere" for an organization might also be called "setting the norm." By adopting this Code, the Conference is setting a norm of courtesy and respect, ensuring members are not interrupted or jeered when participating in Conference activities.
So how does the board enforce this "professional atmosphere"?
I could go on and on about the law, but I have 5 tips:
Tip #1: Model the behavior you require.
The best way to enforce a Code of Conduct is to ensure the leadership within the group visibly complies with it (this will also ensure compliance by directors and officers, which will help avoid legal complications).
Tip #2: Repeat the rules often.
It may leave leadership feeling like a broken record, but when it comes to new norms of behavior, repetition is your friend. It is great that the Code has its own sub-page on the Conference web site; for an event or meeting invitation, a link should be on all materials. Conference event leaders and speakers should get at least a 15-minute orientation on how to comply with and benefit from the Code during events, meetings, and online discussion (I am a fan of training through role-play). The board should revisit the Code at least once a year to discuss specific incidents and assess if the institution's response requires refinement.
By repeatedly describing and addressing the norms, they will be built into the foundations of the organization.
Tip #3: Follow through on enforcement.
The Conference's Code says "All reports to NYAC will be followed up and taken seriously in order to protect our participants from further abuse." What does that mean? That each report must result in a final summary as to how the incident was handled.
Unfortunately, there is no one way to ensure this level of follow-through. Some instances may be resolved simply by a discrete chat with a person to let them know that their romantic overtures are inappropriate. Other incidents may warrant an announcement to all attendees at an event ("We received reports of numerous interruptions. We want to emphasize that this is a violation of our Code of Conduct."), as well as more private action directed to specific individuals (a letter or warning). Still other incidents (hopefully very rare) could result in ejection from an event and/or a report to law enforcement.
The trick is that for every report received, there be a good summary of the reported conduct, and a thorough "final summary" as to how the incident was investigated and resolved. Again, there is no one-size-fits-all for this: some instances might be resolved with a paragraph ("The attendee was told that for the remainder of the Conference, no interruptions would be tolerated, and she agreed"), others could result in multiple pages and coordination with other organizations (for instance, if two co-workers get into a screaming match and call each other discriminatory names, be ready for lots of paperwork).
Tip #4: Have an established team, and a back-up team, to handle reports.
A reported incident under a Code of Conduct is not a trip for a part-time volunteer to fly solo.
Even if a report seems straightforward ("I sat down after presenting and PERSON gave me a long hug that made me very uncomfortable"), handling reports under this Code is not a one-person job. There are too many variables that can trip up even the most diplomatic and well-intentioned individual.
If you are a designated report recipient, you need calm, steady back-up. This is why having a pool of at least six people who know the Code, and are ready to respond to a report, is critical, and using no less than two people to respond to each report is also important.
Tip #5: Know when to bring in a pro.
The member has asked:
Are there any considerations for the standards we use in evaluating a complaint? What should we use for the burden of proof? To what extent are we empowered to investigate claims? What happens if someone challenges any resulting board action? Can we be sued for taking action and besmirching someone’s professional reputation?
These are excellent questions fueled by perceptive concerns; even the most professionally handled investigation with maximum due process can lead to distrust, the forming of factions, destabilization, and even (as the last question alludes) claims of liability.
How does an organization avoid that?
For a policy such as this Code of Conduct, at an all-volunteer organization, it is good to have a sense of what things can be handled in-house, and when it is time to call in an expert.
Here are some broad guidelines for when to bring in a ringer:
Now, when I say "bring in a ringer," I don't mean a person to take over the whole investigation (although they may). And I don't necessarily mean a lawyer. I simply mean a person with the professional skills and past experience to help the organization consider issues beyond the Code, but critical to the organization: risk of personal harm, liability, legal compliance, insurance, and (a distant fifth, but still important) public relations.
For issues that are going to result in a "soft" correction ("Hi, we know people hug here on occasion, but please know that unless a person has told you it is okay to hug them, it's a Conference rule that you refrain"), there is no need to consult a pro.
But for "hard" corrections ("After repeated warnings regarding physical contact, you continue to impose unwelcome physical contact, and we must ask you to leave the Conference immediately") it is good to quickly check in with a pro.
For example, if I was consulted on the above "inappropriate hugging leading to a ban" scenario, I would ask:
I would then work with the client to craft a swift but thorough response that ensured clear documentation of the occurrences, ruled in or out any allegation of injury or illegality (a very prolonged hug can be a criminal act, or just a very welcome gesture, depending on the details), used a risk analysis to adopt an immediate response, and developed a clear path forward to effect a resolution.
The good thing is, with the power of leadership modeling, repetition, and training, most complaints will be in the "soft consequences" zone ("I was speaking and PERSON interrupted me to tell me our approach was 'junk' and say how much better their database would handle the content; I just want to know that you have let them know that is unacceptable.").
If a serious complaint does come along, there is no "catch-all" due process I can recommend for responding. However, I can say that for each report, each response should follow this pattern:
In my experience, where all-volunteer organizations get in trouble is when a serious complaint (such as a complaint with injuries, or extreme rancor, or challenging harmful norms in the organization) is sat on (meaning: no action is taken, because they just don't know what to do). This, along with early identification of risks and planning to avoid liability, is why I advise bringing in a pro for "serious" matters.
Other than the "serious" matters, having a group of board members or a volunteer committee trained and ready to nimbly and promptly address concerns under the Code will be a tremendous service to your organization. I applaud the Conference for adopting a Code, and for thinking about the details of enforcing it.
I wish you many challenging-but-polite, innovative-but-patient, and rigorous-but-respectful events.
Thanks for a great question.
 I say "spectacular" because for me, questions like this are why I was first interested in studying law. My whole career is based on a 30-year fascination with how the law impacts what we can do and say. When a question stands at the apex of your life's work, that is "spectacular."
 I know "Indian" can be a controversial term, but that is the term in the law. In New York, the chartered Indian Libraries are The Akwesasne Library and Cultural Center the Seneca Nation Library, and the Tonawanda Indian Community Library.
 New York Education Law Section 253, which enables the creation of chartered libraries in New York, requires that all such libraries be "free" to their areas of service, and of course there are regulatory requirements about access, and system rules about services throughout a system, so caution is warranted when it comes to items that could curtail access to a chartered library.
 Shoo. Go away. This answer is dangerous to you!! (Ok, you can stay...but don't use this answer).
 Nerd note: The Conference is not a chartered entity, but rather a corporation formed through an application to the Regents. This means there is no charter, but rather, articles of incorporation that bring it into "life."
 Found on May 24, 2021 at http://www.nyarchivists.org/nyac/wp-content/uploads/2011/03/NYAC_bylaws_rev2010_final.pdf.
 Found on May 24, 2021 at https://www.nyarchivists.org/nyac/membership-information/.
 Since the Conference has no employees, their obligations will not flow from employer status, but there are still contexts where the civil rights laws will apply.
 For instance, if stalking takes place on a college campus--even if the Conference just rented the venue--the incident requires a very precise response by the college or university.
 And often do.
 Is "broken record" still a thing? Perhaps we should start saying "repetition code."
 Gender, cultural, class, language, power balance, race, religion, and perceived bias issues, to name just a few.
 Just a small note: when a policy like this is first enacted, it may feel like you are getting a lot of complaints. Actually, this will be the very normal process of a group adjusting to newly established norms.
 The standard choices are "preponderance of the evidence" and of course "beyond a reasonable doubt." Either is fine, it just should be uniformly applied.
If a nonprofit organization is unionized, may they have volunteers as part of a collaborative effort with another organization for a service that is not currently provided? For example, could they collaborate witha volunteer organization for an outreach service that is not currently provided.
This is a very good question, since the use of volunteers to supplement or replace work typically performed by union employees can most definitely be a violation of a collective bargaining agreement.
In one case from 1981, a school district on an "austerity budget" used volunteers to set up (and then clean up) district facilities for student sports--a task typically performed by custodial workers under a collective bargaining agreement ("CBA"). An arbitrator found that the district's use of volunteers to perform the unionized workers' tasks violated the CBA, and the workers were owed pay for the work they should have had the opportunity to perform.
That said, schools, libraries and not-for-profits with unions routinely use volunteers for all sorts of things; clearly, not all use of volunteers risks violation of a CBA. So, my plain answer to this question is: "yes, if the library is careful."
The rest of this reply sets out what I mean by "careful."
First, any not-for-profit has to exercise caution when using volunteers, because (as the member's question points out) there can be concerns that some use of volunteers violates the labor law.
The NY Department of Labor has really good basic guidance on this at https://dol.ny.gov/system/files/documents/2021/03/p726.pdf
In relevant part, that guidance says:
Unpaid volunteers [at an NFP] may not:
• Replace or augment paid staff to do the work of paid staff
• Do anything but tasks traditionally reserved for volunteers
• Be required to work certain hours
• Be required to perform duties involuntarily
• Be under any contract to hire by any other person or business express or implied
• Be paid for their services (except reimbursement for expenses)
Considering this guidance, when I work with libraries and other not-for-profit organizations who are considering using volunteers (no matter what the work for the volunteers will be, and whether or not there is a union), I advise that the organization have a volunteer policy.
The volunteer policy should cover all the concerns raised in the bullets above, as well as address risk factors such as placement letters confirming the terms of volunteer service, safety, insurance, and when a library using volunteers will conduct background checks.
Second, when I work with libraries and other not-for-profit organizations who are considering using volunteers, who also have one or more unions representing their employees, I stress the need to work with the union(s) pro-actively to confirm that an activity performed under the volunteer policy is not regarded as replacing paid/union workers.
There are a number of ways to achieve this confirmation.
The most formal way would be accomplished through a broad exclusion clause in the union contract(s) so every program does not present an ad-hoc task (but that could be a hard thing to fight for at a negotiation). A sample clause for that could be:
It is understood between the Parties that volunteer service performed per the Library's "Volunteer Policy" to enable events and programs that are not part of the Library's Plan of Service are not regarded as replacing or supplementing union members.
However, if such a clause is not a part of the standing collective bargaining agreement, a simple exchange of emails, or a more formal signed memorandum addressing only one type of volunteer activity, can be used to confirm this understanding.
The goal in all cases is to have clarity about what service is being performed by the volunteers, and to be able to show an affirmative agreement that it is not negatively impacting the experience of the workers in the union (which risks assertions of breaching the contract). Since the perception of "negative impact" (and breach) can vary from place to place, this is not an understanding to pursue after-the-fact nor without a solid understanding of the legalities and subtleties of the situation.
Third, even if a union is amendable to it, I would caution a library against using volunteers for any service that is part of a library's Plan of Service, since that can undercut the data needed to support adequate state/local funding. Volunteers can be invaluable assets, but a library should always be able to function as required by law without them.
Fourth, if all the other cautions and no-no's listed above check out, it is vital to have a very clear agreement with the collaborating organization outlining the nature of the service, and each parties' roles and responsibilities for it. This ensures the risks and liabilities posed by offering any program to the public are properly balanced, and the library isn't taking risks for the actions of volunteers provided by another organization. I know it sounds impolite, but when it comes to volunteer services from a third-party, a not-for-profit must look a gift horse in the mouth.
In many ways, it's a new world out there. For libraries seeking to innovate and work with other organizations to co-produce new programs, the above-listed cautions can set the stage for using volunteers without worrying about violating a union contract.
Thank you for a good question.
 (Onteora Cent. Sch. Dist. v Onteora Non-Teaching Empls. Asso., 79 AD2d 415 [3d Dept 1981])
 After the original decision cited in footnote 1, this case takes a lot of twists and turns through different rulings involving the education law and the authority of arbitrators. But the takeaway for purposes of this answer is: "Yes, use of volunteers can violate a CBA."
 For this reason, whenever possible, an attorney who knows the volunteer policy, knows the details about the service to be performed, and knows the union contract, should be consulted in advance.
 Of course, libraries and other organizations can host volunteer services (have them on site, but not co-sponsor them) provided by other organizations (such as Literacy Volunteers) without having to worry about these issues quite as deeply. "Hosting," rather than "collaborating" is a way to work with other organizations (and their volunteers) while not exposing a library to an assertion of violating the labor law, a CBA, or incurring unnecessary liability.
My questions involve background checks for potential new employees, fingerprinting, developing policies, procedures, and best practices.
Do background checks, fingerprinting, etc., need to be done for all positions? Does it need to be posted in the job advertisement that there will be a background check for the successful candidate or all finalist applicants? Can the background check need to include a financial check and a legal check?
And tangentially, am I correct in my assumption library staff are not considered mandated reporters? Are there guidelines for this as well.
This...is a big question. It's only three short paragraphs. But it's BIG.
It's "BIG" because the risks of getting this topic wrong are immense--from not only the obvious risks involving legal concerns, but risks involving ethics, privacy, and the goal at the heart of the issue: safety.
It's also BIG because the phrase "background check" is not tied to a precise or static definition. When someone says "background check" in the context of employment, here are just a few of the things it could mean:
Each of these "checks" comes with a wide array of legal requirements--or typical legal cautions--governing its use.
For all types of checks, the institution using them should have a clear policy governing what jobs require them, and how such records are evaluated, maintained, and disposed of.
And finally: when developing, implementing, and routinely using any type of background check policy, an organization is wise to take care that it is not incorporating factors that can be shown to disproportionately negatively impact (i.e., discriminate against) a particular category of applicant.
Okay, with all that off my chest, let's answer the actual questions.
Do background checks, fingerprinting, etc., need to be done for all positions?
The degree to which background checks and documentation of identity must be performed are governed by two things: what is legally required, and what the risk management practices of an institution dictate.
These two factors mean that practices will vary from place-to-place. A librarian working within a public school district in the state of New York will be subject to a criminal background check and must be fingerprinted just as any other regular employee within their district. A librarian at a public or association library is not required by law to have a criminal background check, nor to be fingerprinted, but an institution could decide, for risk management purposes, that a position requires that level of scrutiny for safety and security.
Does it need to be posted in the job advertisement that there will be a background check for the successful candidate or all finalist applicants?
There is no requirement in the law that a job advertisement has to disclose a background check in the job advertisement. However, prior to obtaining and using any information from a third party whose business it is to provide background information, an employer must notify an applicant; this notice must be in writing and in a stand-alone format. Further, before a negative decision is made based on such information, it must be disclosed to the applicant. A good resource on this is the Federal Trade Commission, but the third party provider, if they are a true professional, will provide the forms for each of these steps.
Now all that being said, it may be that some local hiring procedures or collective bargaining agreements require the disclosure of background checks in a job notice. Further, some employers may want to disclose their intent to use a background check to avoid surprising candidates further into the process. There is no bar to making such an early disclosure, but if given, such notices should be carefully drafted to avoid implying that those with arrests or criminal convictions will not be considered for the position.
Can the background check need to include a financial check and a legal check?
Yes, absolutely. A background check can include a credit check, a search for liens and other debt instruments, a review of criminal history, a consideration of driving record, and any combination of the items I listed at the top of this reply. Just be careful: if your library or system relies on a third party to supply that information, it must follow the guidance from the Federal Trade Commission (see that link in footnote 6).
Okay, at this point, I have to re-emphasize: before using any type of check, a library should have a policy covering that type of check, and that policy should cover all check-specific legal compliance, as well as: when the check is conducted, how it is conducted, how the information is used, and how the documents related to it are disposed of/retained. 
When developing such a policy, a good rule of thumb for an institution considering any type of background check is to be able to clearly answer the question: "Why are we doing this check?" While the reasons will vary, the answer should always relate to the essential functions listed in the job description, and the nature of your library.
For instance: if a position will create opportunities for a person to spend unsupervised time with vulnerable populations, a criminal background check and rigorous prior employer check is wise. If a position requires a particular credential, verification of that credential makes sense. And if you are hiring someone who will frequently have to drive the bookmobile, a motor vehicle records check is almost always imperative.
On the flip side: if a person is being hired for a job that doesn't require driving, a "current driver's license" should not be required. If a person will never have access to financial information or fiscal resources, a credit check is likely not necessary. And if a would-be library clerk has a DWI that is 20 years old--and no other criminal history--it is likely the conviction is not a basis to eliminate them from consideration.
Last question (and it's another biggie):
And tangentially, am I correct in my assumption library staff are not considered mandated reporters? Are there guidelines for this as well?
"Mandated reporters" is a legal term under Section 413 of the NY Social Services Law. Professionals listed in that section are required to make a report when they:
"...have reasonable cause to suspect that a child coming before them in their professional or official capacity is an abused or maltreated child, [OR] when they have reasonable cause to suspect that a child is an abused or maltreated child where the parent, guardian, custodian or other person legally responsible for such child comes before them in their professional or official capacity and states from personal knowledge facts, conditions or circumstances which, if correct, would render the child an abused or maltreated child."
I have placed a list of the "Mandated Reporters" set by Section 413 below this answer. As you can see by reviewing the (long) list, library employees (unless their function also fits into one of the categories listed in 413) are NOT Mandated Reporters.
Of course, a library--or an institution that hosts a library--can decide and enforce via policy that its employees have an affirmative duty to report observed or suspected child abuse (or any abuse) that occurs on their property or in their programs. Many insurance carriers actually require their insureds to have such a policy.
[NOTE: If an employer has any type of "report abuse" policy, employees should be trained on how to make such reports no less than annually. The average person can have a trauma response to witnessing abuse, which can impact their ability to report it, as well as negatively affect their well-being. Routine training on how to recognize and report concerns, and experienced support for reporters, can help with this.]
Thank you for an important series of questions.
List of "Mandated Reporters" under Section 413 of the Social Services Law (also called "human services professionals"):
...any physician; registered physician assistant; surgeon; medical examiner; coroner; dentist; dental hygienist; osteopath; optometrist; chiropractor; podiatrist; resident; intern; psychologist; registered nurse; social worker; emergency medical technician; licensed creative arts therapist; licensed marriage and family therapist; licensed mental health counselor; licensed psychoanalyst; licensed behavior analyst; certified behavior analyst assistant; hospital personnel engaged in the admission, examination, care or treatment of persons; a Christian Science practitioner; school official, which includes but is not limited to school teacher, school guidance counselor, school psychologist, school social worker, school nurse, school administrator or other school personnel required to hold a teaching or administrative license or certificate; full or part-time compensated school employee required to hold a temporary coaching license or professional coaching certificate; social services worker; employee of a publicly-funded emergency shelter for families with children; director of a children’s overnight camp, summer day camp or traveling summer day camp, as such camps are defined in section thirteen hundred ninety-two of the public health law; day care center worker; school-age child care worker; provider of family or group family day care; employee or volunteer in a residential care facility for children that is licensed, certified or operated by the office of children and family services; or any other child care or foster care worker; mental health professional; substance abuse counselor; alcoholism counselor; all persons credentialed by the office of alcoholism and substance abuse services; employees, who are expected to have regular and substantial contact with children, of a health home or health home care management agency contracting with a health home as designated by the department of health and authorized under section three hundred sixty-five-l of this chapter or such employees who provide home and community based services under a demonstration program pursuant to section eleven hundred fifteen of the federal social security act who are expected to have regular and substantial contact with children; peace officer; police officer; district attorney or assistant district attorney; investigator employed in the office of a district attorney; or other law enforcement official.
 This is why the phrase "Must have no criminal history" or the like must not be included on a job notice. For more information on this, visit https://dhr.ny.gov/protections-people-arrest-and-conviction-records.
 More info on this further into the answer.
 For some employers, this criteria is set by the provider of the organizations’ automobile and/or general liability insurance; this is especially true for organizations that use "company" vehicles.
 Unless there is a very obscure local law I have been unable to find. If you are aware of one, please email me at firstname.lastname@example.org.
 More information on how/when to give this notice is here: https://www.ftc.gov/tips-advice/business-center/guidance/background-checks-what-employers-need-know.
 Or other categories protected by law.
 That's right: I put that in italics, bold, and underlined it! An "Ask the Lawyer" first. No organization should ever "wing" a background check--of any kind. There is too much at stake.
 I know, there is a lot of room for interpretation in this language; when in doubt, seek guidance.
 I think of this as the "Penn State Victims Requirement."
 18 NYCRR § 433.2
We are a large (100-employee) school district public library. We are currently encouraging and educating employees on getting vaccinated, but not (yet) *requiring* vaccinations. We are providing employees with up to 4 hours of paid time off to obtain the vaccine voluntarily--if their vaccine appointment occurs during hours/days when they would otherwise be scheduled and working for us--and requiring proof of vaccination if this paid time off is used.
My question has to do with requiring or requesting proof of vaccination for employees who get vaccinated during their "off hours" and opt not to use this specific paid time off type. Can or should be asking for proof of vaccination from *all* employees, so that we can have some sense of how many employees have been vaccinated, if that is to somehow figure into any decisions we might need to make re: staffing and proximity to others, or any considerations for the possible liability of "direct threat" to others by those who either choose not to get vaccinated, or are awaiting vaccination eligibility?
If it is desirable or permissible for us to obtain proof of vaccination universally, should compliance by the employee be optional/voluntary or compulsory?
If we can obtain proof from everyone, I assume that this should be handled by HR (me) in the typical manner of any confidential medical information. But how do (or can) I share specifics on who has been vaccinated (versus who has not) with others, such as supervisors and managers? They might wish to know details in order to schedule staff accordingly. But at the same time, I would be leery of divulging such information, out of concerns for maintaining employee confidentiality, possible discrimination by unwitting supervisors, etc. I might be more inclined to/comfortable with reporting general numbers--i.e., of 100 employees, 29 have been vaccinated to date--than to share employee-specific details, but am not sure if that would be helpful, or really what information *is* helpful for employers to track and report on internally where vaccination status of staff is concerned.
This is an invaluable service. Thank you for your consideration of my questions and for any guidance you can give!
Over and over again, I am floored by the care, tenacity, and creativity of the libraries determined to provide services in a time of pandemic. New York's libraries just don't give up. This question shows the mechanics of that fighting spirit.
So much of what we do in this pandemic comes back to why we are doing things in this pandemic. For many libraries, the "why" of offering services is making sure their communities have lifelines to professionally curated information.
For this question, the "why" of asking for proof of vaccination is right there in the submission's core:
... so that we can have some sense of how many employees have been vaccinated, if that is to somehow figure into any decisions we might need to make re: staffing and proximity to others, or any considerations for the possible liability of "direct threat" to others by those who either choose not to get vaccinated, or are awaiting vaccination eligibility?
Let's take that "direct threat" part first.
Back on March 19, 2020, we addressed a question about employer (library) liability due to Coronavirus exposure. Although much has changed since that time (we have vaccines), the basic recipe for liability has not changed: liability happens when a person/entity owes a duty of care to a person, does not perform that duty, and the failure results in damage.
Because if this recipe, it is essential for libraries to always know what "duty of care" they owe their workers, and their community.
In a pandemic, evolving data and resulting best practices can change the "duty of care" rapidly (No masks? One mask? Two?).
While many resources are aggregating and pushing out up-to-the-minute guidance on "best practices," there are only three places libraries in the State of New York should be drawing their duty of care practices directly from: the New York State Department of Health ("NYSDOH"), the Centers for Disease Control ("CDC"), and the Occupational Hazard and Safety Administration ("OSHA").
Right now, as of this writing, OSHA's 1/29/2021 workplace guidance for mitigating the impact of COVID-19 lists 16 "elements" of an effective COVID protection program. Here is what OSHA recommends about using awareness of vaccination status of employees:
Not distinguishing between workers who are vaccinated and those who are not: Workers who are vaccinated must continue to follow protective measures, such as wearing a face covering and remaining physically distant, because at this time, there is not evidence that COVID-19 vaccines prevent transmission of the virus from person-to-person. The CDC explains that experts need to understand more about the protection that COVID-19 vaccines provide before deciding to change recommendations on steps everyone should take to slow the spread of the virus that causes COVID-19.
So right now, the "duty of care" set out by OSHA expressly excludes relying on vaccination status to reduce the spread of the virus. Rather, it focuses on providing and insisting on appropriate PPE.
That said, in the same guidance, OSHA continues to recommend allowing employees who self-identify as medically vulnerable to swap tasks to limit risk:
Offer vulnerable workers duties that minimize their contact with customers and other workers (e.g., restocking shelves rather than working as a cashier), if the worker agrees to this.
This means if a person, relying on their vaccination status, decides to not self-identify as medically vulnerable, the employer is not advised to offer them contact-minimizing duties.
There are other steps on the current OSHA list that the member is already doing. By enabling the use of PTO for vaccination, they are following the guidance in element "14":
Making a COVID-19 vaccine or vaccination series available at no cost to all eligible employees. Provide information and training on the benefits and safety of vaccinations.
This guidance, I imagine, will evolve. That evolution should be reflected in revised Safety Plans.
And with that said, let's answer the member's specific questions:
Can or should be asking for proof of vaccination from *all* employees, so that we can have some sense of how many employees have been vaccinated, if that is to somehow figure into any decisions we might need to make re: staffing and proximity to others, or any considerations for the possible liability of "direct threat" to others by those who either choose not to get vaccinated, or are awaiting vaccination eligibility?
Based on the current OSHA guidance, along with guidance from the EEOC, the answer to this is "yes," and then "no." Yes, an employer can ask for proof of vaccination (whether acquired on PTO or off-hours). No, right now, it should not be used for assignment of duties or with the idea of reducing possible liability.
Here is the member's follow-up question:
If it is desirable or permissible for us to obtain proof of vaccination universally, should compliance by the employee be optional/voluntary or compulsory?
Based on the current OSHA guidance, along with guidance from the EEOC, right now does not seem like the time to rely on vaccination status and data to make determinations about workplace risk management and safety. So while requiring a notification of vaccination status may be permissible, it does not appear desirable if its purpose is to mitigate concerns about liability.
If, however, the motivation is to verify that the library is effectively encouraging the most employees possible to get vaccinated—simply for the employees' own personal health and safety—then yes, tracking those metrics (and any non-disability factors barring vaccinations) might not only be permissible, but desirable. In that case, the question is: does the information need to be tied directly to a particular employee, or is it just as meaningful if anonymous?
Which brings us to the member's last question:
But how do (or can) I share specifics on who has been vaccinated (versus who has not) with others, such as supervisors and managers?...I would be leery of divulging such information, out of concerns for maintaining employee confidentiality...
This HR manager knows their stuff!
First, yes: no matter what, never create a risk of trampling on employees' privacy.
Second: Right now, it appears that sharing such information is unnecessary.
In a December 18th, 2020 "Ask the Lawyer," I stated that a vaccine requirement should only be implemented if it is part of a well-thought-out, board-approved Safety Plan. Right now, it appears that no Safety Plan should rely on a vaccine requirement to reduce transmission of the virus. With that in mind, right now, it appears the safest course of action –both COVID-wise, and legally—is to encourage vaccination, but not require it, and if a library tracks it, only do it for purposes of encouraging more employee vaccinations (or finding out you've hit close to 100%).
Of course, here we are on February 26, 2021. If you are reading this in March, or April, or that sunny, warmer time in the future, May and beyond, this answer might no longer apply.
Keep checking with NYSDOH, with the CDC, and of course, with OSHA. At some point, requiring vaccination—or allocating duties by vaccination status—could become something expected of an employer. If that happens, a library's "duty of care" could change, altering the threshold for liability, and the answer to these questions could shift—some subtly, some not-so-subtly.
But we have had a lot of twists and turns in the Pandemic. That "shift" may or may not happen. As I often say at my office, "the only plan we can make is that the plan will change." And how do you plan for that? By doing what this member has done: keeping employees' well-being and safety at the forefront, and adapting every time the data and guidance change.
If your library does that, you'll be as safe as you can be. And mitigate your liability.
Thank you for a thoughtful question.
 This answer is found on the EEOC site at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws as of 2/26/2021. "K.3. Is asking or requiring an employee to show proof of receipt of a COVID-19 vaccination a disability-related inquiry? (12/16/20) No. There are many reasons that may explain why an employee has not been vaccinated, which may or may not be disability-related. Simply requesting proof of receipt of a COVID-19 vaccination is not likely to elicit information about a disability and, therefore, is not a disability-related inquiry. ... If an employer requires employees to provide proof that they have received a COVID-19 vaccination from a pharmacy or their own health care provider, the employer may want to warn the employee not to provide any medical information as part of the proof in order to avoid implicating the ADA."
 Remember, if the employee uses vaccination status to self-identify as vulnerable, such information can be considered by the library reactively (and confidentially). For more on that, see the "Ask the Lawyer" from January 19, 2021.
 Garden time! Can you tell I can't wait to get into the dirt? It always feels so distant, this time of year.
 As OSHA says, more research is required.
In reviewing your response to a question on Nov 17, 2020 from an adjunct library science professor, your advice is to create a "smell free zone" in the library for those patrons bothered by another person's odor. Your reply, however, does not address staff who are complaining as well about a patron's body odor. Often, the staff take the complaining patron's side. Often, the odiferous patron is a regular patron who spends hours at the library often on the Internet where PC workstations are relatively close to each other. Yes, I can tell staff it is part of their job to deal with it but often that results in a demoralized angry staff- not something I want to cultivate.
Thank you in advance! This column is very helpful!
I am glad the column is helpful, but this issue really shows the limits of the law!
Before I say what I mean, I need to emphasize three things:
1. State and federal law often protects employees who complain about "working conditions." Since an odor is a "working condition," no matter what position a library takes on "bad" smell (barring it as a disturbance, allowing it as a matter of mission, or a solution somewhere in between), leadership should carefully listen to employees' concerns.
2. While my November 17th answer mused there are several compelling reasons to opt for a more inclusive solution (like use of a "scent free" zone), I want to re-emphasize: that is not what the law requires. Rather, the law requires that people not be barred from library access on the basis of disability or protected characteristics. Since that is a slippery slope, not barring people on the basis of smell (or using a "scent free zone") is a good way to stay in a legally safe zone.
But barring disturbing odors, if done carefully, is still allowed by law.
3. Although I imagine that the member submitting the question didn't mean "taking sides" literally, because it is so critical, I have to say: library employees should never perceptibly "take sides" with one patron against another patron, even if they privately agree that a patron's odor is off-putting. This is because if access is going to be limited, the library must be able to show fair and equitable treatment. An employee with a concern, of course, can take it directly (and discretely) to their supervisor.
So with all that said...
From the legal perspective, the key on the employee side of the "smell" issue is to listen to employees' bona fide concerns about their working conditions. This is true whether your library decides to bar certain smells as "distractions," or to find creative ways that, ultimately, might expose an employee to an unwelcome smell. Above all, whatever approach is taken, it should be clearly set out in a written policy, and decisions under that policy should be well-documented. And to address concerns like the one raised by the member, to the greatest extent possible, the policy should be written with the input of employees, who should also be trained on how to work with it.
But that said...
Does this mean some employees, believing their library should have a more inclusive policy, might have to enforce a restrictive policy? Yes.
Does this mean some employees, not liking their library's more inclusive policy, may have to work near a person whose smell they do not like? Yes.
This is what I mean by "the limits of the law." The law can help libraries foster positive working conditions and employee morale—to a point. After that, it is down to leadership, well-developed polices, and good employee relations.
This is why people often like their HR director more than their lawyer!
 I don't mean employees are entitled to complain all day every day; an employer can require complaints to be conveyed in a way that does not unduly burden productivity. But if an employee is expressing a bona fide concern (it's too cold/it smells/these computers don't work) the National Labor Relations Board has found such expressions to be protected activity.
 This is a tough one. It is not "taking sides" to contribute to a report or Code of Conduct enforcement; my concern is that at all times library employees have to model fairness, so when they take action under a policy, the process looks as fair as possible.
Can a public library compel staff members to get vaccinations for COVID-19, when they are available? If so, can an employee request an exemption? Do we need waivers of library liability if a staff member chooses not to get vaccinated?
This is an incredibly sensitive, important, and complex set of questions. I know a lot of people out there in "library land" are waiting on the answer—from many different perspectives.
So we're going to take it slow, break it down, and unpack the components of the answers one step at a time.
Step 1: Considering requiring immunization to COVID-19 as part of a library's evolving Safety Plan
As I have emphasized in numerous pandemic-related answers, any library operating in any capacity right now should have a trustee-approved Safety Plan tailored to its unique operations. The plan should evolve as new safety-related information emerges, and as library operations change.
As of this writing, some libraries are open to visit. Some are doing only curbside. Some are offering more remote programming. Some have used their information management and lending capacity to distribute PPE, food, and living supplies. Because of this diversity of service, they all should have different Safety Plans.
The Safety Plan of a library closed to the public for everything but curbside will be different from the Safety Plan of a library open for socially distant use of computers and lending. The Safety Plan of a library distributing fresh produce will be different from a library streaming programming from its community room to an audience within its area of service (and beyond). The Safety Plan of a library operating with ten on-site staff in December should be different from the one they used when there was only one employee on-site in June.
Just like the decision to use a particular mode of sanitization, as a library undertakes and changes its unique services, the decision to require immunization of employees should start with vaccination's role not as a stand-alone solution, but as part of an overall approach to limiting the impact of the pandemic on your library, its employees, and your community. Do the services your library needs to provide the community warrant immunization of employees? If so, keep reading.
Step 2: Wait, so does what you said in "Step 1" mean a public library can go ahead and require employees to be vaccinated?
I say "yes," because under the right conditions, the law does allow employers to impose conditions for safety, and that can include mandatory vaccination. However, I also say "NO," because the phrase "the right conditions" carries a lot of complexity for three little words. To be safe, the default assumption of a library should always be that it can't require immunization of its employees...and then work to find the way, if well-informed risk management and an updated Safety Plan warrants it, it can require immunizations (and just as critically, if it should).
Step 3: Assessing if a library can require vaccination of employees
Before a library gets too far into an internal debate about if it should amend its Safety Plan to require vaccination of employees, it should assess if it is in a position to do so. This means having an experienced HR administrator or attorney look at the organization's bylaws, policies, and employment relationships to see if there are any steps or bars to the requirement.
What could such a bar look like? The most common impediment a library will run into on this is an employment contract—either for individual employees, or with an entire employee union (a "collective bargaining agreement"). The bottom line on this type of impediment: if there is a contract in play, a library must be very tactical, collaborative, and strategic prior to creating—or even considering—immunization as an employment condition.
Another bar might be language in an employee handbook or a pre-pandemic policy. Still another might be that "gray area" when library employees are considered employees of a school district, village, or town.
The best overall guidance I can offer on this Step is: assessing if your library is positioned to require immunization is a critical step to using vaccination as a tool in your Safety Plan. Bring in a ringer to help your library assess the extent of what it can do.
Step 4: Assessing if a library should require vaccination of employees
Okay, let's say you consulted with the best employment lawyer in your village/town/district, they took a close look at whatever relevant contracts and policies your library has, and they have said: "No problem, you can require this."
The next important thing to consider is: should your library require this?
Compelled immunization is an incredibly sensitive area of policy and law. Since the time Ben Franklin started insisting on smallpox immunizations, this public health issue has had passionate rhetoric on both sides of the debate.
I have worked with families whose children have documented contraindications for certain vaccines, and it is not a simple issue. And right now, a public discussion is happening about why people who are African-American might not trust being offered a first round of vaccination. These are life-and-death issues.
That said, those on the front lines of public service, during a time of pandemic, are at higher risk of both getting infected, and spreading disease. Science shows vaccination will mitigate that risk. Thus, under the right circumstances, encouraging such employees to be vaccinated is the right thing to do, and in some cases, employers have made the decision that requiring vaccination is the right thing to do.
The consideration of this question is classic risk management. What critical services is your library providing to the community? What exposure to possible infection do those services create? Does social distancing, PPE, and sanitization mitigate those risks within acceptable tolerances, or would requiring vaccination of employees demonstrably make those employees and the community safer? Are there certain duties that merit requiring immunization, and other duties (jobs performed 100% remotely, for instance) that do not? And critical: is mass employee immunization in step with the approach of your local health department?
There is no cookie-cutter answer to these questions, but a responsible decision to require immunization of employees as part of a well-developed and evolving Safety Plan should answer them all.
Step 5: Developing a robust policy that includes consideration of civil rights, the ADA and privacy
So, let's say your library has followed Steps "1" through "4" and has decided it can, and should, update its Safety Plan to encourage or require immunization of employees.
The next step is developing a policy that:
I also suggest that the library strongly consider ensuring, well in advance, that: 1) the vaccine is available to employees, and 2) that employees don’t have to pay for it. This is because 1) once the library has identified that there are risks in its operations that would be best mitigated through immunization, those activities should be limited until the mitigation is in place, and 2) there can be legal complications if the vaccination requires personal expense. While this advance planning and cost containment is not precisely a legal compliance concern, they are close first cousins, and should be addressed as part of the Safety Plan.
Step 6: If a library decides to require immunization, develop a PR Plan (optional, but a very good idea)
I don't need to tell a library audience that what a public library does on this topic will be scrutinized, criticized, and eventually, also a model for the rest of your community. Since any decision on this point will have its critics, and also (hopefully) its fans, be ready to let your public know, simply and straightforwardly, the basis for your library's decision.
I like the classic "FAQ" approach. Here are two model FAQ's for two libraries that did the legal analysis and safety assessment, and come to the following decisions:
FAQ: I was told the library board is requiring all the employees to be vaccinated for COVID, is that true?
FAQ ANSWER: Since re-opening on DATE, the NAME Library has had a Safety Plan. Now our Safety Plan does include supporting voluntary immunization of employees.
FAQ: Voluntary? So you are not requiring it?
FAQ ANSWER: Our risk analysis and still-limited operations showed that we could meet the community's needs by requiring masks, social distancing, and routine sanitization. We have now added supporting employees in getting vaccinated on a voluntary basis.
FAQ: Will you ever require it?
FAQ ANSWER: Only if our operations change and an updated risk analysis shows us that it is best for our employees and for the community.
Another "FAQ" example, for a library that came to a different conclusion, is:
FAQ: I was told the board is requiring all the employees to be vaccinated for COVID, is that true?
FAQ ANSWER: Since re-opening on DATE, the NAME Library has had a Safety Plan. Now our Safety Plan does include mandatory immunization of employees who are able to be vaccinated.
FAQ: Why is the library requiring employees to get vaccinated?
FAQ ANSWER: Feedback shows that the community needs us providing critical services right now. Our risk analysis showed that in addition to requiring masks, social distancing, and sanitizations, immunization by employees would protect their health, and the community's, while we provide those services.
FAQ: The vaccine is not 100% available yet. Did your employees have to do this on their own?
FAQ ANSWER: Our library worked with [INSTITUTION] to make sure our employees had access to this safety measure, without cost to them.
And that's it.
The important take-away I want to emphasize here is that for individual libraries, there are no quick answers to these questions.
Libraries of all types will be assessing their unique legal and risk positions, and will need to make carefully documented and executed decisions. Libraries within larger institutions may need to fight for consideration separate from other operations. Public libraries will need to consider the heightened transparency and public accountability they operate under. Library systems will be thinking about how they can protect their employees while also supporting their members. And for the employee on the ground, they'll be thinking about keeping themselves, their families, and their communities safe.
By taking careful, deliberate, and well-informed steps, the answers to the member's questions can be found.
Thank you for a vital question.
 December 18, 2020. For many of you, that means you've been shoveling lots of snow (we're looking at you, Binghamton).
 See the case Norman v. NYU Health Systems (2020) (SDNY), 2020 U.S. Dist. LEXIS 180990 *; 19 Accom. Disabilities Dec. (CCH) P19-109
 And in this case, I use "library" in its broadest sense: public, association, and even libraries operating as part of a larger institution (such as a college, hospital, or museum). School libraries, in particular, may both fall under the policies of the institution they are within, but might also have different operations, activities, and exposure that warrant independent risk analysis.
 I can't be more specific than that, since in some cases, there may be "emergency" management clauses that could easily allow the requirement of further safety measures, while in other cases, there could be language that makes it clear such a requirement will have to be a point of discussion. The important take-away here is: if there is a contract in play, don't wing it. Bring in your lawyer.
 The actual answer will of course be in writing and will likely be much more extensive than "No problem!" It should also be included in the records of library leadership to document the appropriate level of risk analysis.
 When I say "controversial," I mean legally. The science is solid: immunization saves lives.
 Ironically, Franklin's young son would die of smallpox before he could be immunized, in part because Franklin's wife Deborah was wary of the new treatment. Franklin was devastated by the loss of his small, precocious son, and some scholars say it caused a rift in his marriage that was never healed.
 If you know your history, you know these fears are based in reality. If you want to learn more, a good place to start is this New York Times article: https://www.nytimes.com/2020/12/06/opinion/blacks-vaccinations-health.html?searchResultPosition=4
 Whenever possible, confirming Safety Plans, and significant revisions of Safety Plans, with the local health department is a very good idea.
 The ADA is a critical consideration here. A good place to start for further information on this is the EEOC, at https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws. However, this is just a starting place; as you can see by the linked guidance, this part of your policy cannot be a simple cut-and-paste job.
 I know, this sounds cold; and it is. Considering if a library is actually prepared to terminate employees for refusing to meet the requirements should be part of your library's analysis here, too...because once you develop the policy and start requiring it, granting exceptions without justification can create serious legal complications.
 The member asks about waivers for employees who decide not to be immunized. A waiver of liability should only be used if it is part of a well-developed Safety Plan, and customized for the purpose by an attorney.
 Although I just did. Ah, rhetoric.
 I could go on with a few more FAQ's to illustrate the diversity of approaches available (they are kind of fun to write), but I trust you get it.
I am an adjunct instructor in a library science program.
We were having a discussion regarding patrons with body odor or heavy smells (such as perfume or cigarette smoke). What really surprised me…. several of my students who work in public libraries said they have an official policy that patrons who smell are not allowed to stay and are to be asked to leave the library. This really surprised me. Legally is this allowed? Who is to decide what an acceptable/unacceptable level of smell.
Overall, I found the notion of kicking out patrons because of smells to be repulsive, disgusting, and a completely against WHY we exist. If this is legal, I want to know how a library could, in good conscience, do this…
There is a large array of case law, academic articles, industry guidance, and news coverage on the subject of regulating smells in libraries (specifically, the smells of people and/or their belongings in libraries).
Based on those materials—and in particular, the case law—my answer to the question "legally is this allowed?" has to be: YES. With a carefully considered policy, carefully followed, barring library patrons based on their "disturbing" odor has been ruled to be legal, just like barring other factors that disturb the operations of the library (noise, eating, running) can be.
But just because a library can bar "disturbing odor" doesn't mean I always advise my clients to do it.
Why? Because this is 2020.
In 2020, we know that the impact of barring people based solely on them being "disturbing" is fraught with risk, both for legal reasons (claims based on the First Amendment, equal protection, due process, disability, etc.) and for reasons related to a library's mission (concerns related to the type of existential considerations raised by the member). 
Of course, in 2020, we also know that regardless of where you land on the question of "disturbing odor," this issue poses concerns from the other side, as well; a patron or employee trying to access or work in a library may find a smell (whether caused by another person, or by a condition of the building) to present an actual risk to their health (allergies, chemical sensitivities). So one person's access to the library may pose a risk to the access of another.
Finally, in 2020, while nothing is a sure bet, it is reasonable to expect that one of these days, one of the legal cases challenging a library's bar to access based on a "disturbing odor" is going to result in a policy or ejection being overturned. And while that currently-hypothetical case may turn on circumstances unique enough to not bar all such policies, such a ruling could throw the current legal footing into question.
Which is why I offer this: rather than barring people due to "disturbing odor" (which as the member points out, is a conclusion rooted in subjectivity) a library might be wise to consider planning, policies and action to:
It is this last bullet—related to safety—that I would like to dwell on.
Some smells are just that—smells. They may be perceived negatively, and perhaps even as a disruption, but to most people, they pose no risk.
Some smells are not just smells, but "tells"—byproducts indicative of conditions that are experienced by the individual carrying them (like it or not, we all have these). Some may be linked to a medical condition or disability, but in no way do they pose a safety threat to others. Many people who are perceived as "smelly" have "tells".
And finally, some smells are indicative of a potential health hazard to those in their proximity; for example: sulfur added to otherwise odorless natural gas, the odor of certain paints as they dry...or the smell of a staph infection in an open wound. These "evidence of danger" smells are the ones that libraries, who are legally obligated to provide their patrons and employees with a safe environment, need to be concerned about, and should develop policies to address.
Need an anecdote to distinguish the smells from the tells from the hazards? Here's a scenario:
A man walks to the library. While walking, he treads in dog poop.
Because decades of smoking cigarettes have dulled the man's sense of smell, he does not notice that his shoe is coated in poop. However, as soon as he enters the library, a page smells the poop, and points out to the patron that not only is his shoe smelly, but it is leaving fecal residue on the floor.
Because there are many health-related reasons why the library doesn't want dog poop on its floor, the man is asked to leave until his shoe is poop-free. The man leaves the library and visits his buddy across the street, who lets him hose off his shoe in the back yard.
When the man returns to the library, he shows the page the clean shoe, and it is clear that the dog poop has been eliminated. However, dog poop being what it is, the smell lingers on the shoe. But insofar as the library is concerned, it no longer poses an active hazard to toddlers crawling on the Children's Room floor. The man is allowed to walk into the library, selects the latest John Grisham novel, and leaves, the odor of dog poop lingering in the Circulation Desk breeze.
And that is the difference between using a smell to mitigate a health hazard, and tolerating a potentially disturbing odor in a library. It is also how a library focuses on providing access and a safe environment for patrons and employees—while avoiding judgments rooted in subjectivity.
In posing this question, it is clear that the instructor is thinking about mission, about a library's role in its community, and about optimizing access to resources for all. But the instructor has also honed in on this "subjectivity" concern, by asking: "Who is to decide what an acceptable/unacceptable level of smell"?
It is that very subjectivity that brings legal peril to the current scheme of things. Sooner or later, the right combination of circumstances will arise, and a judge will rule that simply barring someone from a library based on nothing more than a bad stink is a legal violation.
Therefore, as we move past 2020, and into an era that will, all signs show, be more in need of information access and authentication than any era previously, I offer this template policy to "flip the script" on how libraries address the issue of odor.
The ABC library is committed to access for all. With regard to odors in the library, this means:
We appreciate that as humans, our patrons bring a wide array of odors into our space, and not everyone appreciates that smell of others. If you need a scent-free area or well-ventilated area, please let us know. If you notice any odor or other factor that could be indicative of a health hazard, please immediately alert staff so it can be addressed per our policies.
Meanwhile, the library's Code of Conduct should state some version of: Any activity or substance posing a health hazard to patrons and employees is prohibited.
And finally, internally, I suggest this protocol for addressing reports of smells indicative of potential hazards:
Receive the report. Note the date, time, person reporting it, and what is reported. Ensure a qualified person immediately assesses the report. If there is a possible health hazard, involve the appropriate personnel or outside resources to develop an immediate response/mitigation plan, with all due respect for safety, privacy, access, and due process.
And that's it. From where I see it, while the status quo is legal, the future of "The Great Library Smell Debate" can shift to focus on two things: access, and safety. Factors that are subjective or based on personal preference ("bad smells" causing "disruption") are currently legally valid, but there is the possibility of a successful legal challenge. If a library is concerned about the impact of such policies on mission, and wants to avoid subjective value judgments about smell, developing policies that focus on access and safety might be a more appropriate approach.
That said, to reiterate my honest answer to the question: right now, based on case law, "subjective" policies about "disturbing" odor, if narrowly tailored to serve a valid purpose, and executed properly, remain enforceable. But as I have outlined, they can pose a risk.
Make no mistake—sometimes odor needs to be addressed, and from many perspectives. But the law provides many options, and using a focus on access and safety is one of them.
Thank you for a thoughtful question.
 The most authoritative and influential are: Lu v. Hulme (2015), Kreimer v. Bureau of Police for the Town of Morristown (1992).
 Trusting that an audience of libraries knows how to find research material, I'll simply say that the materials cited in the guide posted here (http://www.homelesslibrary.com/uploads/1/3/0/1/13014906/body_odor_handout.pdf) show the range of coverage and thought on this topic (at "Ask the Lawyer," we don't reinvent the wheel).
 This risk springs from the fact that, objectively speaking, every human being "stinks." Of course, for a variety of reasons, sometimes our personal odor is more overtly and broadly perceptible than at other times, and depending on an array of cultural or physiological factors, may or may not be welcome by them.
 For a thorough discussion of the mission-related considerations of imposing odor bans, I recommend the article "It is a Non-Negotiable Order": Public Libraries' Body Odor Bans and the Ableist Politics of Purity." By no means an unbiased academic exercise, you can easily tell where this author is coming from (they find odor bans antithetical to the purpose of libraries).
 These cases turn not only on precise wording, but on how the policy was applied, and the law in that precise locality.
 "Disruptive smell" while real, is, of course, subjective, since as I mentioned in footnote 3, all humans, to some degree, "stink," but "stink" is a relative term. In that regard, I am reminded of the classic scene in Frank Herbert's "Dune," when young Paul Atreides first arrives at the home of his future allies, the Fremen. Paul perceives their cavernous home, called a "seitch" as having a wretched stink, but just as he is about to show his disgust, his mother says "How rich the odors of your seitch..." saving her son from a fatal social blunder. Of course, they go on to not only get used to the smell, but to conquer the planet.
 By a variety of laws, which can include local health codes, OSHA regulations, labor law, union contracts, local law.
 What he actually says is "Um...sir? Hi, good to see you again. Hey, it looks like maybe you stepped in some dog poop?" Thank goodness, not all people talk like lawyers.
 I bet people who live near libraries collect stories like this.
 Some larger libraries, or libraries that operate in close relationship with municipalities, will have well-developed hazard response plans, which this protocol should fit right into. Others will not have that level of planning, or the resources to involve "qualified" internal personnel in assessing a reported hazard. For that, it is good to have a relationship with the local county health department.
 Can a person bring in a smell so foul and pervasive that, even if it doesn't cause permanent injury, can be considered a "hazard"? Anything that causes eyes to tear up/swell, retching, headaches, or violent coughing/sneezing in the general population can be considered a "hazard" (which is a term whose definition changes from law to law, but is used in its more generic sense here). But getting some back-up from the health department is a good way to ensure that you get solid confirmation of this.
 Have your lawyer review this policy no less than annually!
Should our library have an accessibility statement? And should we consider accessibility when making purchases?
Yes, and yes.
Every library, historical society, archives, or museum, if open to the public, should have accessibility information posted at its premises, in its printed brochures and fliers, and on its website.
While it can (and often should, based on the size and type of the library), this "accessibility statement" does not have to cite the ADA. Rather, it can just be a simple statement about your institution's commitment to access, along with some basic information about what common accommodations are on site—and critically, how to get in touch if a person needs more.
Here is some sample language:
The ABC Library is committed to access for all. We currently [insert all current accessibility features, including ramps, bathrooms, parking, adaptive technology, etc.]. As renovations are planned and new items are purchased, our accessibility grows.
Questions about our resources and any accommodations can be directed to [PERSON] at [PHONE] or [EMAIL]. To ensure timely and thorough assessment of accommodation requests, we will confirm the details of the request with you, assess the request, and let you know the options we can offer as soon as possible.
Requests related to specific events should ideally be received at least two weeks before the event, to allow time for proper assessment and planning.
Some requests might not be within the scope of what we can do, or may be met through alternatives, but the ABC Library board of trustees, director, and employees are committed to making our library the best it can be for everyone in our community.
Further, every library should have an accessibility/universal design section in its purchasing/procurement policy.
Just something simple, like:
When generating Request for Proposals and soliciting quotes, the ABC Library will assess the goods and/or services to be purchased and develop criteria to: 1) assure ADA compliance; 2) incorporate consideration of universal design; and 3) position the library to promote accessibility based on established, current, and properly sourced research.
Why is this important? Well, aside from being a kind, considerate thing to do, it is a form of legal risk management for facilities required to follow the ADA.
Pre-emptive outreach on accessibility helps people plan visits and find ways to access services, rather than look to the law for alternatives. And by building accessibility priorities into the earliest phases of procurement, your institution makes sure it thinks about accessibility before a purchase becomes a problem.
Once a library resolves to do these two things, there are endless resources out there on how to write policy, compose statements, and how to consider the ADA when making purchases, designing signage, and updating websites. But resolving to make these things a priority is the first step. So...
Should your library have an accessibility statement? And should your library consider accessibility when making purchases?
Yes, and yes.
 Even an institution with a 200-year-old building with no elevator on a street with no parking can be welcoming if the right signage and alternate means of accessing services have been communicated and properly arranged beforehand.
New state guidelines list face shields as acceptable face coverings:
However, people often spend quite a bit of time in the library, especially using our computers. We would like to require that they wear actual cloth (or paper surgical) face masks. Are we permitted to make our own safety rules? It seems to me, that just as we can prevent roller skating in the library, we should be able to set other safety rules for the sake of staff and patrons.
This question came into "Ask the Lawyer" with a request for a quick turnaround, so we'll keep this brief.
Are we permitted to make our own safety rules?
Yes...and no. But that doesn't matter for this question, because the member's real objective is...
"We would like to require that they wear actual cloth (or paper surgical) face masks."
...which a library with a well-developed, uniformly applied Safety Plan can absolutely do.
Why is that?
As of this writing, there is documented evidence that the CDC is still weighing the advisability of face shields. Here is what they have to say:
(For the less cartoon-oriented, the CDC says it like this:)
Of course, at the same time, as the member points out, the State of New York now allows face shields to "count" as a face cover:
(i) Face-coverings shall include, but are not limited to, cloth masks (e.g. homemade sewn, quick cut, bandana), surgical masks, N-95 respirators, and face shields.
Meanwhile, the REALMS study has hit the library community with THIS cold cup of coffee:
Libraries should be paying attention to all of these evolving resources, and should regard their Safety Plan as a "living document" that evolves with that information. This will help libraries develop a plan that can help them help patrons adhere to CDC guidelines like this one:
The bottom line? If your library bases its access and services on current information, is careful to adhere to its obligations under the ADA, and adheres to a Safety Plan that provides—based on the combined input from such reliable sources—that certain areas may only be accessed by those wearing faces masks (and/or gloves, and/or only if they agree to spray down certain surfaces, and/or only by a certain number of people a day), it may do so.
It all comes down to having a Safety Plan based on your library's unique size, design, staffing capacity, and collection materials. With a plan that is linked to established factors, the best guidance we can get in uncertain times, and reliable enforcement, anything is possible.
Thanks for an insightful question!
 The answer to THIS question is about 15 pages and has 20 footnotes. Aren't you glad we found a way to make it snappier?
 October 16, 2020. CDC content found at https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/about-face-coverings.html
 I am "cartoon-oriented." Whenever something can be conveyed effectively via icon or cartoon, it should be. Of course, as a lawyer, I experience no shortage of words.
 My "word of the day," which I learned as I researched this answer, is "fomite" (infected objects). Given what we've all had to deal with in 2020, I am sure I have seen the word before, but was too busy learning the concepts like "zoonotic" & "contact tracing" for it to sink in.
 Even wearing a masks while roller skating in a library (but I'd check that one out with your insurance carrier).
A public library is looking at the possibility of taking over the running of a medical loan closet that has been previously run by a church.
The library would find a space through a partner, so it would not be on library property.
The library would be responsible for cataloging the items, tracking their circulation, and applying for grants to help with funding.
The local visiting nurses have volunteered to handle the distribution of equipment, and are willing to continue if the library takes it over from the church.
The library's director and trustees are concerned about insuring the library to protect it in the event that someone gets hurt using a piece of equipment and there is the possibility of a lawsuit. They talked to their insurance agent and the company they use would not cover this.
A discussion came up about starting a separate LLC for the medical loan closet that the library would be openly affiliated with.
Would it be possible for a public library to set up a separate LLC to do this?
Before I answer, let's talk about why a person or business might create an LLC ("limited liability company").
A primary function of an “LLC” is to do exactly what the member has proposed—to create a separate entity designed to hold the liability associated with a particular venture.
Examples of how an LLC can be used to take on liability (and keep it from flowing to its owner/s) include: ownership of rental properties, operation of restaurants, and yes, collaborative formation of charitable initiatives, like a medical closet operated in affiliation with a library.
This is because, when set up properly, an LLC allows its "members" to have an ownership stake in the company, while minimizing the risk of liability associated with the LLC adhering to other parties (like the members).
For this reason, a lot of property owners and participants in risky ventures use an LLC to contain the liability that could result from the risks of the venture. This helps with insurance, critical decision-making, and keeping unrelated assets separate from the liabilities of a venture.
Aside from this primary “separation of risk” function, the LLC model also allows creative arrangements for financial operations and tax considerations. Among many other things that relate to ownership of family businesses, and complex corporate structures, this includes allowing one or multiple 501(c)(3) not-for-profit charitable entities to form an LLC that will have a similar tax status.
So the "short answer" to the member's question is: YES.
That said, I do have a "long answer" composed of several considerations and caveats, which I hope will be helpful.
Consideration 1: Audit.
While the laws governing public libraries do not forbid--and arguably expressly allow--an education corporation like a public library to own, or partially own, the asset of an LLC, a review of various New York State Comptroller audits shows that any assets flowing between the two entities will be considered subject to all the requirements that must be followed by the library.
In other words, if the State Comptroller conducts a fiscal audit of the library (as State Comptrollers are randomly wont to do), the Comptroller will not only look at the books of the library, but also the books of the LLC—subjecting them to the same scrutiny as the library.
So, to the extent money and resources flow from the library to the LLC, the same constraints on procurement, investment, and other use of assets will be imposed on the LLC. This could bar or limit the activities of the LLC, so should be a primary consideration when it is formed.
Consideration 2: Operations
By "operations," I mean: who is helping the LLC get the work done?
In the scenario submitted by the member, it is the library who will "be responsible for cataloging the items, tracking their circulation, and applying for grants to help with funding." Meanwhile "local visiting nurses have volunteered to handle the distribution of equipment." And finally, as described by the member, the storage/pick-up (the "Closet") will be off-site (not on library property).
This means that the LLC would rent/borrow the space for the Closet, volunteer nurses would work there helping to distribute equipment, and the library would use its personnel to track the lending and equipment.
And although the member doesn't specify, let's say the library doesn't use its own circulation system for this, but instead, buys or builds a custom system—maybe even something as simple as an Excel spreadsheet.
So the library would supply the "time and talent" of its people on an ongoing basis to the LLC, perhaps tracking it as an in-kind support to the charitable venture, and also separately purchase assets that would be solely owned and used by the LLC.
This "time and talent," is where "risk and liability" for the library—even with an LLC housing the operations—truly enter the picture. Even with a separate entity designed to take the hit, when an entity supplies its own people to staff a venture, there is always some risk that the direct involvement of a third party can lead to an assertion of liability (when people sue, they often look for not only deep, but multiple pockets).
How do you solve that? It takes two things:
Consideration 3: The Operating Agreement
By law, every LLC must have an "Operating Agreement" that specifies how the "members" run the company. For small, simple LLC's, an "OA" can be a fairly short document. For complex ventures with detailed financial goals and complex management structures, an OA can be hundreds of pages.
In the case of a "Medical Loan Closet" LLC meeting the criteria in the member's scenario, the operating agreement would have to address, head-on:
Which brings us back to...
Consideration 4: Insurance
At the end of the day, this question is about two things: 1) how to do a good thing for a community; and 2) how to make sure the organizations doing that "good thing" properly manage the risks of doing it.
While much of this can be addressed via good planning, rigorous equipment maintenance, and proper paperwork, as can be seen in "Consideration 3,” and as the member clearly knows, a venture that will be so closely connected to people's physical health must have some form of insurance. The coverage should extend to every person with either a fiduciary, employment, agency, or volunteer relationship with the Closet.
While precise coverage amounts should be determined by the participating parties, my instinct is that there should be at least $1 million of coverage per incident, with no less than $3 million/year aggregate. But it will depend on many factors.
So, what to do?
Many times, there is a very solid reason to start an LLC. If the Closet described by the member was going to own real property, have its own employees, apply for grants, and in general, take care of most of its operations in-house, with the support—but not the direct service—of the members, I'd say that was the right solution for this scenario.
However, if the Closet is to be a collaborative effort that will rely on the direct services and assets of the member organization/s (in this case, services by library employees, on library time), in my experience, a tightly structured plan that properly establishes the responsibilities of the collaborating parties—and ensures there is proper insurance coverage for all involved—might be the most practical way to move forward.
This will also position the library to do the right type and amount of "volunteer vetting" and to properly confirm the conditions of (and insurance coverage for) the volunteers.
So, on a practical level, what am I saying? A library can spend thousands to set up a charitable LLC to run a Medical Loan Closet, and then about a thousand or so a year to ensure the proper administration of that LLC--or it can develop the Closet as a program of the library (either stand-alone, or in collaboration with others) and spend the money on additional risk management and insurance.
After all, we're not talking small engine repair, here. Lending things—even if it is health-related equipment—is part of any library's core mission.
At the end of the day, many factors will play into the decision to use 1) an LLC, 2) a collaboration agreement, or 3) to simply operate the Closet as a new program of the library (with some volunteer agreements for the nurses).
To get to the part where the library can make the decision, I advise developing an "Operational Plan" for the program, and getting quotes from several insurance carriers as to what the coverage would costs for your library and/or for a new entity to conduct the activities in the Operational Plan.
Since there will be a lot of detail to review, a small ad hoc committee consisting of a board member or two, the library director, any other person whose input will be helpful, and the library's attorney, can then review this information, and come up with a solution to pitch to the board.
And when that pitch is made, everyone should be confident that there is no "wrong" way to develop a new, life-saving lending initiative—so long as the way selected clearly defines everyone's responsibilities, establishes that clarity in writing, assures legal and fiscal compliance, and ensures everyone helping out is covered by insurance. With the right attention to detail, this could be an LLC—or another solution.
I wish this venture luck and stout hearts for getting it over the finish line; it sounds like a great asset to any community!
 When I write about LLC's, I really struggle with putting "an" before an acronym that begins with a consonant ("LLC"). But the rules on "indefinite articles" assure me it is proper.
 There are some questions about the operation of a collaborative 501(c)(3) LLC in New York, but they happen, and haven't been shot down yet.
 "Members" is what the New York State Limited Liability Company Law calls owners.
 I don’t mean “risky” as in “Don’t drive that Pinto!” In in this context, “risky” applies to any venture that has a risk of exposure to legal claims due to having premises, employees, contractual obligations, or providing goods/services. In that context, even my own law office (which is a type of LLC) is “risky.”
 "501(c)(3)" is a designation from the IRS that allows a library or other charitable organization to accept donations while the donor takes a deduction.
 Trust me, this WAS that short answer! Another business lawyer who reads this will find it pretty skimpy.
 The Education Law, the Not-for-Profit Corporation law, the General Municipal Law, the Public Officer's Law.
 This is NOT to say that the local library could engage in a hostile takeover of the LLC-operated laundromat next door to ensure the very loud HVAC system is turned off during children's story hour. A not-for-profit, and a public library, both have extensive rules regarding what assets and investments they can own, and how they can benefit from them. But it could be done (in my hypothetical, it could be done if either: a portion of the laundromat income was a directed donation used to purchase special collections OR if use of the machines to clean clothes while reading or using library Wi-Fi was a free service to the community tied into the library's Plan of Service. Which, by the way, would be AWESOME).
 When I want to relax, I just pop on over to the Comptroller's "library audits" page at https://www.osc.state.ny.us/local-government/audits/library, and have a jolly good read.
 My apologies if my assumption that such a project could be tracked via Excel is laughable. While I can script out workflow and compliance protocols like a pro, my database programming skills stop with a 4-column chart in "Microsoft Word."
 Remember, the assets of both a not-for-profit and a public library come with heavy restrictions. This includes the "asset" of the workforce. In this scenario, we're assuming all the right paperwork for "lending" employees to a venture is properly in place...not something to assume lightly in the Real World.
 Operating a charitable LLC is fairly simple after the start-up phase, but there are routine tasks that must be kept up with: book-keeping, audit, routine IRS and Charities Bureau filings, compliant procurement, de-accession. Consider who will be responsible for all these things.
 This consideration—about properly maintaining loaned health-related equipment—is addressed in the RAQ response to a question we got back in April 2020 about lending a Telehealth kit, which is found here: https://www.wnylrc.org/ask-the-lawyer/raqs/132.
 A great short cut on this would be to find some other medical loan closet programs in New York and ask who their carrier is. Establish your credentials and tell them why you need the information first, though...places get VERY nervous when you ask who their insurance carrier is!
 At this point, I have worked on joint ventures for educational purposes, arts purposes, community gardens, the development of apps for civic transparency, community murals, and just about every feel-good thing you can think of. I will never be rich, but I love my job.
 A word of caution: the phrase "Medical Loan Closet" is part of a name protected by a trademark, the "Wichita Medical Loan Closet" which can be seen here: http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4806:g09zye.2.1. When developing a "closet" program here in New York, take care to distinguish your brand so there is no risk of getting a cease-and-desist.
 Remember, a “collaboration agreement” is different than an LLC’s “operating agreement.” A “collaboration agreement” unites the efforts of two or more entities creating the venture, and manages risk WITHOUT creating an LLC.
 The "operational plan" will evolve once you make the decision about the entity type, but to start it is just a description that sets out how the Closet will run. If the idea is largely to use the same model used by the current operator, that is a fairly simple task, but make sure to include every role and responsibility, simply noting "TBD" is you don't yet have an answer. An inventory of equipment will be an essential component of this exercise.
 Since I have hit you with a lot of detail that could be daunting, I will add this gratuitous advice: if possible, have a meal or fun snack at your planning meetings (even if they have to be via Zoom right now). I have been working on a charitable planning committee, and by turning it into a convivial experience, we are getting through some fairly obscure stuff while staying in touch with basic human joy.
COVID has made online library card registration essential in many areas. What do we need to consider when dispensing online (temporary cards that allow access to e-resources) and physical library cards to children? At what age, and under what circumstances do we need to get a guardian's signature? Can we require some form of ID for children?
I remember getting my first library card at the Utica Public Library with my Dad, circa 1985. It was a right of passage: something "official" before I could drive, or work, or vote; a stepping-stone to adult life.
Of course, back then, we didn't have the Child Online Privacy Protection Act, the SHIELD Act, or the GDPR. We did have CPLR 4509, but if that was part of the application, I probably assumed it was what the library would use to revive me if I had a heart attack in the stacks.
But enough of Memory Lane: this question is rooted in 2020, a time of pandemic, of online ecosystems, and of growing awareness about personal privacy and data security. During this time, a library putting in place direct access to services for children in the ways listed by the member is a critical service, and as the member points out, introduces a lot of legal factors to think about.
To answer the member's questions, let's dive into them.
Contracts and Kids
Since the relationship of a library to a patron is (among other things) contractual, and in New York a person (generally) cannot be held to a contract until they are 18, any terms a library wants to be able to enforce on a minor must require legal consent of a parent or guardian...and in some cases, the contract really is just with the parent or guardian (who I will call "P/G" for the sake of efficiency going forward).
This, by the way, doesn't mean a library can't let minors have a card and borrow books (or have online access, or be in the library) without the signature of a parent or guardian—it just means if you want to enforce any contractual terms against those minors (like the requirement to return borrowed books), it's best to have a P/G's consent along for the ride.
Contracts and the Internet
Most contracts—including those signed by P/Gs binding minors—can be entered into electronically, and a contract signified by a library card is no exception. So yes, a patron, including a child, can get a library card or access to services through an electronic signature.
(Just in case you want the nation-wide definition, an "electronic signature" is "an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.")
What about COPPA?
When a website specifically provides services to children, we often have to consider the Children's Online Privacy Protection Act, or "COPPA." But not today, since COPPA expressly states that the law applies to "commercial" websites and online services and generally not to nonprofit entities like a library.
Although nonprofit entities are generally not subject to COPPA, the FTC "encourages such entities to post privacy policies online and to provide COPPA’s protections to their child visitors." Since libraries are sticklers for privacy, this makes sense, but if your library does this when setting up online resources for minors, don't call it "compliance with COPPA," call it "doing it the right thing because we want to."
Should we require a parent?
COPPA, by the way, is one of the laws that uses the age of thirteen as the cut-off age for children being able to sign up for things (commercial or otherwise) on their own. In my experience, 13 is also the age when insurance carriers decide children transition from "vulnerable" to simply "minors." For this reason, many content providers and services (including libraries) bar access without a parent to those under 13.
All of which is to say: while there might not be a legal requirement to involve a P/G, in general, I'd say this is a good practice. Good—but not required. Remember, to legally enforce any conditions (collect fines), you need a P/G's signature, but if you just want to let a kid borrow a book without consequences enforceable in court, you don't.
Let's see some ID?
Okay: you're set with electronic signatures. You know you need to get P/G into the mix for patrons under 18. You're "Doing The Right Thing Because You Want To" when it comes to soliciting information from minors under 13. Do you need to see identification to make things official?
If the privileges the library card or access grants come with conditions you will need to enforce in a court of law (fines, damages), it is ALWAYS better to get some form of identification or proof of address. I say this, because when lawyers sue, proper ID and proof of address is how they know they are suing the right person.
Similarly, if there is an age or residency requirement, or a financial element (for instance, loading money onto an account), or if a person is to have access to another's account, you might need to require ID.
Because the need for it will vary, when to require ID is a good question for your local attorney. From my perspective, if a person is allowed to take out more than $10,000.00 worth of library assets at a time, or a library wants to be able to collect fines, I'd want to know how to enforce a return of those items. Similarly, if patrons are allowed to access services from third-party vendors through their library card (software programs, audio books, anything governed by a third-party license), and there are consequences for a violation, it is good to have solid information about who your patron really is.
The problem is, if you are going to require ID, you must have a solid policies and procedures that address:
Basically: the reason a library would require ID—aside from verifying that a person lives in the relevant area of service, or is who they say they are—is to collect damages or to legally enforce conditions the patron has agreed to as a condition of a card. Since that is an unpleasant business, its best to avoid it whenever you can...but when it's important, it's important to do it right.
I enjoyed writing this answer, because as part of it, I got to poke around and see how different libraries are solving this issue. I saw some great stuff, including a temporary e-access system that let the technology do all the work (requesting verification of age via click-thru, using location services to confirm location in NY, imposing conditions on digital content via function without the need for legal enforcement mechanisms).
It is good to see when the law inspires, rather than quashes, creativity and information access. I hope your library and library system finds this helpful as you imagine new ways to connect people to vital services!
 Requiring libraries to not release an individual's library records to a third party.
 There ARE some exceptions, but unless your library is hiring a minor to act in their movie, or selling a married couple of 17-year-olds a house, they shouldn't apply here (see General Obligations Law § 3-101).
 (15 USCS § 7001) states: "a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form."
 This definition's use of "electronic sound" created a rabbit hole where I envisioned a series of "auditory" contract signature proceedings where a person uses their Spotify Playlist to accept contracts.
 15 USCS § 7006
 Entities that otherwise would be exempt from coverage under Section 5 of the Fair Trade Commission Act, which most if not all libraries are.
 You can find this "encouragement" at https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions-0
 A great guide for "doing the right thing" is here: https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions-0#A.%20General%20Questions
 By "enforce conditions," I mean contractually, in a court of law. A library can always ask a 12-year-old to pipe down, and enforce its Code of Conduct if they do not. But to collect fees, get a P/G signature!
 This question is critical to a library's mission. While there is no "right" answer, I can say that even facially neutral things such as asking for utility bills, pay stubs, or non-driver ID can alienate people within a library's area of service. I advise maintaining a list of ID types that includes "the usual" types of ID (driver's license, ss card, birth certificate, non-driver ID), and some other types, as well (report card, lease, or any correspondence from a government agency (with private information redacted)). The list maintained by NYPL, who clearly gets this issue, made me smile: https://www.nypl.org/help/library-card/terms-conditions.
Can you provide a template facility use agreement for renting or allowing community groups to regularly use space in a public or association library?
Yes, I can! But first, a few caveats:
FACILITY USE CONTRACT
This contract for facility use is between the ABC Library (the "Library") and INSERT NAME ("Organization") an [insert type organization/individual] ("Organization") with an address of [INSERT], for temporary use of [INSERT ROOM# or Description] in the Library (the "Space").
Details of Temporary Use
Date(s) and time(s) of use
NOTE: If use is routine ("Every Monday in 2020") note the routine
Purpose of use (the "Event/s"). Please describe the activity to be conducted while you are using the Space.
Estimated maximum attendees
Will you bring in any contractors or third parties under contract for this event?
If so, you must provide the Library with a copy of the contract and they must name the Library on their certificate of insurance.
Please list any special details
Person from Organization who will oversee Organization's use of the Space (must be present at all times) and their back-up person
Rental Fee on a per-use basis
NOTE: If the use is charitable and the fee is to be waived, the use must not involve any political activity as defined by the IRS.
Fee is payable to [INSERT] and shall be paid by:
Will minors unaccompanied by parents/guardians be attending the event at the Space?
If yes: does Organization have a policy barring abuse of minors, and requiring instances of abuse of minors in connection with Organization's programs to be reported to law enforcement within 24 hours?
Is Organization a chapter or affiliate of a larger organization?
If so, include larger organization's name.
Will the event involve food or the creation of materials to dispose of?
If yes, what time will clean-up, including removal of all trash and recycling generated by the event, be completed?
Organization's Library Contact (the person who will help them with any questions and address any concerns)
The ABC Library's mission is [INSERT].
As part of its mission, the Library requires that all people on Library property abide by all the Library's policies. In addition, while using the Space, Organization and any person at the Space in affiliation with Organization must at all times follow the below rules, and any reasonable request of any Library representative.
No harassing, abusive, or demeaning activity directed at any person or the Space.
No contact that violates any applicable law or regulation.
In the event of an emergency at the Library, Organization shall abide not only by the reasonable request of any Library representative, but also any first responder assisting with the emergency.
In the event of any injury to any person, or incident of property damage while the Space is in use, Organization will immediately notify the Library Contact listed in the chart above immediately. In the event of a crime or medical emergency, call 911.
Aside from those attending the event(s) in the Space sponsored by Organization, no filming or taking pictures of any individual in the library (visitor or employee) is allowed, without their express permission.
After use, the Space will be restored to the condition it was in prior to Organization's use, by the Organization, unless otherwise specifically confirmed with the Library Contact.
Organization will not promote the event using the Library/Space as the location until this contract is fully signed and (if applicable) Organization has paid the applicable Rental Fee.
Drafting note: if the Library does not own the building, add any other rules based on requirements in the lease.
Violation of any rules may result in the termination of this Contract with no refund, and denial of future use.
This Contract guarantees that Library will reserve the Space for Organization as set forth in the "Details" section, above. However, in the event the Library or a related entity experiences an emergency which, in the sole determination of the Library, requires the cancellation of the use (including but not limited to condition at the facility, weather emergency, or event requiring Library's emergency use of the space), Library shall notify Organization as soon as possible, and work with Organization to refund the fee or determine a new date, whichever is preferable.
To the greatest extent allowed by law, Organization hereby agrees to indemnify and defend and hold harmless the Library, its Board of Trustees, employees, agents, and volunteers, from any and all causes of action, complaints, violations, and penalties, and shall pay the cost of defending same, as well as any related fines, penalties, and fees, including reasonable attorneys' fees, related to Organization's use of the Space, including conduct by any third party or contractor present at the Space as part of the Event/s.
Organization shall provide insurance meeting the requirements shown in exhibit "A."
Drafting Note/Instruction: the person at the Library organizing the contract will either select the default insurance requirement, which is the conventional insurance demand, or it shall be determined that no insurance is required. For organizations conducting routine meetings, and especially if children are served by the Organization, the library's lawyer, and/or your insurance carrier will almost always advise insurance be required.
Person signing for Organization
The person signing on the line below on behalf of organization is at least 18 years of age and has the power to sign for the Organization.
Venue for Dispute
This contract and any related action shall be governed according to the laws of the state of New York, and Venue for any dispute shall be INSERT county, New York.
Accepted on behalf of the Library:___________________ on:___________
Accepted on behalf of the Organization:___________________ on:___________
My library's reopening plan calls for not allowing group meetings/ programs for a time.
There is some concern for a BOT member as to if the library can legally do this. The concern is if a community group or club that regularly meets in the library were to want to meet again, could they challenge the library in regards to this issue? In a nutshell, the question is "Do we legally have the right to suspend and not allow all meeting room use as the library reopens?"
As library director my thought process is that as long as the policy is being equally and fairly enforced to everyone then there should not be an issue. This does beg the question however as to what may happen if the city, which owns the building calls "eminent domain" and quickly demands use of a meeting space they own in an emergency circumstance. This is rare but has happened a few times in the past.
Any input you have would be greatly appreciated.
I have been looking at some of my post-COVID "Ask the Lawyer" responses, and they are pretty grim. Such serious writing.
Of course, these are serious days, and operating during COVID-19 is a serious topic.
But I have been on the lookout for a chance for some joy, if not some outright levity. And finally, this question supplies one!
Why would a question about temporary disuse of a meeting room make me happy? Well, as some of you may have noticed, very little gratifies me more than emphasizing a library's autonomy.
So, hear me rejoice: Yes, your library has the right to disallow all meeting room use in the interest of safety!
And if that isn't joyful enough, get ready for more good news: this is true whether your library is a tenant or a landowner, a public library or an association library, a library in a big city or a library in a small rural village!
Why is that? If a chartered library in New York has assessed its unique space, its unique operational capacity, and its unique ability to operate safely, and as a result has adopted a Safety Plan that does not allow meeting spaces or on-site programming, then...there will be no meeting use or on-site programming. It's as simple as that.
Now, that said, can someone try and complain about it? Sure. Can a building owner (like a town or a landlord) try and over-ride it? Yes. Could a pre-COVID contract be implicated? Yes. But as an autonomous entity governed by an independent board, can your library make a Safety Plan and stick to it? Yes.
As it should be.
Of course, within that autonomy is the obligation to steward and utilize library assets responsibly, and in compliance with the law. This is why the member's point about uniform enforcement and clarity is so important. If the access is restricted for the Book Club, it needs to be restricted for the Comic Book Club, and even for the Garden Club. But after ensuring basic fairness and compliant use of library resources, the baseline decision about what facilities to allow access to during the pandemic is in the hands of the library's board and director. And as I have said in many of my recent answers: they must put safety first.
Only one thing remains to be said: despite my obvious relish for the task, I want to assure the reading public that I still did my homework for this reply. As of this date, the only court rulings in New York to address litigation or complaints about library access as impacted by COVID-19 are numerous claims about transmission concerns impeding access to a prison law library (now, in that case, I can understand why someone would complain). But I found nothing regarding action against public and association libraries due to COVID-induced closure, reduced operations, and impediments to general access. Hopefully it stays that way.
Thanks for a good question and for some time on the bright side.
 It gives me a very "we the people" thrill that no amount of election-year jitters can override.
 I am sure that by now (August 25, 2020), MANY of you have heard MANY complaints...complaints about masks violating the ADA, complaints about the Library being too open or too closed, complaints that your signage is in the wrong font, or perhaps complaints about the smell of your hand sanitizer being too fruity. These days, people just need to complain about something—it helps us feel more in-control. I know I directed a very strongly worded message to my local government regarding document retention policies after the repeal of Civil Rights Law 50-a; for about 10 minutes, I felt really in charge of my own destiny.
 This is why a lease, or at least an agreement with a municipality who may own the library building, is a good idea. At the bare minimum, such a document should address security/confidentiality, insurance for loss, the protocol for an on-site slip-and-fall, and the process for planning capital improvements.
 For instance, a facility rental agreement.
 For instance, once your meeting room is again accessible to the public, you can't let a start-up business owner hold a pop-up retail stand there to turn a profit, since that would risk compliance with several laws and tax regulations.
 Comics are very cool, but obviously your library doesn't want to play favorites. And just because the Garden Club shows up with trowels is no reason to give them special treatment.
 August 25, 2020.
 There are already over a dozen of these. A typical case can be seen in Vogel v Ginty, 2020 US Dist LEXIS 148513 [SDNY Aug. 14, 2020, No. 20-CV-6349 (LLS)].
 It will be hard enough sorting out the impact on budgets and various regulatory requirements.
We got lucky: an employee, who was asymptomatic at work but tripped one of the screening factors requiring him to stay home, was tested and found NEGATIVE for COVID-19.
Our employee is coming back to work, but I have been wondering...what if the test came back POSITIVE? If we have to quarantine all our employees, we'd be shut down completely!
First: that is good news about your employee.
Second: a gold star to your library for having a screening system that works, and for following the requirement to restrict an employee who trips a screening factor from on-site work while waiting for test results.
Third: Let's talk about your alternate scenario (the one where you don't get such good news).
As of August 17, 2020, any library that is up and running should have a Safety Plan as required by both the guidance for "Office-based Work", and "Retail Business Activities" (we'll call this the "Guidance").
The Guidance includes the requirement to fill out a New York Forward Business Affirmation Form, which attests to having a Safety Plan. It also answers the member’s question about what to do if an employee tests positive for COVID-19.
Here is what the Guidance (as of 8/18/2020) requires:
An individual who screens positive for COVID-19 symptoms must not be allowed to enter the office and must be sent home with instructions to contact their healthcare provider for assessment and testing.
Responsible Parties should remotely provide such individuals with information on healthcare and testing resources.
Responsible Parties must immediately notify the state and local health department about the case if test results are positive for COVID-19.
Responsible Parties should refer to DOH’s “Interim Guidance for Public and Private Employees Returning to Work Following COVID-19 Infection or Exposure” regarding protocols and policies for employees seeking to return to work after a suspected or confirmed case of COVID-19 or after the employee had close or proximate contact with a person with COVID-19.
So, the answer to the member's question: "What if the test came back positive?" is: "[I]immediately notify the state and local health department."
After that, the direction from the local health department may vary, but the Guidance requires:
If an employee has had close or proximate contact with a person with COVID-19 for a prolonged period of time AND is experiencing COVID-19 related symptoms, the employee may return to work upon completing at least 10 days of isolation from the onset of symptoms.
If an employee has had close or proximate contact with a person with COVID-19 for a prolonged period of time AND is not experiencing COVID-19 related symptoms, the employee may return to work upon completing 14 days of self-quarantine.
And after that, things can really vary. But in a scenario where every employee of the library came within six feet of their (now confirmed as) infected co-worker, the library really could be looking at up to two weeks of employees in self-quarantine...along with any other response required by the local health department.
This is not a feel-good scenario. But the good news is, the same Guidance that requires a library to require employees to isolate also reduces the likelihood of such a remedy being needed. This is because the Guidance also requires a host of preventative practices to limit exposure in the first place, including:
If a library maps these things out for employees, and consistently enforces them, there will be less need for the "isolation/quarantine" sections. While right now, there is no magic bullet, the simple elements of your library's Safety Plan can reduce the need for quarantine.
And that's it; thanks for a great question. I hope this answer never has to come in handy for your library. But just in case it does: here’s a quick checklist for the steps listed in this response :
"CHECKLIST FOR RESPONDING TO NOTICE OF COVID-19 EXPOSURE AT THE LIBRARY; TO BE USED IN CONJUCTION WITH UPDATED SAFETY PLAN"
Here is a template notice to the board, designed to reflect taking the necessary steps, while also protecting employee privacy:
On ____________, the library received notification of an [individual/employee] testing positive for COVID-19. As required by current guidance from the State, we notified the Health Department immediately. At this time, the direction from the local health department is _____________________________________[this may be extensive].
We have determined that # employees must self-isolate until they DATE.
We have determined that # employees must self-quarantine until DATE.
We have confirmed with the health department that as a result of this notice and response, and consultation with the [Executive Committee of the board/full board/board officer/other] we will [close/reduce operations/operate under the status quo], unless the board determines otherwise.
Our Safety Plan has been followed and we have retained the documentation showing such compliance.
 Any library that does not consider itself "operated by a local government or political subdivision", that is, since the New York Forward guidance specifically states that the various Executive Orders' business restrictions do not apply to such libraries.
 Found at this link as of 8/17/2020: https://coronavirus.health.ny.gov/system/files/documents/2020/06/doh_covid19_publicprivateemployeereturntowork_053120.pdf
 According to the Guidance, "close contact" is "to be someone who was within 6 feet of an infected person for at least 10 minutes starting from 48 hours before illness onset until the time the person was isolated."
 This should NOT be happening!
 Remember, local governments and political subdivisions may decide not to follow these precise requirements. That said, if it determines it is operated by a local government or political subdivision, a library must then follow the safety plan set by that local government or political subdivision.
 Some of this isn't required by applicable laws or Guidance, but is in there to position a library to easily show it followed applicable laws and Guidance.
 While keeping confidentiality at top of mind, libraries need to think carefully about a voluntary system allowing users to log visits for purposes of contact tracing. A voluntary list of names, dates and times, maintained with all due care for privacy, can position a library to participate in a local health department's contact tracing initiative. This can in turn help a community reduce its rate of transmission.
In regards to COVID-19 when libraries do reopen, (and allow people in) is it advisable to ask customers to leave the public building if they are exhibiting any visible COVID symptoms? If so, are there benchmarks for how extreme symptoms should be or how policies should be worded? There are of course patron behavior policies in place allowing for the removal of anything disruptive, which can include noise or inappropriate behavior. There are some members of our leadership team who believe our safety reopening plan should include provision specifically mentioning symptoms of COVID-19 and the staff's/ library's right to remove them if symptoms are exhibited. There are other concerns that library staff are not medical professionals and we are not able to determine if a few sneezes and coughs are common colds, allergies or COVID. Attached is our library's current reopening plan.
As the member writes, it is very difficult to determine if some physical factors—coughing, a flush, seeming malaise—are in fact symptoms of COVID-19. Confronting a patron with suspected symptoms can also lead to concerns impacting community relations, privacy, and the ADA.
A good Safety Plan addresses this concern, without requiring patrons to be removed mid-visit from the library.
To position libraries to address the impact of patrons with suspected symptoms, New York's "Interim Guidance for Essential and Phase II Retail" (issued July 1, 2020) states:
CDC guidelines on “Cleaning and Disinfecting Your Facility” if someone is suspected or confirmed to have COVID-19 are as follows:
[emphasis on "suspected" has been added]
In other words: your Safety Plan, as informed by the most recent guidelines, should leave nothing to chance. By using this procedure, library staff are never put in the position of having to guess, ask, or consider if a patron's coughing, sneezing, or other behaviors are COVID-19...rather, the moment the possibility is "suspected," the Plan kicks into action.
Of course, if a patron is properly masked, some of the risk of exposure is limited, even if they are infected (this is why we wear masks and identify areas with six feet of clearance in the first place). And if a patron removes their mask mid-visit, refuses to keep appropriate distance, or refuses to spray down equipment after using it, THAT person can be asked to leave, simply as a matter of policy—whether they are exhibiting symptoms, or not.
So to answer the question: no, it is not advisable to ask patrons to leave the public building if they are exhibiting any visible COVID symptoms, for exactly the reasons the member provides. Rather, it is required that your Safety Plan keep people distant from each other, and that the library be ready to address any real or suspected exposure as quickly and effectively as possible.
That said, having signage that reads "Safety first! Patrons who are concerned about transmission of germs can arrange curbside service by [INSERT]" is a great way to remind people that if they are having an "off" day, there are many ways to access the services of your library.
I wish you a strong and steady re-opening.
 This answer does not apply to employees and visitors like contractors, who must be screened.
 Found as of July 25th, 2020 at https://www.governor.ny.gov/sites/governor.ny.gov/files/atoms/files/RetailMasterGuidance.pdf
 Found as of July 25th, 2020 at https://coronavirus.health.ny.gov/system/files/documents/2020/06/doh_covid19_publicprivateemployeereturntowork_053120.pdf
 I note that the DOH's "Interim Guidelines" do not include guidance to staff with suspected (as opposed to confirmed) exposure. If an employee feels they were exposed to a suspected case of COVID-19, however, that will impact their answers on their next daily screening, which will trip consideration of whether they can report to work.
 Or whatever other safety measures a library has identified. It is inspiring to read the variety of tactics out there, as listed at https://www.nyla.org/covid-19-library-reopening-plan-database/?menukey=nyla.
 Of course, if a patron is having a medical event and you have an immediate concern for their well-being, call 911.
The library is using NYS Archives and Civil Service references to set personnel and payroll files records retention and disposition.
A question arose regarding employee rights to request removal of materials from personnel records.
The committee’s question was specifically about removal of a negative matter after the minimum required retention time had elapsed.
In this instance there was no question about the accuracy of the record nor was there litigation involved or anticipated.
There are a lot of little details to address in considering this question, but first, there is one big principle I must emphasize. When it comes to records retention—and especially when it comes to employee-related records—nothing should be discretionary.
In other words, if an employer wants to create a process where every corrective action plan, performance evaluation, employment-related investigation, or incident report is removed after its minimum retention period has elapsed, that is fine. However, unless it is a benefit that has been carefully negotiated and confirmed in a contract, there should be no process for an employee to initiate optional removal of materials, and by no means should that process require the employer to make a “yes” or “no” decision.
The moment personnel records that could be interpreted as “negative” become subject to an employee-initiated, optional procedure, the employer, simply by having such a procedure, has: 1) admitted that possibility that the materials could have a negative impact on the employee; 2) created a system where such material could be retained inadvertently; and 3) set up a scenario where such a request could accidentally or deliberately be denied or perceived as somehow subject for debate, potentially triggering the possibility of a complaint, litigation, or a damage claim.
Unless retention is being considered for historic/archival purposes, record retention or destruction should never be discretionary (and of course, the decision to retain certain records for historic/archival purposes should be based on objective criteria). The best approach for management of employee performance-related records is simply that they be retained as required, or be purged when no longer needed, based purely on the category (not the substance) of the records’ content.
So, my answer to this question is: there should be no process for an employee to request optional removal of negative materials from a personnel file. Rather, the removal of material from personnel files should only happen per uniformly and routinely applied policy. If a negative review or incident report has served its purpose and is no longer needed, it may be removed as part of the routine purging policy and process. If it is still needed, it should be retained. There should be no middle ground; it creates risk. If your library is part of a collective bargaining agreement or uses contracts that include this approach, employees should all be notified and trained on how to exercise these rights.
Thank you for an insightful question.
 Just in case you are new to the Human Resources world, a “corrective action plan” is a time-limited plan with a clearly articulated goal and measurable steps to address a performance concern. Here is an example of a properly formulated Corrective Action Plan, taken from my domestic life: “To ensure optimal vegetable growth and family cohesion, for the next eight weeks, every family member will spend no less than ten minutes weeding per day. To enable verification, family members will place uprooted weeds on the Stick Pile.” Now, here is an improperly formulated version: “If you Ingrates don’t help me in the garden today, I will put a dead thistle by your pillow tonight.” Both techniques can, of course, yield results, but only one wins the “Happiest Workplace” award.
 Of course, a collective bargaining agreement could create the right to request removal of accurate information from a personnel file. Again, however, because such a discretionary approach might not be exercised or even known by all employees, I don't see this as a fair or helpful clause (to either employees, or the employer). A better option would be a simple records purge, or a purge tied to an objective performance metric (“after three years of ‘satisfactory’ reviews, this Corrective Action Plan will be removed from the employee’s record”).
 These are all the “little details” I mention in the opening sentence, but as you can see, they aren’t so little.
 With all due consideration of privacy.
 This could include, by the way, a Corrective Action Plan process with a “self-destruct” measure for the guts of the “negative” issue. In other words, the CAP policy itself could say “Upon satisfactory completion of a Corrective Action Plan, after # years, the only record retained will be the summary note confirming successful completion of a Plan of Improvement.” But again, this should be per a uniformly applied policy, not a discretionary request.
 By “needed,” I mean, among other things, that proof of the remedial action taken by the employer is no longer required to protect the employer. While many policies base this on statutes of limitations, most only start the clock after the employee’s period of employment is over, and that, in my view, is generally the most prudent choice.
My Director has asked me to ask you the following question. In normal circumstances the library would host the meetings of local organizations that do not have a building of their own. The library hosts the meetings of organizations like "Concerned Citizens", "Race Unity Circle", the "Bahá'í society", etc. All nonprofits that do not have large budgets and utilize the library for their meetings. Is the library legally allowed to use the library's Zoom subscription to host meetings for these groups as an Outreach Program? In the same way the librarian would be there to book the meeting, set up tables/chairs, and greet the group, the Zoom meeting would be booked, the link distributed to members, and the librarian there to open the meeting up at the specified time. I would be interested if your answer is different depending on whether the library is in an emergency closure situation or not.
Life is full of surprises. When I was in third grade, I was surprised to learn that this strange country called “Canada” occupied the upper half of North America. When I was in fifteen, I was surprised to learn that “brooch” rhymes with “roach.” And upon researching the answer to this question, I was surprised to learn that Zoom doesn’t have an “exclusive use” clause in their service agreement.
You may not offer or enable any third parties to use the Services purchased by You, display on any website or otherwise publish the Services or any Content obtained from a Service (other than Content created by You) or otherwise generate income from the Services or use the Services for the development, production or marketing of a service or product substantially similar to the Services.
In other words, Zoom doesn’t want you to “offer” your account out to another party (even if that party is a legit not-for-profit).
But the member has asked if they can serve as the “host” of the meeting, mirroring the way their library opens its doors for certain groups and gatherings. Both functionally and grammatically—and thus legally—this means the library is the one using the service. It’s like my law firm using our Zoom to host a board meeting for a client, since I need to be there anyway. Or, perhaps more closely, an educational institution letting a student group use its Zoom, so the student newspaper can soldier on.
So the stark, simple answer to the member’s question (“Is the library legally allowed to use the library's Zoom subscription to host meetings for these groups as an Outreach Program?”) is “YES.”
That said, being a detail-oriented, pro-risk-management, and liability-averse kind of attorney, I can’t just leave it there.
Physical meetings at your library all must follow some rules. Some libraries set these rules by policy, others confirm them with both a written policy and a facility use contract.
These documents ensure that the particular rules at that library will be followed. The same should apply when the library is hosting a Zoom meeting for your community.
Zoom’s “Acceptable Use” Policy expressly bars numerous types of activity, including but not limited to:
I imagine most libraries can endorse these conditions, but some may be (rightly) wary to impose content restrictions on meetings. While the limits your library has agreed to with Zoom is a contract the library has voluntarily accepted, I can see a (very) few instances where perhaps a first amendment concern could loom. So any library considering hosting Zoom meetings for users should think that aspect through thoroughly, and be ready to address it just as you address such concerns for physical meetings.
To help a library navigate these straightforward but choppy legal waters—especially the Zoom Terms’ bar on letting a third party use your account—here is a template “Virtual Meeting” Agreement.
NOTE: As always, template agreements should be reviewed by your library’s legal counsel to ensure they conform with your library’s charter, bylaws, unique identity, and other policies.
Videoconference Meeting Agreement—TEMPLATE ONLY
Person filling out this form [must be cardholder]
Meeting date, time, duration
Target date to send out the invitation
Please note: for the orderly operation of the meeting, pre-registration should be required, OR attendees should be given only limited participation ability.
Purpose of meeting (must be a purpose consistent with library operations)
Estimated number of attendees
Live stream meeting? Please list where the livestream will be accessible
Please list your group’s Meeting Facilitator
[see Meeting Facilitator Responsibilities below]
[To be filled in by library]
Library Staff serving as “host” on the videoconference.
Facility Use Policy
On the above date and time, the [NAME] library will host a meeting of the above-listed group for the above listed purpose.
It is understood that every attendee of the meaning will be expected to abide by both all the applicable rules of the library for meetings at our facility, and to observe any and all above-listed additional conditions.
The above-listed “Meeting Facilitator” should be logged in to the meeting at least 10 minutes before so they can discuss the orderly conduct of the meeting with Library Staff.
The Meeting Facilitator must discuss the functional aspects of the meeting with library staff before the start of the meeting; they should be prepared to discuss how attendees will be able to interact and how the relevant functions of the meeting will be used to meet the meeting's stated purpose.
The Meeting Facilitator should also be comfortable with using Zoom's capabilities to assist the Library Staff in hosting the meeting (monitoring the chat, moderating the discussion, muting or removing participants if needed).
When it is time for the meeting to begin, the library staff hosting the meeting will state:
“Welcome to [MEETING NAME]. Hosting an online meeting with your group is a service the library provides to our community groups without charge. Just as with hosting meetings in our physical space, the library must enforce rules regarding respect, non-discrimination, and accessibility. If you have concerns in that regard, please let me know by sending me a private message during the meeting. And now I’ll turn it over to [NAME] to start the meeting.”
It is expressly understood on behalf of the group that:
Please alert the library to any ADA considerations for hosting this meeting. For meetings with more than 50 participants, the Meeting Facilitator should be ready to discuss accessibility objectives with the Library Staff member.
We welcome your ideas for making our co-hosted meetings better. Constructive feedback may be sent to [e-mail].
Acknowledged: __________________________________ on DATE: ______________.
Unless there is a bylaw, policy, or contract barring staff serving as the meeting host, this is most definitely a service that can be offered even when your library cannot be physically open to the public. However, at all times, it must be clear that this is the library’s meeting. Account ID’s, passwords, and hosting capabilities should not be given away. Co-hosting should never be converted into changing the host. The meeting “intro-text” should be read every time; it is there to make sure that the library’s primary role is documented in every single meeting you host. Just like a meeting room should never be used when the library is not staffed, the virtual meeting room must remain in the control of your institution—otherwise, there could be concerns with the license.
And with that, I wish whoever at your library becomes the “virtual meeting staffer,” a stout heart, a quick finger on the mute button, and lots of community-oriented fun.
 I have since been informed that either pronunciation is acceptable. Fortunately, with my spare fashion sense, it is not a word I use often.
 The conditions in these documents will change from library to library. Some libraries have to enforce the rules of a landlord. Others will decide to charge a nominal fee (DO NOT do that for a Zoom meeting), or restrict use to a charitable use.
 By the time I got to this part of the list, I was thinking “Jeez, it’s an ugly world out there, and Zoom has a front-row seat to it.”
As we look to re-opening our public libraries with abridged services, we want to limit the chances of legal challenge from organizations who seek to make a statement about government response to COVID-19 and social distancing measures. We are considering a recommendation to have a brief policy manual addendum with policy adjustments that supersede the policy manual, have a short review and renew period (aligned with the library board meeting schedule), and are triggered by an objective, external to the library, event. What elements would we need to include in this addendum to make it legally enforceable, while not re-writing the entire policy manual?
Take, for instance, a library's meeting room policy. For a library with a 2,000 sq ft community room, with a normal occupancy of 250 persons and a seated occupancy of 150 persons (fake numbers), in which the board meets every other month.
- Initial addendum policy would have a line which said "Meeting Room: The meeting room is closed to all groups. Policy approved April 27, 2020. Will expire June 26, 2020."
- At the June board meeting the board passed "Meeting Room: The meeting room will open for library sponsored programming July 1st. Registration will be required and limited to 20 persons to follow current social distancing guidelines. Policy approved June 26, 2020. Will expire August 27, 2020."
And so on.
What are recommendations for the pre-amble of such an addendum? What should we make sure to include in the board motion to enact the emergency policy addendum such that it supersedes the standard manual?
This answer is being composed on May 9, 2020. New York is still fully on PAUSE, but the Governor has divided the State into ten districts who must hit seven defined metrics to begin rolling back various restrictions. Careful prognosticators are cautioning that what is rolled back can also be re-implemented, so caution and flexibility are the watchwords of the times.
In this context, many libraries are considering a phased resumption or extension of operations, and to do so, may need to adjust many of their standing policies.
As the member’s question highlights, the stakes for such adjustments can be high. The greatest risk in taking emergency and temporary measures are that: 1) they are not legal; 2) they create legal but mission-averse collateral consequences; 3) they are legal and perfectly mission-aligned, but still just make people mad.
Right now, libraries don’t have the luxury of time to fully mitigate these risks. But collecting, assessing, and documenting some steps, a library can do its best to avoid them.
Here is how to do that:
Step 1: Inventory your board’s authority and obligations
Library leadership seeking to temporarily adjust library policy to address COVID-19 must first assemble the following:
Many libraries will already have these assembled from previous such exercises.
Step 2: Inventory the specific policies your library needs to adjust
This “inventory” should include a citation to each policy your library needs to adjust, the basis of the need, any legal compliance considerations, what the precise terms of the proposed temporary change are, and, as the member writes, the reversion trigger of duration of the change.
This sounds painstaking and arduous, and it will be. Fortunately, when it comes to the painstaking and arduous act of organizing information, libraries have a home team advantage.
And don’t worry, in the next step I give you a chart to sort it all out.
Step 3: Identify what’s needed: alteration of the policy, or complete suspension?
In some cases, a policy will just need some small, temporary alterations to continue serving the requirements of the law and the needs of the library and its community. However, some policies are so complex, or so rife with temporarily unsafe practices, they will simply need to be suspended.
Here is a chart template that sets the “inventory” categories of Step 2, with examples the two types of adjustments:
1. Policy or obligation to adjust
2. Basis of need to adjust
3. Law or policy governing change
5. Reversion trigger or duration
Example: Policy temporarily altered
Policy B-2: Board Meetings
Limits on large gatherings and social distancing requirements requires limiting in-person contact
Board meetings are controlled by the Education Law Section 260 and Article 7 of the Public Officers’ Law (“Open Meetings Law”), but are temporarily governed by Executive Order 202.12.
As allowed by the EO 202.12, the Board shall meet via teleconference, and the audio shall be simultaneously available at a link on the library’s website, as well as recorded and transcribed.
This adjustment shall be in effect until the expiration of the terms of EO 202.12.
Example: Policy temporarily suspended
Meeting Room Policy allowing use on a reservation basis.
The Library wants to use the Meeting Room but must suspend community use to observe current social distancing requirements and health-oriented practices.
Executive Order # and #, as well as the usual laws governing use of library property.
To ensure observance of [cite EOs] the Meeting Room policy is suspended until two weeks after the last remaining restriction is lifted.
To allow time for cleaning and operational adjustment, the regular policy will go back into effect two weeks after the last remaining restriction is lifted.
Step 4: Contrast the adjustments with your library’s obligations
This is really a second look at the third column- “Law or policy governing change.”
It encourages your leadership—and ideally, your lawyer—to take a deep look at any standing legal obligations, and make sure your temporary adjustment doesn’t run afoul of them.
For instance, in the Meeting Room Policy example, let’s say that, per the policy, the library had a standing, written agreement for the room to be used by a writer’s group on a weekly basis. This might require an extra step in your adjustment to the policy, with some targeted outreach to cancel what might be regarded by the group as a written contract.
SPECIAL NOTE FOR LIBRARIES WITH UNIONS: Step 4 is especially critical if there is a union contract involved. Throughout this time of COVID-19 response, I have seen many examples of situations where a library’s prospective plans have been impacted by CBA provisions for emergency closure or other obligations. I have written about that at length elsewhere, so for now, will simply say: in all of this a library’s union should be an ally and critical stakeholder promoting employee well-being, and hopefully the need for any changes to routine policy and procedure can be approached in that spirit.
Step 5: Diplomacy Check
Technically, this is not a “legal” step, but I can say that in many ways this step is the most important part of avoiding needless legal threats and hostility.
Step 5 involves taking yet another look at the chart, and adding other two columns, covering: “Who will be impacted by this policy change?” and “How can we roll out the change to lessen any negative impact?”
Here is what these columns look like in my imaginary examples:
6. Who will be impacted by this policy change?
7. How can we roll out the change to lessen any negative effects?
Board Meeting Policy Example:
Everyone who relies on library board meetings as a chance to scour the budget and yell at the treasurer about how much was spent on new shelving, even though the purchase followed every bidding step required by state procurement rules.
The library will put up a sign on the front door, and in the usual places where the library sends formal notices about the meetings, saying:
“As you know, our board is meeting via telephone and working to keep our library ready to serve the community! You can hear our meetings at [link] or get a recording at [way]. We’ll have transcripts ready a month after the meeting. Please keep in touch by sending your comments to [NAME] at [ADDRESS].”
Meeting Room Policy Example:
People who really, really just want to see their writing group.
The director will ask [STAFF] to outreach to the regular groups, to see if they need assistance finding alternate resources while we wait to welcome them back.
And with all that legwork done, we can now answer the member’s core questions:
Question 1: What elements would we need to include in this addendum to make it legally enforceable, while not re-writing the entire policy manual?
The elements would be 1) a preamble setting forth the board’s authority, goal and process for the temporary changes; 2) a list identifying the policies that are temporarily suspended or temporarily altered; and 3) an articulation of the replacement policy or temporary changes.
Question 2: What are recommendations for the preamble of such an addendum?
Here is a template for the preamble:
The [NAME] Library was chartered in [YEAR] by the New York Board of Regents, and operates under the authority of that Charter, the New York Education and Not-for-Profit corporation law. In accordance with that authority and in compliance with the Library’s bylaws [OPTIONAL IF UNION AGREEMENT OR OTHER CONTRACTS ALSO GOVERN: and all other applicable obligating documents], to promote the mission of the library, the safety of all it serves and employs, and the needs of the community at this time, the following temporary changes to the following policies are made:
And here is how you link it to the other elements:
[INSERT chart with only columns 1, 4, and 5].
Question 3: What should we make sure to include in the board motion to enact the emergency policy addendum such that it supersedes the standard manual?
Here is template language for a board motion:
WHEREAS the State of New York is currently subject to Executive Orders governing the State’s response to the COVID-19 pandemic; and
WHEREAS the [NAME] Library’s mission is to [INSERT]; and
WHEREAS some of the Executive Orders impact the ability of the Library to fulfill its mission while abiding by its usual policies and procedures; and
[INSERT ONLY IF APPLICABLE] WHEREAS the Library is also subject to the terms of a collective bargaining agreement signed on DATE: and
[INSERT ONLY IF APPLICABLE] WHEREAS the Library is also subject to [variable]; and
WHEREAS the Library has developed temporary adjustments to its usual policies and procedures, with all due consideration of its standing obligations, to aid itself in operating safely and in compliance with the orders, and in period of recovery to follow;
BE IT RESOLVED that the following temporary changes, for the corresponding durations sets forth below, are enacted, effective immediately:
[insert chart with columns 1, 4, and 5]
AND BE IT FURTHER RESOLVED that the full chart setting forth these temporary adjustments shall be posted on the Library’s usual place for posting policies no later than [DATE]; and
AND BE IT FURTHER RESOLVED that the following measures to positively communicate these temporary adjustments shall be taken:
[INSERT measures identified in column 7].
When using these steps, it will be important to remember that an individual library’s response will be informed by not only their unique documents and priorities, but which of New York’s ten regions they are in. This means that what works for one library won’t necessarily work for a similar library in the next county over. Nor should one library be judged by what is being done at another.
And finally—and I have mentioned this in several columns lately, but I will mention it again—attorneys throughout New York State are stepping up to the pro bono plate these days. Now is the time to see if your library can enlist an attorney familiar with municipal, education, employment law, even if it is just to take a fresh, hard look at your final product. If you can’t find that attorney, you can ask for a referral from your local bar association.
By assembling the documents listed in this answer, and identifying your priorities and concerns in the chart, you’ll help that attorney help your library. In addition, I welcome questions from local attorneys who are helping their local libraries pro bono; they can reach me at email@example.com, or my library paralegal Jill at firstname.lastname@example.org.
As the member’s excellent question suggests, the more unified and well-developed the response of libraries can be, the more we can avoid challenges, and focus libraries’ energy on the business of serving the public. Sadly, the need for that energy will be great.
Thank you for giving me the opportunity to answer this very important question.
 Like a writers’ group saying: “Forget it. We’ll just meet at Starbuck’s.”
 For instance, if a patron brought a legal action under ADA, and the library reached a compromise it is legally bound to follow. Most libraries will not be subject to any such restrictions, but I want to ensure they aren’t forgotten.
 In my experience, unless the law mandates that you have one (for instance, certain libraries must, under the Education law, have an internet access policy) suspending a policy is also the way to avoid inviting arguments with people who will try and word-smith your temporary adjustments. As a lawyer, I do enjoy a good quibble, but there’s a time and place for it, and debating when a writer’s group can get back in the community room might not be the best use of energy right now.
 It really sounds like I am picking on this writer’s group! I’m not, we’re a fan of writer’s groups in my law firm (they produce writers, who are part of our client base). I think it’s just that in my mind everyone is, at this mid-May point, is very eager to resume normal social activity. I know I am. Meeting on Zoom is like eating low-fat olive oil.
 This is not a legal tactic tested on the bar exam. I learned this from my mentors at Niagara University, where I served as General Counsel for ten years. When legal strategy was proposed, their first thoughts were always about how it would hit the very real people involved.
 One of my favorite quotes about this phenomenon is from Parks and Recreation: “So what I hear when I am being yelled at is people caring loudly at me.”
 My poor staff. They just got used to New York being divided into nine library council districts, and 23 public library system districts. Val, our keeper of the “library map,” should be getting danger pay.
Can a library prevent someone from coming into the library if they refuse to wear a mask? I know that library behavior policies would need to be broadened to include mask-wearing. Are libraries required to provide a mask for the public - and what if a person wears the mask improperly - can they be asked to leave?
New York has numerous “types” of libraries, serving a diverse array of locations. All of them are empowered to take the steps needed to serve their communities safely.
For libraries who want to do just that—knowing it will be a vital part of their community’s response and recovery—here is how to enact and enforce the use of appropriate personal protective equipment (PPE).
Assess your library’s status under the current Executive Orders. Does your library regard itself as exempt from the Orders due to status as a governmental entity (like a school)? Or has your library been operating under compliance with the 100% workforce reduction…and thus, subject to further such restrictions (or them being eased)?
If your library is subject to the Executive Orders, linking your policy to future Orders is a good idea. That’s why you’ll see that as a variable in the template, below. And if your library concluded it didn’t need to follow them, well, that part doesn’t apply to you.
Assess what operations your library will resume. Will you resume lending books, but restrict reading rooms? Will you encourage curbside pickup, or perhaps lower your building capacity to ensure social distancing?
This step assumes that the return to full services might be incremental—but with the resumption of services tailored to the needs of your community. It is where the customization kicks in.
Once your library has confirmed which activities will resume, select the appropriate safety protocols for those operations.
This is why this will not be an exercise in one-size fits all. Some libraries may decide to expand reading rooms or acquire additional electronic devices to loan. Some will need masks, some may need gloves, and others might adopt different safety measures. What’s important is that the measures be tailored to the activity.
As a starting place for that selection, I really like this function-centered guidance from OSHA:
NOTE on this guidance from OSHA: While the common thinking might be that libraries are primarily “customer service” environments (as the term is used by OSHA), many libraries have back end and programming operations that are even more interactive and tactile than retail. That’s why I like OSHA’s approach for this—it sorts COVID-19-related safety practices by function (of course, ALA and other library-specific resources will further distill and assess these resources for libraries).
If the option is available to your library, I strongly recommend confirming your library’s operational choices and related safety practices with your county health department. Your local health officials may even have some thoughts about unique considerations for your locality (after all, that is their job). This is also a great way to show the public that your library has thought these measures through thoroughly, that your choices are rationally related to your activities, and that they have credentialed back-up.
As the member writes, once you have selected your operations and confirmed your safety measures, add the measures (temporarily) to your library’s Code of Conduct.
Here is a template policy for doing that (variables are in yellow, including whether or not your library must abide by the current Executive Orders):
The [Insert] Library is committed to serving its community during hard times and good.
The year 2020 has brought unprecedented challenges to our nation, state, and area of service.
To continue serving our patrons during this difficult time, while placing the health and safety of our community at the forefront, the Library Board of Trustees has adopted the below Temporary Safety Practices Policy.
The safety measures in this policy have been confirmed with the [Insert] County Health Department.
The board’s authority to adopt these measures is found in our charter, bylaws, New York Education Law Sections 255, 260, 226, 8 NYCRR 90.2, and Article 2 of the Not-for-profit corporation law. We also consider it our duty to develop these measures to keep our services accessible at this time.
Staff at the [Insert] Library have the authority to enforce these measures like any other of the Library’s Rules. Concerns about this policy should be directed to [Insert name]. Thank you for honoring these measures, which are designed to keep our community safe, while allowing access to the library.
[Insert Library] Temporary Safety Practices
Scope of Temporary Safety Measures
The [Insert] Library operates per relevant law and Executive Orders, including those pertaining to mandatory workforce reductions. Therefore, the temporary practices in this Policy may be further modified as needed to conform with relevant Orders.
Until the board votes to revoke this temporary policy, only the following routine activities may be performed on site at the library:
Until the board votes to revoke this temporary policy, the library will require all people on the premises to abide by the following safety practices:
[based on activities and confirmed safety practices, including but not limited to use of particular PPE, insert]
In the event any safety requirement is not practicable on the basis of a disability, please contact [Insert name] to explore a reasonable accommodation.
To aid the community in honoring these requirements, the Library will transmit this policy through social media, and use a variety of health authority-approved, age-appropriate, multi-lingual and visual means to transmit this message in a manner consistent with our mission and our identity as a welcoming and accessible resource to the community.
Code of Conduct
Adherence to these practices shall be enforced as a requirement of the Library’s Code of Conduct until such time as this temporary policy is revoked.
In developing this guidance, I have considered the long line of federal cases related to the library access (starting with Kreimer v Bur. of Police).
New York has a vivid array of people devoted to civil liberties, and there is a chance a community member could feel that conditioning library access on temporary protective measures adopted in the interest of public health could violate First Amendment or other rights. This is why careful consideration of what operations your library will resume, and enforcement of only those safety measures related to those operations (steps 1 and 2), are so critical.
The First Amendment tests of such measures will vary based on the circumstances, but the goal of combining a clear policy with well-documented, informed decision-making, good communication, and the backup of health authorities, is to avoid the need for such legal testing in the first place!
As with all things template, the suggested language above should be modified to fit your unique library. If there is a local attorney versed in First Amendment and municipal law, this is a good time to bring them in to review your final product. The town attorney for your municipality will have had to address similar First Amendment/safety concerns (and is probably doing a lot of that right now), so they might be a good pick.
And now, with all that as background, to address the members’ specific questions:
Can a library prevent someone from coming into the library if they refuse to wear a mask?
Yes (but follow the steps above).
Are libraries required to provide a mask for the public?
No (but hey, it would be nice, especially if you can get them donated).
And what if a person wears the mask improperly - can they be asked to leave?
Yes (but take care to consider any implications under ADA; some people might need to use alternate PPE).
Thank you for a great question. I wish you safe operations as you serve your community.
 Whatever your library decides should be consistent with its analysis in any decision to apply for the Paycheck Protection Program, or other aid.
 Of course—especially as the mother of a Type1 diabetic and Gen Xer with parents almost 80— as a finishing place, I like a world where we no longer need to socially distance, maniacally sterilize, and use PPE…but we don’t know when we’ll get that world.
 I like writing guidance for libraries because at a certain point, you can assume they know how to find the type of resources one is describing. It’s like telling a lawyer that something is in the penal law—I assume they can just find what I’m talking about.
 Citation: 958 F2d 1242 [3d Cir 1992]
 A recent good example of how First Amendment tests can turn on precise circumstances can be seen in Wagner v Harpstead, 2019 US Dist LEXIS 220357 [D Minn Nov. 12, 2019, No. 18-cv-3429].
 This First Amendment concern is less critical for association libraries, but since such libraries also have a vested interest in maximizing access to their areas of service, it’s a good exercise for them, too.
 I do run on, I know. Occupational hazard.
 Here is a good resource for ADA and COVID-19: https://askjan.org/blogs/jan/2020/03/the-ada-and-managing-reasonable-accommodation-requests-from-employees-with-disabilities-in-response-to-covid-19.cfm
[I work at the library of a public university.] Every year we have requests from students in Media Arts program to videotape in the library. They ask me to grant permission. I do not feel comfortable granting permission for others to be filmed.
Do students in the library have a right of privacy that would prohibit filming them as they go about their normal business in the library?
We would like to have a written policy.
The images would not be used for commercial purposes, just as an academic assignment.
When this question landed on my desk, I had recently watched a viral video on YouTube about how some people have no "inner monologue".
The video explained, in plain and accessible terms, that there are people who, rather than internally narrate their world, don't have constant chatter in their heads. They don't have an "inner voice." Rather, their brains "map" their reactions to the world, and those reactions are only put into words through vocalization.
The reason the video went viral is because for those of us with a strong inner monologue, the idea of living without one was mind-blowing.
My brain was still wrestling with this concept ("You mean there is no narrator in your head? None??"), when I read the member's question.
And when the question hit my brain, just like that, I got it.
When I read this question, I didn't hear the words, but I saw the answer. I couldn't articulate it, but it was there: a Venn Diagram of overlapping legal concerns, "mapped out" in my head, just like the video described: CPLR 4509; FERPA; NYS Image Rights Law.
Only after I had mapped out that diagram in my head could I unpack the details and start to compose.
So, before we delve into the question, I want to thank the member for inspiring a bit of neuro-diverse-empathy in yours truly. Our brains are endless mysteries; it's good to occasionally see ourselves differently.
And with that, here is my "(Academic) Library Right to Privacy Venn Diagram," unpacked and articulated, and, per the member's request, set out in a "Policy" format, ready to customize for your academic library.
(NOTE: Why are there TWO policy templates? Because people may have a context-specific first amendment right to film in a public library or the library at a state university, while at a private academic library, only the rules of the institution will apply):
[PRIVATE COLLEGE/UNIVERSITY NAME] Policy on Academic Library Privacy
[FERPA Compliance Policy,
Student Code of Conduct,
Patron Code of Conduct,
Campus Guest Policy,
Institutions' Data Security Policy]
Version: DRAFT FOR CUSTOMIZATION
Passed on: DATE
Positions responsible for compliance
FOR USE IN PRIVATE COLLGES AND UNIVERSITIES
The state of New York provides that library records containing personally identifying details regarding the users of college and university libraries ("Patron Records") shall be confidential, except to the extent necessary for the proper operation of the library.
To safeguard this right, the [NAME] library will observe the below protocols.
No Patron Records, including but not limited to circulation records, computer searches, information requests, inter-library loan requests, or duplication requests, shall be disclosed, unless 1) upon request or consent of the user; or 2) pursuant to subpoena, court order, or where otherwise required by statute.
The use of security footage showing access to library resources (computers, collection materials, duplation technology) is considered to be a Patron Record. NOTE: As authorized by law, the Library may release such records incident to promoting proper operation of the library.
No recording of library users by any third parties is authorized on the premises without the filmed individual's express consent. This includes recording for academic, professional, or social purposes.
To the extent Patron Records overlap with FERPA-defined education records, the Library shall interpret the law to provide maximum assurance of the privacy of the library user, while also reserving the right to promote the proper operation of the library.
[PUBLIC COLLEGE/UNIVERSITY NAME] Policy on Library Privacy
[FERPA Compliance Policy
Student Code of Conduct
Patron Code of Conduct
Campus Guest Policy
Institutions' Data Security Policy]
Version: DRAFT FOR CUSTOMIZATION
Passed on: DATE
Positions responsible for compliance
FOR USE IN PUBLIC COLLEGE AND UNIVERSITIES
The state of New York provides that library records containing personally identifying details regarding the users of public college and university libraries ("Patron Records") shall be confidential, except to the extent necessary for the proper operation of the library.
In New York, libraries at state, county and municipal institutions may have specific status under the Open Meetings Law and various civil rights laws, but such status does not eliminate their obligations under CPLR 4509, nor limit patrons rights to access services without fear of that record being accessed by another.
To safeguard this right, the [NAME] library will observe the below protocols.
No Patron Records, including but not limited to circulation records, computer searches, information requests, inter-library loan requests, or duplication requests, shall be disclosed, unless 1) upon request or consent of the user; or 2) pursuant to subpoena, court order, or where otherwise required by statute.
The use of security footage showing access to library resources (computers, collection materials, duplation technology) is considered to be a Patron Record. NOTE: As authorized by law, the Library may release such records incident to promoting proper operation of the library.
Individuals or representatives from the media who wish to make recordings in the unrestricted areas of the library must adhere to the following rules:
To avoid inadvertent violation of these rules, individuals or representatives from the media who wish to make recordings in the library may, but are not required, to discuss their projects with the Director; however, neither the Director nor staff can give permission to waive this policy or give permission to record patrons or students.
Conduct that would be barred by any other policy is not legitimized by the presence of a recording or transmitting device; this includes harassing patrons or staff, or any behavior that violates the rules of the institution.
To the extent Patron Records overlap with FERPA-defined education records, the Library shall interpret the law to provide maximum assurance of the privacy of the library user, while also reserving the right to promote the proper operation of the library.
Now, before I go, just a few words on working with these policy templates.
First and foremost, while templates can be a great starting place (and these are designed to inspire generative conversation), they should NEVER be adopted without a thorough analysis and scrubbing by your institution.
For instance, a public or private academic institution could already have a campus-wide policy on filming people. Or, on the flip side, the institution could have a strong Media Communications or Film department that relies on being able to send students out onto the campus for filming; a policy like this, with no warning, could cause an unnecessary confrontation. Policies within smaller units at a big institution can cause inconsistency and friction that can be hard to anticipate, unless you bring in some colleagues to pass the policy with.
The Director of the Library (I trust the reason why is obvious), and at least one staff member (the staffer will provide an in-the-trenches perspective; plus, collaborating on that policy is great training for following that policy).
The Director of Campus Safety/Security/Police. Why? Because 1) they might have to help enforce the policy; and 2) it is important that they understand the privacy obligations of the library. Further, at a public institution, they will likely be a ringer who understands the nuances of "quasi-public" space (for first amendment concerns).
The Dean of Students: Why? Because 1) they might have to help enforce the policy; and 2) it is important that they understand the privacy obligations of the library are for the benefit of the students.
The Director of IT: Why? Because 1) it is important that they understand the privacy obligations of the library; and 2) they must ensure those obligations are supported by the institution's current and future information technology.
A student government rep: Why? Because 1) it is important that students have a voice in policies that are meant for their benefit; and 2) students can help articulate the reasons and importance of policies in ways their peers can relate to. Bonus reason: participating will look good on their apps for grad school!
The institution's lawyer and/or compliance director: Why? Basically, you want the person who keeps an eye on all the rules at your institution, to make sure they are harmonized and are consistent with each other. Institutional policymaking cannot be done in isolation.
Optional, but a gold-star member: your institution's Family Rights Education Act (FERPA) compliance officer (for a discussion on how FERPA and library privacy obligations interact, see https://www.wnylrc.org/ask-the-lawyer/raqs/67.).
And, in the case of this member's question: the Chair of the Media Arts Department: because as you meet, you can explore setting up ways for the film students to get the permission and image releases they need, in a way that supports their projects but respects the rights of others…skills they will need in "real life."
Okay, I can hear some of you (in my inner monologue!) saying: that's a huge meeting! Do I really need to convene all those people?
Based on my experience as an in-house counsel at a University (ten years or so), my answer is: YES.
Why? Because you don't want your first discussion about privacy with Campus Safety to take place when they ask you for the internet search records of a student who was reportedly making a weapon in his dorm room. You don't want your first discussion about privacy with the Dean of Students to occur when they demand to know if a student was in the library at the time they are accused of driving drunk across campus. You don't want your first discussion about privacy with a student rep to be when a "first amendment auditor" shows up at your public university campus. And you don't want to jeopardize your relationship with the IT Director by finding out she set up security cameras you don't know about.
And most critically: Privacy, security and safety on any college/university campus are a collaborative effort, and your library deserves special consideration within that effort. Why?
No other space on campus has your precise mission and obligations. A team that knows and supports that mission, and those obligations, can be a great asset.
This is true whether your library's commitment to access and privacy is fully articulated by the team members' constant inner monologues, or is simply hard-wired into the "maps" in their heads.
By jointly working on a policy, and paying attention to the details, either is possible.
Thanks for a great question, and best wishes for developing a strong, coordinated, customized policy!
 NY CPLR 4509, FERPA, Civil Rights Law §50, the first amendment, 20 U.S.C. 1011(a), and a bunch of laws on trespass, Public Officers Law, etc.
 I'm a lawyer, so I am very happy about the concept of "necessary confrontation," but I like to save people time and stress whenever possible.
 This is not the place to dissect the first amendment's impact on public college/university libraries (see next footnote), but for the record, the "Higher Education Opportunity Act" emphasizes that ALL higher education institutions should be a place for "the free and open exchange of ideas."
 That said, an on-campus Health Services facility, Campus Counseling, Records, or other place with confidentiality obligations will have similar needs that might be instructive.
 I would like to apologize for any painful pseudo-science in this "Ask the Lawyer." Stupid viral videos.
What is the order of due process in a local library for employees?
Which laws/policies apply most in advocating employee rights?
Please let me know.
Wow, what a great question: what is the hierarchy of laws impacting the employment conditions of librarians?
The laws impacting the employment conditions of librarians are a complex logic tree with many branches. When I consider the amount of laws, and the permutations….
For a lawyer practicing in both library and employment law, this question is the equivalent of someone handing a librarian a huge box of materials while asking: “Can you catalog these, then use them in a ‘Library Employee Rights’ display for the lobby?”
I can’t wait to curate the display, but first, let’s take a look at what’s in the “library employment law” box. We’ll take them in rough order of hierarchy/priority.
The first item in the box is a huge, grubby tome that lawyers, even younger ones, use every day (if they are at a firm owned by a crusty Gen X lawyer): Black’s Law Dictionary.
A legal dictionary is in the collection because, although no lawyer would ever litigate an employment law matter based solely on a dictionary definition, legal concerns often turn on precise word meaning, and employment law certainly does. In fact, there are at least three different legal definitions of the word “employee” that apply to library-related issues.
The second is not a book, but a collection of CD’s containing a huge database. What’s on the database? It’s the “common law”—a body of case law and rulings that can influence how black-letter laws work together. The “common law” is a body of shared language and precedent that can influence (sometimes heavily) legal decisions. It is often the glue that holds legal decisions together.
And now, for a few volumes that are far less esoteric:
The Fair Labor Standards Act (“FLSA”): Among many other things, this is the law governing who must be paid overtime when they work more than 40 hours in the standard work-week.
Federal Civil Rights Laws: This is a compendium of laws governing rights protecting people under the jurisdiction of the USA from discrimination. It includes the Civil Rights Act and the Americans With Disabilities Act.
The New York Human Rights Law: This is a compendium of laws governing rights protecting people from discrimination in New York. It includes protections on the basis of religion, sexual orientation, gender expression, prior conviction and pre-disposing genetic characteristics (among many other things). It is why your library recently adopted a sexual harassment report form.
New York Labor Law & Regulations: Among many other things, this is the law that mandates one unpaid break every six hours for certain hourly employees.
New York Civil Service Law: Among many other things, this is the law governing the hiring, advancement, compensation scale, discipline, and termination of most public library employees.
Federal Laws Governing Benefits: This is a compendium of laws governing employee benefits in the USA. It includes a law called ERISA, and the Affordable Care Act.
The New York Laws Governing Employee Benefits and Protections: This is a compendium of laws controlling unemployment insurance, workers’ compensation for work-related injury, insurance for non-work-related injury, retirement benefits, and most recently, the Paid Family Medical Leave Act.
New York Education Law & Regulations/New York Not-for-Profit Corporation Law: These laws are combined in one handy volume to create the rights and duties of a chartered library, and its governing board (who, within a framework of laws, are the ultimate decision-makers regarding employment at their library).
Local Civil Service Rules: Based on New York’s “Municipal Home Rule Law,” many of the details of Civil Service-controlled employment practices can change from county to county (and municipality to municipality).
Local laws: Some municipalities adopt local law to create further protections for employees. These laws cannot be contrary to state, federal, and county law, but can expand employee rights further.
Random Authorities: This book is a vivid graphic novel depicting numerous opinions by the Equal Employment Opportunity Commission (“EEOC”), the U.S. Department of Justice, the National Labor Relations Board, the New York State Comptroller, the New York Attorney General, the New York Committee on Open Government, and the New York Commissioner of Education, regarding matters impacting library employees. One delightful example of this is an intricate decision by the State Comptroller about how much money could be spent on a party for volunteers.
And finally, some really cool, custom works are in the box…
A Choose-Your-Own-Adventure novel called A Journey Through Your Charter and Bylaws.
Why is this a choose-your-own-adventure? Because while neither a charter nor bylaws can change the above-listed law, the “type” of library an institution is chartered as will impact if and how those laws apply. And within the framework set by those laws and their application to your library, it is the board—whose composition and functions are controlled by the charter and bylaws—that is the ultimate party responsible for hiring and firing of employees, which sets the stage for all other employment-related actions.
A collection of scrolls labelled “Contracts.” This could be as simple as a contract with an Executive Director or Book-keeper, or as complex as a “Collective Bargaining Agreement” with an employee union. It is important to note that while a contract can create a great many additional rights, it cannot be contrary to the Charter and Bylaws, nor any of the laws listed above (UNLESS there is not an “exception” in the law, allowing it to be altered by the terms of a collective bargaining agreement, and if your library type means they apply).
And finally, the most valuable part of the collection: a weird device, rather like a flour sifter, that says in big, bronze letters on its handle “IT DEPENDS.” What does this screen do?
It tells you which laws apply to which libraries, in which order of priority, under which circumstances. When applied properly, this allows you to create…
Your Institution’s Employee Policies, drafted to comply with the law as it applies to your library, and to support your unique charter and mission. Such policies should be routinely re-assessed to ensure continued legal compliance and support for your library’s key objectives (like attracting, retaining, and developing the best staff possible).
In other words—and in direct response to part of the member’s question—the purpose of policy is to articulate and apply the law as it governs your library. No policy should ever contain a provision contrary to a governing law or regulation. This is why policy must be routinely assessed, revised, and updated.
And that’s the collection.
At this point, I imagine the member who asked this question might be feeling: Whoa, information overload!
Let me show you my display, here….
You probably thought it was going to be a tree, right? Nope. It’s a finely balanced array of media stacked to look like librarian assembling a sculpture of…a librarian.
Why is that?
No other entity created by law(s) has the type of support, mandates, restrictions, and—yes—latitude under the law that libraries do. Yes, libraries operate with a strict framework created by the laws and regulations listed above, and operate within exacting mandates…but within that framework, libraries have almost limitless discretion with policies. That is how they function and evolve as reflections of their communities.
That said, certain things fundamental, and cannot be trumped by much. Here are a few (with links to the laws that back them up):
How does this play out?
Let’s take breaktimes as an example.
In New York, employees have to take a break every six hours. It’s the law. In my office, when a paralegal gets so into the project they don’t want to stop, I have to order them to take a break. (at which point they do, because otherwise…irony).
Now, how I choose to support my employees as they take their break is up to me, and may become a matter of policy. Do I supply a break room? Do I have a fridge and a policy/procedure for keeping the break room clean and the fridge free of mold? All of those things are discretionary—and to govern the details, I might have a policy that goes beyond the minimum. But here is where things get complicated: If an employee doesn’t follow the policy, I may need to follow rules set by Civil Service to discipline them. But if I am selectively enforcing the policy in a discriminatory way, state or federal civil rights law could govern. Or perhaps the employee will first file a union grievance, which we’ll have to arbitrate…
And that is the hierarchy of employment law. It’s not really a heirarchy…it’s more of a fractal pattern. The good news is, library leadership gets some say in the pattern.
What shape does your library pick?
 If I were the sort to write via emoji, I would be using the icon for “Mind. Blown.”
 That’s me.
 There is a definition for purposes of liability, a definition for purposes of compensation, and a definition for purposes of copyright ownership of employee work product. And yes, they are all slightly different.
 “Black letter” laws are those “embodied in…statutes.” Thanks, Black’s Law Dictionary! (Centennial Edition)
 Due to changes in 2018.
 This opinion is here: https://www.osc.state.ny.us/legal/1990/legalop/op90-63.htm. The final decision? “A public library may sponsor a recognition dinner for volunteer library workers, but may not sponsor a party for the senior citizens of the sponsor municipality or school district..
 This “screen” is either a lawyer, an HR professional, a civil service professional, or a library system or council working with one of those to support your unique operations.
 And more….so many, many more…
 In layman’s terms, this means you are protected in the event you are sued for just doing your job.
 I was lucky enough to attend an excellent presentation by authors of this Guide at the 2019 NYLA Conference.
 My team is great! Every employer should have this problem.
With the NYS Shield Act taking effect in March 2020 what changes or precautions should libraries be thinking about to comply with the law and minimize the risk of data breaches?
There are many technical aspects to this question, and this answer will explore many of them. But first, I invite each reader to sit back, close their eyes, and envision the types of information their library takes in, maintains, or manages digitally.
Name…address…phone number…e-mail…library card number and account information. Perhaps a driver’s license, or other photo ID. Credit card information? Job applicant information, payroll, and employee data…. Donor information. Survey responses. Licensed lists. Content related to digitization. And (of course) every digital record related to a library’s core function: providing information access.
Now envision what someone with less-than-ethical intentions could do if they accessed or appropriated that digital information:
Disclose confidential library records…sell active credit card information on the dark web...use the information to design a very convincing phishing scheme….
And I bet you can easily think of more.
Scary? You bet it is. This is the type of risk-management New York’s lawmakers had in mind when they enacted the SHIELD Act, a far-reaching amendment to the state’s laws governing data security.
And as the member points out, the changes will impact your library.
So, what does this law require?
And here is where we get technical. Because the law will hit different types of institutions differently, this “Ask the Lawyer” can’t give you a word-by-word recital of the precise obligations the SHIELD Act will impose on your institution. But it can give you a plain-language DIAGNOSTIC FORM to help your board, your director, and your (internal or external) IT team a tool to start assessing your obligations.
So here, without further ado, is the ‘ASK THE LAWYER’ SHIELD ACT DIAGNOSTIC FORM. If you have a buddy to fill this in with, I suggest you invite them to help, this is not the type of exercise to do alone.
[NOTE: Any member of a library council in the State of NY is licensed to make a copy of this form for diagnostic purposes. However, THIS IS NOT INDIVIDUALIZED LEGAL ADVICE and no legal conclusion about the obligations of your institution should be made without the input of a lawyer. That said, filling this out will help that lawyer help you a lot faster.]
Does your library collect electronic versions of “personal information” as defined by SHIELD?
Here is the definition of “personal information”:
"Personal information" shall mean any information concerning a natural person which, because of name, number, personal mark, or other identifier, can be used to identify such natural person.
If your library collects “Personal information” as defined by SHIELD, it may be subject to SHIELD’s requirements.
So, if you marked “yes,” keep going!
Does your library’s network or equipment collect electronic versions of “private information” as defined by SHIELD?
Here is the type of data that, when combined with “personal information” becomes “private information” protected under SHIELD:
(1) social security number;
(2) driver's license number or non-driver identification card number;
(3) account number, credit or debit card number, in combination with any required security code, access code, [or] password or other information that would permit access to an individual's financial account;
(4) account number, credit or debit card number, if circumstances exist wherein such number could be used to access an individual's financial account without additional identifying information, security code, access code, or password; or
(5) biometric information, meaning data generated by electronic measurements of an individual's unique physical characteristics, such as a fingerprint, voice print, retina or iris image, or other unique physical
representation or digital representation of biometric data which are used to authenticate or ascertain the individual's identity; or
(ii) a user name or e-mail address in combination with a password or security question and answer that would permit access to an online account.
If your library collects “private information” as defined by SHIELD, it may be subject to SHIELD’s requirements.
So if you marked “yes,” keep going!
(NOTE: if any libraries out there are using biometric records like retina scans in place of library cards, please let me know, because that is Bladerunner-level cool).
Does the “private information” your library collects include information from residents of New York?
If your library collects “private information” relating to New Yorkers, it may be subject to SHIELD’s requirements.
So if you marked “yes,” keep going!
Is your library part of a larger institution such as a school, college, university, museum, religious institution, or hospital?
If the answer is “yes,” then STOP.
Your work on SHIELD ACT compliance should be coordinated with your full entity, who should be sensitive to not only your library’s obligations under CPLR 4509, but your institution’s obligations under SHIELD and other data security laws like FERPA and HIPAA.
Don’t go rogue!
Does your institution contract with another entity, like a library system, to maintain private information?
EXAMPLE: When a person applies for a library card, does the personal information supplied stay on the local library’s network, or does it simply flow through a terminal at the local library to a system’s network? This is a very common arrangement in NY.
If “yes” list and attach the contracts, along with the information maintained by the contractor.
This question applies to both parties.
If the answer is “yes,” gather the contract(s) governing the arrangement(s), and be ready to check the contracts for assurance of SHIELD compliance. This includes assurance of “reasonable security requirements,” and a clause governing data breach notification.
Now, aside from information maintained on another entity’s network as listed in #5 above, (library system, payroll service, credit card service provider, etc.) does your institution maintain any computer system with private information?
If yes, list the information gathered and where it is maintained:
If the answer is “no,” you only have to follow step #7, below.
If the answer is “yes,” make an appointment with your IT team, and be ready to do steps #7 through #15, too.
Contract compliance check:
If you answered “yes” to #5, above, the contracts governing that relationship would be clear about SHIELD Act compliance, including the notification procedures for data breach.
Who is the person at your institution who will do this work with your contractors?
This is a smart step because contract vendors must meet this standard:
Any person or business which maintains computerized data which includes private information which such person or business does not own shall notify the owner or licensee of the information of any breach of the security of the system immediately following discovery, if the private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.
Okay, so it looks like my institution has to comply with the SHIELD Act. What does that mean?
Any person or business which conducts business in New York state, and which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New York state whose private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.
So, does your institution have a policy for data breach notification?
Your institution may already have one! If so, it should be updated to reflect the changes in the law.
If it doesn’t have one, now is a good time to get a policy in motion.
The law lists the steps and requirements for notification. Among other things, those requirements can depend on the size and nature of the breach.
NOTE: a data breach response is something a library should respond to with a qualified IT team and, if there are concerns about liability and compliance, a lawyer and your insurance carrier.
Any person or business that owns or licenses computerized data which includes private information of a resident of New York shall develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information including, but not limited to, disposal of data.
Does your institution have a policy to implement these “reasonable security requirements?”
Your institution may already have one.
If so, it should be updated to reflect the changes in the law.
If it doesn’t have one, now is a good time to get a policy in motion!
NOTE: ***I have put the SHIELD Act’s criteria for a data security program next to three asterisks in the text following this form.
Thirdly, are you a small library and feeling panicked about your security requirements?
Don’t worry, if you’re a “small business,” the law has a provision related to your obligations.
Here is the SHIELD Act’s definition of a “small business”:
"Small business" shall mean any person or business with (i) fewer than fifty employees; (ii) less than three million dollars in gross annual revenue in each of the last three fiscal years; or (iii) less than five million dollars in year-end total assets, calculated in accordance with generally accepted accounting principles.
So (deep breath) are you a “small business?”
If the answer is “yes,” then your “reasonable security requirements” are tempered:
…if the small business's security program contains reasonable administrative, technical and physical safeguards that are appropriate for the size and complexity of the small business, the nature and scope of the small business's activities, and the sensitivity of the personal information the small business collects from or about consumers.
This analysis is why having an inventory of the private information maintained by your library (or for your library) is critical; depending on the “sensitivity” (or use) of what you maintain, your plan can adjusted for what is “appropriate.”
Just to reiterate: if you have gotten this far into the assessment diagnosis, you should probably have a “data breach” plan—even if it is just for coordinating with the entity who holds most of your data.
So: do you have a “Data Security and Data Breach Notification Policy and Procedure?”
As can be seen in the factors cited in the sections above, policy and procedures related to data security and data breach notification cannot be a cookie-cutter based simply on what other libraries do. Your policy and practices will be governed by many factors.
Are you insured for data breach and recovery?
This is a great question to ask your insurance carrier! You should also be familiar with their notice requirements in the event of a hack or breach.
Who at your institution is responsible for coordinating your data security program?
This responsibility should be confirmed in a job description and reinforced with regular training. Working with your system or other larger supporting entity may be important, too.
Who are your outside contractors assisting with emergency response in the event of data breach?
This is a good standing contract to have, and one that systems and councils might consider jointly negotiating for on behalf of members (and hopefully it is a service you never need to invoke!).
Did you ever think, when you chose a library career, you’d get to moonlight in IT?
IT and libraries: two great tastes that go great together….with enough planning.
And that’s the SHIELD Act.
How does a small not-for-profit tackle this expansion of data security laws? Like anything else: inventory your status under the law, establish a goal for compliance, develop a budget and a plan, make sure the responsibility is appropriately allocated, confirm insurance coverage alignment, use all the resources at your disposal (your system, council, insurance carrier, and board members who have lived through data breach compliance) and get it done.
In practical terms, this is also means:
The penalties for violation of the SHIELD Act are $5,000 per violation, in an action brought by the New York Attorney General (the law doesn’t create a private right to sue). Other changes to the law make it easier for the AG to learn of data breaches, and to coordinate with other law enforcement agencies trying to combat them. As we envisioned at the beginning of this article, the states for a breach are high.
But don’t worry. No matter where your diagnosis falls, remember: libraries have been operating under heightened privacy obligations since before there were computers. That mindset—awareness of an ethical duty to protect privacy--is the most important part of a program to minimize the risk of breaches.
You’ve got this.
Thanks for a great question.
***A data security program includes the following:
(A) reasonable administrative safeguards such as the following, in which the person or business:
(1) designates one or more employees to coordinate the security program;
(2) identifies reasonably foreseeable internal and external risks;
(3) assesses the sufficiency of safeguards in place to control the identified risks;
(4) trains and manages employees in the security program practices and procedures;
(5) selects service providers capable of maintaining appropriate safe-guards, and requires those safeguards by contract; and
(6) adjusts the security program in light of business changes or new circumstances; and
(B) reasonable technical safeguards such as the following, in which the person or business:
(1) assesses risks in network and software design;
(2) assesses risks in information processing, transmission and storage;
(3) detects, prevents and responds to attacks or system failures; and
(4) regularly tests and monitors the effectiveness of key controls, systems and procedures; and
(C) reasonable physical safeguards such as the following, in which the person or business:
(1) assesses risks of information storage and disposal;
(2) detects, prevents and responds to intrusions;
(3) protects against unauthorized access to or use of private information during or after the collection, transportation and destruction or disposal of the information; and
(4) disposes of private information within a reasonable amount of time after it is no longer needed for business purposes by erasing electronic media so that the information cannot be read or reconstructed.
 “We just need your bank information to refund your library fees since 1987 with interest!”
 SHIELD stands for "Stop Hacks and Improve Electronic Data Security".
 Why? Well, if you’re lucky, it’s because it will be boring. But chances are, it will be all too exciting, as you discuss the different types of data your library maintains and explore the data security obligations that come with it. And if that happens, you’ll need one person filling in the form, while the other one looks up information—and you’ll both want someone to share your sense of urgency when it’s over.
 NOTE: This is a huge change in the law, which used to only apply to businesses in New York. Now it applies to any business that collects the information of New Yorkers; a big difference and one that impacts businesses out-of-state.
 Institutions subject to HIPPAA have special provisions to ensure disclosure obligations aren’t redundant.
Is it legal for libraries to ban smoking on all of their owned property rather than 100 feet from entrances?
Not only is it legal, but it is required by law.
When the new provisions of New York’s Public Health § 1399-o first went into effect June 19, 2019, “Ask the Lawyer” got a question about enforcement, so we wrote a guide for implementation.
While hopefully the “guide” has been useful (it warmed my heart to see one library getting media coverage for putting up signs with wording I suggested), it might be easy to miss the actual heft of this law as we think about the details of implementation.
So here, without too much distracting commentary, is the text of the new law:
Smoking shall not be permitted and no person shall smoke within one hundred feet of the entrances, exits or outdoor areas of any public or association library as defined in subdivision two of section two hundred fifty-three of the education law; provided, however, that the provisions of this subdivision shall not apply to smoking in a residence, or within the real property boundary lines of such residential real property. [emphasis added]
Seems pretty straightforward to me…“outdoor areas” as in: the outside (with an exception for nearby residential properties).
Despite this straightforward language, since I wrote the “guide,” we have gotten some questions from members stating that their local health department claims they will only enforce compliance within 100 feet of exits and entrances.
This feedback really concerned me. First, it is contrary to the plain language of the law. Second (but really first), libraries are finding new ways to reach out to the public every day; this includes outdoor programming. “Outdoor areas” of the library serve the public, too.
So, inspired by this latest question, and the feedback we’ve received, I called my local Erie County Department of Health, and reached Rob Tyler, who works on smoking enforcement.
Rob and I had a nice chat about how sometimes the language in these laws can be open to interpretation, but this seemed pretty clear. But then he suggested: “You should probably call the State. They are one ones who can give guidance on the law.”
So, after thanking Rob for his time, I called the General Counsel’s Office at the New York State Department of Health, and was directed to attorney Megan Mutolo.
Megan also agreed with me on the plain language of “outdoor areas.” That said, she urged me to urge libraries to build a relationship with their county health departments so libraries are ready to enforce the new law together.
This is good advice from Megan. Since New York tries to encourage “municipal home rule,” as much as possible is left to local officials from within a particular community. This means that local health departments can have their own take on the new law…one that you can discuss with them while forming a meaningful alliance.
So, to the “helpful tips” in the “guide,” inspired by this question, I add: Consider making a connection with your local health department, and reviewing the precise language of the new law together. Many departments, if they have not given the new law a careful review, might overlook the requirement about “outdoor areas.” But that language is there, and when read in context, is very clear—as is the library’s obligation to enforce this law.
Thanks for your question!
 Here’s to you, Saratoga Public Library!
 As but one example, the Buffalo and Erie County Public Library’s Central Library has a great new “Reading Garden” in downtown Buffalo.
 NOTE: I called both these people on a Friday afternoon. Not only did I get quick answers, but they were friendly, too! I guess you don’t go into health law unless you really care about people.
 My words, not Megan’s.
 I know they have enough on their plate already, but this might be something a library system can help with.
My question is: do public libraries have any legal obligation to collect emergency contact information for children (age 17 and under) attending library programs without a parent or caregiver present/on the premises? Our library is located on the campus of a school district, and we have access to the school district's library automation system, in addition to our own, so we could easily and quickly locate contact information for the parents/caregivers of children who attend our programs in the event of a medical or other type of emergency situation. We already have an unattended minor policy as well. Our Library Board wants to make sure that we are in compliance with both Federal and New York State law on this issue. Thank you.
This question is rather like asking an astronautical engineer: When on a spacewalk, are there any safety procedures specifically related to securing my helmet as I exit the airlock?
Such a question could inspire an initial reaction like: Safety concerns? In SPACE??? Blazing comets, the safety concerns start the moment you blast off!
But upon reflecting on the actual question, the calm, composed answer might be: “To ensure integrity of the pressure garment assembly, double-check the neck-dam’s connection to the helmet’s attaching ring.”
Lawyers get this way addressing questions related to children and liability. Our first reaction is to think about everything that can go wrong. But then we calm down and focus on the specific issue at hand.
So, here is my calm, composed answer to the member’s very specific question:
There are two potential instances where a public library offering a program for unaccompanied minors might be obligated by law to collect emergency contact information.
If the program the library is hosting is a camp required by law to have a “Safety Plan,” applicable regulations arguably require that the library gather the child’s emergency medical treatment and contact information.
If the library is paying a child performer as part of an event, the law requires that the library must collect the child performer’s parent/guardian information before the performance.
Other than the above instances, while such a practice may be required by an insurance carrier, a landlord, or event sponsor, there is no state law or regulation that makes collecting emergency contact information a specific requirement of a public library.
I do have two additional considerations, though.
“Emergency contact” information provided by the parents/guardians, in a signed document drafted expressly for your library, is generally the best course of action when welcoming groups of unaccompanied minors for events not covered by your library’s usual policies.
I write this because Murphy’s Law (which is not on the bar exam, but remains a potent force in the world) will ensure the one time there is an incident at your youth program, the district’s automation system will be down.
Which brings us to the….
Libraries and educational institutions sharing automation systems must make sure that such data exchange does not violate either FERPA (which bars educational institutions from sharing certain student information), or CPLR 4509 (which bars libraries from sharing user information).
Emergency contact information maintained by a school is potentially a FERPA-protected education record. If FERPA-protected, it is illegal for any third party—such as a public library—to access it unless there is an agreement in place with certain required language AND the library’s use of the information is in the students’ “legitimate educational interests.” 
Of course, given the right circumstances, meeting these criteria is perfectly possible. In fact, such agreements can be a routine part of a school’s operations. But just like with a space helmet before leaving the airlock, its best to confirm that everything is in place before you take the next step.
Thanks for a thought-provoking question.
 I imagine aeronautical engineers swear like the rest of us, but I like to image they sound like characters Golden Age comic books.
 Thanks, NASA.gov!
 I know this question isn’t really about camps, but libraries do host them. And since the NY State Health Department’s template for a licensed camp’s “Safety Plan” includes eliciting emergency contact/treatment info, I have to include this consideration. For a breakdown of what types of camps requires licenses, visit https://www.health.ny.gov/publications/3603/
 This is a requirement of Title 12 NYCRR § 186-4.4. Since the library would also need said child performer’s license to perform, this requirement would not likely be missed! I also appreciate that this example is on the far side of what this question is actually about.
 Call your carrier to check. They may even have preferred language for your library to use when crafting registration documents.
 The definition of “education records” under FERPA (and its many exceptions) is here: https://www.ecfr.gov/cgi-bin/text-idx?rgn=div5&node=34:184.108.40.206.33#se34.1.99_13. Interestingly, a student’s name, phone number, and address—three critical components of an emergency contact form—are potentially not FERPA-protected “education records” as they may be considered “directory information” if specifically listed in a public notice from the school, as required by FERPA Section 99.37. FERPA violations can turn on these small details!
 What language is that? Under FERPA Section 99.31, an educational agency or institution may disclose such information to another party (like a library on its campus) if that party is: 1) performing a function for which the school would otherwise use employees; 2) the library directly controls the contractor’s use and maintenance of the records; and 3) the contractor is required to not further disclose the records. This formula can also be found in the link in footnote 4.
 Who says that simile can’t make a second appearance?!
I need clarification about the IRS regulations on 501c3 organizations. A local political group asked to use our meeting room space for a 'meet the candidates' event, a library trustee thinks this is not compliant with the "The Restriction of Political Campaign Intervention by Section 501(c)(3) Tax-Exempt Organizations" https://www.irs.gov/charities-non-profits/charitable-organizations/the-restriction-of-political-campaign-intervention-by-section-501c3-tax-exempt-organizations
I think our meeting room policy is very out of date and restricting access to the room based on content of the meeting violates 1st amendment rights, as outlined by ALA: http://www.ala.org/advocacy/intfreedom/librarybill/interpretations/meetingrooms
No staff are involved in this event, we have not helped plan it and it was made clear on all the publicity the political group put out that the library is only the venue, we are not hosting, this is not a library program.
This answer comes with many disclaimers, because the legal parameters of room access and rental at chartered libraries in New York is variable territory. In other words: the answer can depend on the library’s “type” (set by its charter), its fundamental rules (found in the bylaws), its IRS status (the “501 (c)(3) mentioned by the member”), its day-to-day rules (controlled by policies), its lease (not all libraries own the space they occupy), and any deed restrictions (although deed restrictions on the basis of speech would bring concerns).
That’s right: education law, not-for-profit corporation law, tax law, real property law…this question has it all!
That being said, the member’s question centers on federal tax law; specifically, the library’s 501(c)(3) status, which not only makes the library tax-exempt, but allows it to receive tax-deductible donations. This status is an important fund-raising asset, and its many conditions (including not engaging in politics) cannot be taken lightly.
Here is what IRS Publication 557, the go-to for creating a tax-exempt entity, has to say about political activity:
If any of the activities (whether or not substantial) of your [501(c)(3)] organization consist of participating in, or intervening in, any political campaign on behalf of (or in opposition to) any candidate for public office, your organization won't qualify for tax-exempt status under section 501(c)(3). Such participation or intervention includes the publishing or distributing of statements. Whether your organization is participating or intervening, directly or indirectly, in any political campaign on behalf of (or in opposition to) any candidate for public office depends upon all of the facts and circumstances of each case. Certain voter education activities or public forums conducted in a nonpartisan manner may not be prohibited political activity under section 501(c) (3), while other so-called voter education activities may be prohibited. [emphasis added]
Like many guides from taxing agencies, this one is superficially helpful (I put that part in bold), but upon examination, employs a disclaim that gives very little concrete guidance (I underlined that part). So, what’s a library with a spare room to do?
As alluded to in both the member’s question and my opening paragraph, this question doesn’t turn solely on the IRS. Any 501(c)(3) library that rents or allows free use of space should have a robust “Facility Use Policy” that considers not only IRS regulations, but safety, equal access, and operational priorities (requiring users to clean up after their meeting, to not be noisy, to respect the space). For a library in a municipally-owned building, care must be taken to ensure use fees are applied in a way that does not violation the NYS Constitution. And for a library that rents, the Facility Use Policy must harmonize with the lease.
But the member’s question is about 501(c)(3). So, having established that this consideration is but one of many when giving access to or renting space, here are the three things to consider when a 501(c)(3) rents or gives access to space:
1) Rental income needs to be a very small percentage of the library’s revenue.
Section 501(c)(3) requires that income from renting space can’t outweigh donations and other sources of income related to the library’s tax-exempt purpose. This is something to discuss with the library’s accountant; while rental income isn’t barred, it can bring funding ration and tax consequences that warrant the attention of a professional.
2) The use of the space can’t “inure” to the benefit of any one company or individual.
Section 501(c)(3) also requires that a qualifying organization’s resources can’t directly benefit any one person or entity more than the general public. For example, free use of the spare room by a person conducting a stained-glass workshop with an admission fee (even a nominal one), can be considered an “inurement.” 
3) As raised by the member’s trustee, the use of the space cannot violate the bar on lobbying (influencing legislation) and political activity (supporting a particular candidate for office).
And as reviewed, Section 501(c)(3) bars political activity (as further defined in the excerpt from 557, above).
“Ask the Lawyer,” has had some fairly large answers, but I don’t have space to address every occurrence that could run afoul of the bar on “political activity.” But what about renting space, on the same terms as to any other entity, to an event like the one described by the member?
Here is what the IRS has to say:
Can a section 501(c)(3) organization conduct business activities with a candidate for public office?
A business activity such as selling or renting of mailing lists, the leasing of office space or the acceptance of paid political advertising may constitute prohibited political campaign activity. Some factors to consider in determining whether an organization is engaged in prohibited political activity campaign include:
a. Whether the good, service or facility is available to candidates in the same election on an equal basis,
b. Whether the good, service or facility is available only to candidates and not to the general public,
c. Whether the fees charged to candidates are at the organization’s customary and usual rates, and
d. Whether the activity is an ongoing activity of the organization or whether it is conducted only for a particular candidate.
When developing a Facility Use Policy, if a library is a 501(c)(3) charitable organization, and wishes to be able to rent space to (among others) political organizations for event, the above-listed factors should be built right into the policy.
Here is some sample language (some of it will sound familiar):
As a 501(c)(3) organization, the NAME library does not participate or intervene, directly or indirectly, in any political campaign on behalf of (or in opposition to) any candidate for public office depends upon all of the facts and circumstances of each case. Therefore, the use of space in our facility by political organizations or for partisan political events is only available on the same rental terms as for the general public, and is subject to a rental fee that is charged equally to any political group or other individual or group. NOTE: Certain voter education activities or public forums conducted in a nonpartisan manner may qualify for a fee waiver, just as do other free and open events conducted by a charitable entity for the benefit of the public.
So, what about the member’s scenario? In the absence of a spot-on facility use policy, I suggest the following process:
If the library’s past practices make following those three steps too blurry, it is best to take a pass on this precise event, and take the time to develop an up-to-date and thorough Facility Use Policy that considers the types of uses the library will allow, and how and when it will charge for them. There are many good models out there to draw inspiration from, but before the board passes such a policy, it would be good to have it reviewed by a lawyer (who has ready the charter, bylaws, other policies, lease, deed, and any other relevant documents).
The member’s library is fortunate to have leadership that is thinking about both the first amendment and safeguarding the organization’s tax status. Good work. No matter what the final decision, awareness and commitment to these values serves your community.
 The member has stated their policy might not be suited to addressing this situation. We’ll tackle that in a bit.
 If this just caused a stab of panic because your library let’s an instructor host a “Yoga for Seniors” class for a minimum fee to the instructor, don’t worry, this event can happen…you just have to do it right.
We have a pretty exhaustive personnel policy on the use/limits of use of Library technology and property, both for compliant work-related purposes and for personal purposes.
What we do *not* have, and are wondering if we should, is a policy that speaks to the permitted (or restricted) uses of *personal* phones and similar devices while at work.
The question has come up because of supervisors needing to repeatedly remind staff to not use personal phones while on the public service desk, without having an explicit "policy" to fall back on.
On the surface, this is a simple issue: if people are using their cell phone for personal use on the job, a simple policy to stop the use should solve the problem, right?
Not these days.
As technology continues to transform the workplace (and the world), “cell phones away, please,” is not as easy as it once was. People use their cell phones to monitor health, track their steps, and get emergency calls from kids at school. Some may even use their cell phones to save their lives, serve as a witness to illegal activity, and exercise their right to free speech.
Many of these functions depend on the proximity of the person to the phone (or the watch that connects them to it), and because of this, cell phones are becoming extensions of the people who own them. So a policy to keep them stowed and away, or secured in a locker, can be met with resistance.
Here are a few examples of how this “resistance” can play out on the job:
As can be seen, many of the reasons to keep a cell phone on one’s person are compelling; other uses may not be. And many of reasons/uses overlap with other library policies.
The goal, of course, is not to bar an employee from important connections and a tool for their well-being, but to make sure the use of personal electronics does not distract from the library’s professional environment and employee productivity (even on a slow day). To achieve that, there are two broad solutions: 1) rely on a collection of policies to address the variety of purposes for personal cell phones while at work; or 2) create a catch-all policy.
In a work environment where consistency for staff members is critical for professionalism and productivity, I prefer a combination of both. What does that combination look like?
It starts with policies for:
…which should all allow for appropriate use of personal cell phones and electronic devices. This doesn’t mean the policy has to mention cell phones specifically—just have enough flexibility to address them.
At the same time, assuming the above-listed policies harmonize with it, creating a specific “Policy on Use of Personal Cell Phones and Electronics,” as proposed by the member, can help employees and management navigate these issues in a rapidly changing world.
Here is an example of such a policy:
[INSERT LIBRARY NAME] Policy on Personal Use of Cell Phones and Electronics
The mission of the [INSERT LIBRARY NAME] depends on employees maintaining a professional, productive environment.
To maintain that environment, use of personal cell phones and electronics should only divert employees from work duties in the case of an emergency.
To achieve this, cell phones and personal electronics should be stored in a carrier, purse, or pocket where the screen is not visible during work time, and watches synched with other electronics should not divert employees from work except during designated breaks in designated break areas.
Sudden personal emergency needs that require use of a cell phone or other personal electronics should follow the established procedures for use of break time and personal time.
Use of cell phones and personal electronics for ADA accommodations, FMLA arrangements, personal emergency, and personal safety needs are exempted from this policy, and should be arranged on a case by case basis with a supervisor per the relevant policy.
As with most HR policies, this one sounds simple, but can be complex to administer. The need to be flexible and allow some cell phone use (especially ADA use, the basis of which may be confidential), can cause seeming inconsistency in enforcement. To address this, employees must be sensitized to the fact that some people may depend on a personal devise for an authorized (and confidential) use, while at the same time be given the clear message that keeping in touch with social media and personal contacts during work time is not allowed.
As technology puts pressure on the norms of society, it is important to draw (and re-draw) reliable and clear boundaries…especially in the workplace. So should a workplace have a policy on personal cell phones? Done right, and with due consideration of the law, it can help.
Thanks for a timely question.
 There are electronic devices and apps that enable sharing of blood glucose levels at all times; it’s both cool, and terrifying, since if blood glucose is too low, a child can faint, and if too high, a child’s blood can become toxic.
 Do not use stock language to create an employment policy without having a lawyer review the final product. Union contracts, local laws, other policies, current handbook language, and work conditions can all impact what a catch-all employment policy can look like.
The new NYS smoking ban in regards to public libraries states that smoking is banned "within 100 ft of all entrances, exits and outdoor areas”. Does that mean all of the library property including the parking lot and grassy areas attached to other grassy areas? e.g. [A nearby business]’s property line abuts our property line a few feet from their building and their staff stand in that area to smoke. On three sides of our property line the 100 feet includes a road and commercial enterprises across the streets.
This member is thinking ahead!
Starting June 29, 2019, any space within a 100-foot perimeter around a public or association library, including adjacent businesses, is subject to a state-wide smoking ban. The sole exception is residential properties (inside and out).
Any person or business violating this new ban may be subject to a $2,000 fine.
This new law is part of Section 1339-o of New York’s Public Heath Law. It reads:
Smoking shall not be permitted and no person shall smoke within one hundred feet of the entrances, exits or outdoor areas of any public or association library as defined in subdivision two of section two hundred fifty-three of the education law; provided, however, that the provisions of this subdivision shall not apply to smoking in a residence, or within the real property boundary lines of such residential real property.
This is a powerful new law, and it has many libraries thinking about implementation.
As the member’s question illustrates, complying with, taking advantage of, and rolling out this new law may take some effort—as well as some tact and diplomacy.
Here are some tips for a graceful transition (and how to not ignite the fuse of nearby, non-residential smokers and their landlords):
First, some new signage can go up, alerting people to the impact of the new law. Per Public Health Law Section 1399-p (“Posting of Signs”), smoking signage should meet the following requirements:
“Smoking” or “No Smoking” signs, or “Vaping” or “No Vaping” signs, or the international “No Smoking” symbol, which consists of a pictorial representation of a burning cigarette enclosed in a circle with a bar across it, shall be prominently posted and properly maintained where smoking and vaping are regulated by this article, by the owner, operator, manager or other person having control of such area.
Signage to assist with compliance should add “…within 100 feet of this boundary. NY Public Health Law 1399-o.”
Second, it might be helpful to amend or create library’s policy on smoking so it states:
Per Section 1399-o of New York’s Public Health Law, it is forbidden to smoke within 100 feet of library property (except for residential properties). To promote compliance, the library will maintain signage consistent with Section 1399-p of that law, and will work with impacted neighbors to enforce and encourage compliance with this law.
Third, a simple plan of outreach to “impacted neighbors,” can help your library collaborate on compliance (instead of waiting for a clash of employees or customers). This is not a legal requirement, but it is the type of law-based, thoughtful, pro-active rollout can forge and maintain healthy neighborhood relations.
Part of such a “Smoking Ban Rollout Plan” could include a letter such as:
Dear [Non-residential Neighbor within 100 fee of library property]:
As you may know, effective June 19, 2019, New York’s Public Health Law makes it illegal to smoke within 100 feet of a public or association library like the [NAME] Library. The sole exception to this law is a residential property.
As you can see on the attached map, your property is within 100 feet of the library’s. Please let us know of any concerns you have about alerting your [employees, customer’s, etc] to the requirements of this new law. Please also let us know who we may contact it the event of a concern.
Our board and library staff are working to alert everyone and make sure our transition to this new law goes smoothly. [We are installing new signage, as well.] If you need to discuss any aspect of this, please contact [name] and [number or email].
Thank you for your consideration!
Your friends at the [NAME] Library
Any contact with neighbors should bear in mind that under the law, certain facilities (ironically, hospitals and residential health care facilities) are allowed to “designate” a smoking area on otherwise-non-smoking premises (this might be the scenario in the circumstances described by the member). Further, if a business or person can allege an “undue hardship,” they can request a waiver of a smoking ban under Section 1399-u. Since you don’t want a confrontation to spur a request for a waiver, “friendly outreach” is a good tone to strive for.
And finally, it is good for your library to consider that enforcing a smoking ban can cause a lot of stress, and use up a lot of director and staff energy. Think about it: Librarians already have to be on the lookout for illegal porn use, opioid overdoses, and destruction of library property. Now they have to patrol for neighborhood smoking, too? That’s a lot of social work for someone who just wants to help the world find information.
For those moments, in addition to your library policy, a short statement endorsed by the board, for staff can hand out, might be helpful. Something like:
Consistent with New York’s Public Health Law (Section 1399-0), there is no smoking allowed within 100 feet of the [NAME] library. Thank you for supporting New York State’s public health initiative, and helping our library honor this law. –The Board of the [NAME] Library
When facing a needy smoker, backup from both the state, the law, AND your board can be a great morale booster.
Libraries should also note: while Section 1339-o of the Public Health Law bars smoking AND vaping in many areas, this new library-specific section (section 6) bars only SMOKING (and yes, under the law, “smoking” and “vaping” are distinguished. “Smoking” means “the burning of a lighted cigar, cigarette, pipe or any other matter or substance which contains tobacco.” “Vaping” means “the use of an electronic cigarette.”). So in addition to the compliance steps outlined above, get some binoculars, so you can be ready for some precise enforcement!
So that’s it. Libraries needing to check their property line maps to establish their 100-foot perimeter can use their property survey and the county’s tax maps (this is also how you can check for a property’s actual owner, in addition to simply observing and notifying their tenants).
I wish every public and association library in New York smoke-(but not vapor)-free property lines!
 From the relevant county health department, or, in some places, another designated enforcement official.
 Yes, this law uses almost the entire alphabet.
 I was a smoker in the 90’s. I quit around Y2K, but I still remember the feeling of being an addict needing to smoke…it can make you act grumpy to even a very nice librarian.
 At some point I will check JSTOR to see if there is hard info as to why vaping within 100 feet of library is somehow better for the public health than smoking.
 The definitions are in Section 1399-n.
My library has long been in the practice of charging what we often refer to as a "research fee" or "consulting fee." I am familiar with some libraries who have a similar practice, but wonder if it's legal for us to charge an hourly rate for work done by volunteers? The workflow has always been as follows: a reference request is received by the Librarian, a determination of whether the question is appropriate for our collection is made, then the work is delegated to a volunteer. In general, we've never taken on a job of over 2 hours, and most questions relate to our genealogy collections / searching vital records.
It is well established that a not-for-profit organization can benefit from volunteer labor. This is true even when the labor brings the organization tangible benefits, like the money from a bake sale, or as in this case, a research fee.
But when using volunteer services and charging a fee, a library (or any chartered not-for-profit) in New York must engage in a systematic analysis to ensure the arrangement is in step with numerous laws and regulations. How can a library, museum, or archives do this?
Follow the three-step process below.
First, identify the services the institution would like to provide through volunteer labor.
This is rather like writing a job description or hire letter. An example based on the member’s scenario could look like this:
Under the general oversight of [paid position] in [department], the Research Volunteer performs specific research tasks related to personal requests by [institution] members and other users. These tasks are not to routine operations of [department], but benefit the public and [institution] by serving members and others in a way directly related to [institution]’s mission to [insert mission], as well as raising revenue in support of that mission.
Your hours and participation as a Research Volunteer are voluntary, but we do ask that you work with [person] to coordinate your time; this will enable us to support your work, and keep things organized. This work is a valuable service [institution] can only provide through the services of volunteers, and we thank you for your dedication and hard work!
The essential elements of this first step are:
You’ll see why these are important in the Steps Two and Three!
Next, check your organization’s founding laws, charter, founding documents, bylaws and plan of service (I call these “core rules”) for any terms that apply to the service you defined in Step One.
Look at the laws and documents. Is there something preventing the institution from charging a fee for this specific service? Is there any cap on that fee?
This exercise will vary greatly from institution to institution, since many variables can impact what’s in the “core rules.” Here are just a few examples:
A public library could never charge a member to borrow a book or to use the internet, because Education Law Section 262 requires that public libraries be free (to cardholders).
For a private library, its charter could contain an express rule that certain services must remain free—a restriction that might not be found in the law, but could be just as enforceable. A similar condition could be in its bylaws, or a donation document.
And if an institution is a 501(c)(3), care must be taken to make sure the revenue generated by the service is “substantially related” to the institution’s not-for-profit mission, or the institution could risk having to pay “unrelated business income tax.” The service should also be reviewed to ensure it is not an “excess benefit transaction” or a non-disregarded membership benefit. A mis-step on any one of these could have serious tax consequences.
When doing the “Step Two” analysis, it is ideal to confirm your conclusions with a lawyer.
Once an institution uses Step Two to confirm it can charge for a service, it is time to return to your description from Step One and make it official, by putting the scope of work and details in a “Volunteer Letter.”
Why so formal? Because in recent years, the State of New York has cracked down on enforcement of quasi-volunteer, or just plain muddy, instances of volunteer labor at not-for-profit institutions. This has even included examining perks and partial payments to volunteers!
Why is that? While not-for-profit volunteering is unequivocally allowed, like anything, the system can be abused. To avoid that, and to create clarity in these critical relationships, the New York Department of Labor has issued some pretty strict guidelines, such as:
Unpaid volunteers at not-for-profits may not:
Sound familiar? This is where the work you did in Step One pays off! By identifying the work as part of a “Volunteer Program,” clarifying that the service is offered through the hard work of volunteers (and never paid staff), and that there is no compensation to the volunteer, your documentation will be ready to show compliance in the event the Department of Labor audits your institution (which, from time to time, they do).
Volunteers can be critical contributors to an organization. If allowed by your organization’s core rules, a not-for-profit can absolutely benefit from the fruits of their labor. By following the steps outlined above, and setting the relationship up carefully, a not-for-profit (and its volunteers) can reap great rewards.
The essential element of this is clear documentation. A letter to every volunteer, stating their role, the rules of the position, that it is not replacing or supplementing paid staff, and thanking them for their service, will position an organization to easily demonstrate compliance.
A quick annual check with the institution’s insurance carrier, to make sure volunteers and their activities are covered by the institution’s insurance, is wise, too.
Thanks for a great question!
 A trust, endowment, deed, or other founding document that may also impose conditions on the entity.
 Per IRS Publication 526, the following 501(c)(3) membership benefits can be “disregarded” (not considered a taxable benefit) if a member gets them in return for an annual payment of $75 or less. These “benefits” can include any rights or privileges that a person can use frequently while you are a member, such as: a. Free or discounted admission to the organization's facilities or events, b. Free or discounted parking, c. Preferred access to goods or services, and d. Discounts on the purchase of goods and services. [emphasis added]
 Since volunteers can be critical contributors to the work environment, they should attend the annual sexual harassment training put on by your library, and be trained along with the employees.
A community member is interested in gathering at the library for a non-staged, dramatic reading of a play published in the UK in 2016. The idea is offered as a potential library program, though it could also be viewed as a separate community meeting without library sponsorship. It is my rough understanding that, regardless of whether an audience is brought out for the performance or not, regardless of who is 'sponsoring' it, this would be in violation of the creator's (who is still alive) copyright claim to the work. Further, that the library would most likely be the liable party.
Am I right?
This question has two parts: 1) liability for copyright infringement based on a live reading (without staging) of a dramatic work; and 2) liability for events at library facilities.
Let’s tackle part 1 first.
Section 110 of the Copyright Act sets out a number of exceptions for educational and charitable use of copyrighted works. Unfortunately, “dramatic works” (plays) are largely excluded from those exceptions. So while Section 110 is generous (for instance, there is a total exemption from liability for performance of non-dramatical musical works at horticultural fairs!), “performance” of dramatic works (even without staging) is not as excused as other types of use.
The other exception that could apply to the member’s question is of course “fair use.” I won’t take up too much of this “Ask the Lawyer” to discuss that option, since the event described here does not sound like it would meet the criteria. 
For this reason, any library or venue asked or planning to host a reading of a dramatic work—even without staging it, even without charging admission—should be very cautious. Unless there is a confirmed exemption under 110 (which would be for classroom use, or for a performance for people with visual impairments), or a documented “fair use” under 107, proper licensing should be obtained.
And now for part 2.
Most libraries have some form of policy, and maybe a “facility use contract,” allowing groups or individuals to use their space. Some charge a small rental fee, others do not. Some have express restrictions on use by businesses or political groups, others do not.
What’s important to the member’s question is that any use of library facilities should be governed by clear, uniformly applied, mutually-understood terms that:
When it comes to copyright, this last part is essential, since the copyright law allows for “vicarious” liability that can include “innocent” (meaning, they didn’t know about it, or didn’t instigate it) infringers.
This is what the last Congressional committee amending the Copyright Law has to say about “vicarious liability” for performances:
Vicarious Liability for Infringing Performances.
The committee has considered and rejected an amendment to this section intended to exempt the proprietors of an establishment, such as a ballroom or night club, from liability for copyright infringement committed by an independent contractor, such as an orchestra leader. A well-established principle of copyright law is that a person who violates any of the exclusive rights of the copyright owner is an infringer, including persons who can be considered related or vicarious infringers. To be held a related or vicarious infringer in the case of performing rights, a defendant must either actively operate or supervise the operation of the place wherein the performances occur, or control the content of the infringing program, and expect commercial gain from the operation and either direct or indirect benefit from the infringing performance. The committee has decided that no justification exists for changing existing law, and causing a significant erosion of the public performance right.
As a not-for-profit institution, a library may have some more defenses than the average night club owner, but there is still a threat of liability.
So how do venues reduce the risks posed by “vicarious” liability? Often, they ask the main performer, or the entity renting the facility, to “indemnify” the venue for any liability related to the performance. To ensure they are actually protected, they also demand a certain amount and type of insurance, and require that the venue be a “named insured.”  Later, if they are sued for an infringing performance, the venue will invoke the indemnity, and be defended by and have their damages paid by the renter or performer.
So, to recap, the following factors are potentially relevant to both parts of the member’s question:
This assessment of risks and ways to mitigate them is called “risk management,” and the member’s question is a great example of how to start the process. So, what was that question again?
…regardless of whether an audience is brought out for the performance or not, regardless of who is 'sponsoring' it, this would be in violation of the creator's (who is still alive) copyright claim to the work. Further, that the library would most likely be the liable party.
Am I right?
Except for would changing “the liable party” to “a liable party”: yes, the member is correct…there is a risk. How can this assessed risk be managed? One of four ways:
Thank you for your careful question!
Exeunt lawyer, stage left.
 For a thorough discussion on that, I recommend the Congressional “Notes,” to section 110 of the Copyright Act, found at https://www.law.cornell.edu/uscode/text/17/110. These are exceptions education and information management professionals should know.
 See Section 110(6) of the Copyright Act. NOTE: The exemption extends only to the governmental body or nonprofit organization sponsoring the fair…the on-site concessionaires do not benefit from the exemption. Not fair.
 That said, it is possible that a live reading of a dramatic work could be a “fair use.” For instance, if a group wanted to use excerpts from six plays to illustrate varying depictions of a certain archetypes in drama—something that requires a partial performance of each work to make its point—that could be a “fair use” requiring no permission. But such a use would need to be more than a simple reading of the play, and the overall performance would need to be carefully assessed to show it met the four “fair use” factors.
 That’s a whole other column!
 For those of you out there who have booked a convention at a hotel or conference center, this might sound familiar (and tedious) to you. But this type of protection allows business to get done.
We are a school district public library, and a governmental entity, considering crafting a policy relating to debts discharged in bankruptcy, if the library is named as a creditor.
Are replacement costs for library materials exempt from or subject to discharge of debt? Overdue fines?
Fees levied in an attempt to recover materials (i.e. collection agency fees)? (We do not submit overdue fines to collection agencies, only the replacement costs of materials, in an attempt to recover them)
Are we allowed to impose restrictions on borrowers whose debt has been discharged, if they have not returned materials owned by the library? For example, can we deny loans to a borrower until they return library materials, or pay for them, if the debt has been discharged; or can we limit the number of items loaned for a period of time?
The following is an example of a such a policy. Is it problematic?
The Library will comply with Discharge of Debtor decrees by bankruptcy courts. Once the library is notified that a bankruptcy has been filed, collection activity is suspended on the customer’s account and on the accounts of any minor children (to the extent that the charges existed prior to the date of the bankruptcy filing) until the library is notified of the outcome.
Cardholders who have:
Only charges owed to The Library as of the date of the decree will be waived. Fines and fees incurred after the period of time covered by the bankruptcy proceedings are not covered by the discharge document and will remain on the borrower’s account and those of any minor children.
Thanks for any guidance!
Before we get to the nitty-gritty on this question (and we will), let’s reflect on why libraries charge fines and replacement costs in the first place:
And always, lurking in the background, is the notion that fines and replacement costs are an alternative to the most under-utilized section of the NYS Education law, the criminal provision in Section 265:
Whoever wilfully detains any book…belonging to any public or incorporated library…shall be punished by a fine of not less than one nor more than twenty-five dollars, or by imprisonment in jail not exceeding six months…..
So far, I have not had a client use their “one phone call” to let me know they have been arrested on an “265,” but the possibility is never far from my mind.
Of course, no one picks a library career to pursue their dream of arresting people who love (and lose) books. And, although less draconian, I bet no one picks a library career for the joy of assessing late fees. That said, library materials costs money, and people can be irresponsible about returning items to the library. So what’s an institution to do?
Some libraries are experimenting with no-fine models, since fines can have a disproportionate impact on those in poverty. Others have great success with routine “amnesty” days and other creative ways to take the sting out of returning books late. And still others want to make sure that the traditional model is as streamlined and legally compliant as possible. That is what the member’s question is about.
A “bankruptcy discharge policy” is a logical component of a library’s approach to fines, replacement costs, and efforts to collect them. It addresses the potential “dischargeability” (wiping out) of library fines when a person seeks the protection and “fresh start” created by bankruptcy. It can also help libraries (and their collection agencies) follow the law, which gives people seeking bankruptcy very specific protections.
Before we address the member’s specific questions about adopting such a policy, it is important to take a moment to reflect on (legal) language. This is because there is a basis to argue that overdue fines and replacement costs, while valid conditions of having a library card, might not qualify as typical commercial “debts;” this could mean that in many cases, libraries owed fines and replacement moneys might not be precisely “creditors.” This is pointed out in the 1997 case Riebe v. Jeurgensmeyer, where the judge writes:
The origin of this federal case is a minor's failure to return a library book. In 1995, Elizabeth Riebe, a minor, borrowed a library book from the St. Charles Public Library ("the Library"). The due date came and went without Ms. Riebe returning it. The Library waited. After Ms. Riebe failed to return the book for six months, the Library retained Defendants [a collection firm] to write to her parents ("Plaintiffs") requesting payment of $ 29.95.
Addressed to Plaintiffs, the letter, as Plaintiffs see it, implied that they, or their daughter, could be arrested and imprisoned for intentional theft of public library property. Attached to the letter was a copy of the provisions of the Illinois Criminal Code. Rather than paying the $ 29.95 or at least returning the book, and thereby putting the matter to rest, Plaintiffs filed a complaint in federal court, alleging that Defendants' letter violated the Fair Debt Collection Practices Act ("FDCPA"), 15 U.S.C. § 1692, et seq.(1996).
In ruling that the FDCPA doesn’t apply to attempts collect library fines (and thus that the library could not be liable for the zeal of their collection agency under the FDCPA) federal Judge Charles R. Norgle (who clearly esteems libraries) wrote:
Here, there was no initial "business dealing" creating an obligation to pay, only an obligation to return a library book. In theory, this may have created some type of contract, but not in the context of a "business dealing" as contemplated by the FDCPA, e.g, the purchase of consumer goods or services. … Rather, the borrowing of a library book is a public privilege that largely depends on trust and the integrity of the borrower. [emphasis added]
Now, the FDCPA is not the Bankruptcy Code, and it is possible that a person seeking relief from debt under the Code and might be able to reduce or completely discharge their fines and replacement charges from a library. But for over twenty years, Riebe has been cited as good law, so it is possible that this view of library fines and replacement costs as something more fundamental that a business debt could carry over.
I emphasize this because it means some types of library fines and costs might be dischargeable, but others, since they are not consumer “debt” in the traditional sense, might not.
So, with all that, let’s get to the nitty-gritty:
Are replacement costs for library materials exempt from or subject to discharge of debt? Overdue fines?
Because of the factors cited above, there can be no one-size-fits all answer to this! It will depend on a few factors. Under certain circumstances (replacement costs, fines connected to vandalism or wanton theft) the court might rule that what’s owed to the library is not a “dischargeable” debt. But that might not be the case for the average family declaring bankruptcy because they got swept at the knees due to illness or job loss, and who might have additional hardships to show to the court. As with many things in bankruptcy, it will depend on the circumstances.
Fees levied in an attempt to recover materials (i.e. collection agency fees)?
I would argue that imposing additional administrative costs for retaining a collection agent risks transforming the library-patron relationship described so well by Judge Norgle in Riebe. In doing this, the likelihood of the costs being dischargeable increases. But again, it will depend on the underlying nature of the fine or cost. Someone who checked out 10 DVD’s on their first week as a cardholder and never returned them might have a tough time proving that the costs aren’t the result of theft (and thus non-dischargeable).
Are we allowed to impose restrictions on borrowers whose debt has been discharged, if they have not returned materials owned by the library? For example, can we deny loans to a borrower until they return library materials, or pay for them, if the debt has been discharged; or can we limit the number of items loaned for a period of time?
Regardless of where your board may fall on its philosophical approach to fines and collections, any time a cardholder declares bankruptcy, all efforts to collect fines or replacement costs should cease. Critically, this means if borrowing privileges are only suspended due to unpaid fines, borrowing privileges should immediately be reinstated. On the flip side, suspension due to unreturned materials (for which no replacement cost is being charged) can continue.
The most important thing, as the member suggests, is to respect the process when your library is notified of it. Any library, or agent of a library, who gets a notice that a cardholder is filing bankruptcy should cease all financially-related sanctions. If there are extenuating circumstances (let’s say the amount owed is related to an act of vandalism, or failure to return 50 full-color art books) refer the matter to library’s attorney, or alert the bankruptcy trustee, who might contest discharge under the precise factors of the bankruptcy code.
With all that in mind, I suggest some alternative language for a policy, which would addresses both the human aspect of bankruptcy, and some of these subtleties:
Bankruptcy Discharge Policy
The Library understands that sometimes people must seek relief from debt in bankruptcy and are entitled to a “fresh start” after such relief is obtained.
Cardholders seeking a discharge in bankruptcy of moneys owed to the library should notify the library of having filed for bankruptcy.
Once the library is properly notified that a bankruptcy has been filed, the library and/or its agent will immediately cease contacting the cardholder about the financial amount(s) owed.
The library shall then evaluate its response to the notice. In making such an evaluation, the nature of the conduct leading to any fines, costs, and suspended privileges will be considered. In particular, but not exclusively, the discharge of any costs related to wanton destruction or significant failure to return borrowed items may be contested.
After notice of filing, but prior to discharge, if borrowing privileges are suspended solely on the basis of unpaid fines and replacement costs, borrowing privileges will be immediately reinstated; borrowing privileges suspended on the basis of unreturned items, for which no replacement cost is sought, will remain suspended.
To ensure all charges are listed on the bankruptcy schedule, the cardholder or their attorney may contact the library to request a statement of account at any time; such contact must be in writing so there is no risk of the library appearing to have violated the bar on collection activity. An attorney or trustee requesting this information on behalf of the cardholder must include permission from the cardholder as required by CPLR 4509.
The library supports that people seeking relief in bankruptcy are entitled to a “fresh start” after the discharge of debt(s). Upon presentation of a “Discharge of Debtor” listing the library, all moneys owing shall be removed from the cardholder’s record, up to the date of discharge, for the cardholder and any minor children in the family.
Further, if replacement costs are discharged, the library will not regard the failure to return the corresponding item as a basis to bar reinstatement of borrowing privileges.
Late returns or losses after the date of discharge will be subject to routine policies, including fines and suspension of borrowing privileges.
This approach both maximizes the potential for a bankruptcy discharge to be the compassionate re-set of the cardholder’s account it is intended to be…while taking into consideration that not all charges might be worthy of discharge (which is up to the bankruptcy court to decide).
Thank you for this careful question.
 United States District Court for the Northern District of Illinois, Eastern Division, October 31, 1997.
 The member’s question states that the library is a “government entity,” an assertion that is potentially relevant under the Bankruptcy code. Without making this response pages longer, I will simply state that I don’t believe a public library has quite the same status governmental entities do under the Bankruptcy Code; however, as shown in Riebe, libraries can occupy a unique position that should inform their approach to this issue.
Our library has a number of older Environmental Impact Studies (both draft and finals) which are taking up space, and we were wondering if we could discard them. Can a library make its own retention schedule for these or do libraries need to keep these for a certain amount of time so the public can access them?
If we can make our own retention schedule, do you have a recommendation as to how long they should be kept?
Draft and final Environmental Impact Studies (or “EIS”) must be accessible during the “public comment” period of a construction or remediation project. After that, a library can discard them.
For readers who aren’t familiar with these documents: EIS are mandated reports that show the complete scope of possible “significant negative environmental impacts” certain types of projects can have. They are produced by a project’s “Lead Agency” (generally a major figure in the project), who must ensure that copies of both draft and final EIS are made available to the public for a period of “public comment.”
To comply with these disclosure requirements, the Lead Agency must both post the EIS on the internet, and provide a hard copy upon request. As an alternative to providing on-demand hard copies, environmental regulations also allow the Lead Agency to place copies of an EIS “in a public library…,” where they must be available for viewing and copying during the public comment period (which is a minimum of 30 days, but can go much, much longer).
This “public comment” period is critical. When done right, it enables clarity and transparency even when a project’s approvals span multiple agencies (like zoning boards, preservation boards, and a legislative body). This allows the average citizen to provide timely comments about on things like environmental hazards, land use, historic preservation, and design. So the role of the library in ensuring public access is valuable.
As the member’s question appreciates, EIS can have value even after the “public comment” period is closed. Long after a project is complete, an EIS can reveal site conditions relevant to health and safety. For professionals like urban planners, environmentalists, architects, and attorneys, the information in an EIS can be very useful. And from the local history perspective, an EIS can show, decades later, what a village, town, or city perceived as a danger, asset, or cultural resource. Coupled with building permits and variances, that information can show who was allowed to build what in a particular village, town, or city. For this reason, I predict EIS will be important resources to the historians of the future.
To assess if a printed EIS should be retained by the library, libraries can use their normal accession evaluation process. One thing to consider in such an evaluation: the NY Department of Environmental Conservation retains copies of all EIS (in a manner that accords with the DEC’s own record-keeping policies). Personally, I do think there is value in retaining the local hard copy, but as the member states, these things can take up a lot of room!
One thing that can make the entire process around EIS easier for a library is having an “EIS Acceptance Form” that is signed by the “Lead Agency” when they drop off the copies for required disclosure. Remember, use of the library is a courtesy that allows the Lead Agency to escape making numerous on-demand copies, so they should be very gracious about signing such an agreement!
I have supplied the essential elements of such a form below, and added a few non-required but library mission-centric terms to them.
The most helpful feature of this template form is the requirement that the “Lead Agency” notify the library that the public comment period is over; this way, a library can receive express confirmation of when the time to officially make the EIS available has ended, and the decision to dispose of or accession it can be made.
Thank you for this thoughtful question.
TEMPLATE EIS AVAILABILITY REQUEST FORM
The State Environmental Quality Review Act (“SEQRA”) requires that draft and final Environment Impact Studies (EISs) be posted on publicly accessible web sites by the “Lead Agency” for the project, and to provide hard copies on demand.
Regulations allow a lead agency to place copies of the EIS in a public library instead of making a large number of individual copies. By filling out this form, you, as “Lead Agency,” are requesting that the [NAME] Library place ____ printed copies of an EIS for availability to the general public, and expressly authorize the creation of as many copies as needed by the public, to fulfill your disclosure obligations under SEQRA.
Further Terms Agreed to By Lead Agency
As a condition of assisting with access during the public comment period, the ___ [insert number] physical copies provided by Lead Agency shall become the physical property of the Library, who shall have an irrevocable license to duplicate the EIS, in any medium now in existence or further developed. After being notified by the Lead Agency of the close of the comment period, the library may retain the physical copies, or dispose of them, at its sole discretion.
Lead Agency also hereby commits to remunerate the library for any request for a copy to be modified per ADA accessibility needs, including but not limited to conversion to braille, large print, or for use with an electronic reader. Such copies shall remain the property of the Library.
Lead Agency will notify the library via an e-mail to [ADDRESS] when the EIS is no longer required to be available for public comment and duplication.
The Lead Agency employee or agent signing this EIS AVAILABILITY REQUEST FORM is an authorized signatory of the Lead Agency.
CONTACT AT LEAD AGENCY: ___________________________________
TITLE OF CONTACT: ___________________________________
PHONE NUMBER: ___________________________________
PROJECT NAME: ___________________________________
PROJECT ADDRESS(ES): ___________________________________
PUBLIC COMMENT PERIOD START DATE: ___________________________________
PUBLIC COMMENT PERIOD END DATE (if able to be determined): ___________________________________
SIGNED ON THIS __________ DAY OF ____________, 20_____.
[NOTE: Any template form should be reviewed by a library’s attorney for conformity with charter, bylaws, and current policy]
 From the “SEQRA Handbook” page 162: “The minimum public review period is thirty days, calculated from filing of the Notice of Completion. If the draft EIS is lengthy, there is delay in distribution of copies, or there is substantial public interest, the lead agency should extend the review period. In practice, the time allowed for draft EIS review is often considerably longer than the minimum. The lead agency may wish to negotiate a mutually acceptable extension with the project sponsor. If a hearing is held to receive comments on the draft EIS, the SEQR regulations require that the review period must remain open for 10 days following the close of the hearing, for the receipt of additional written public comments.” It is not the job of the library to do these calculations!
 Just to reiterate: this template is just a starting place. Any template form should be reviewed by a library’s attorney for conformity with charter, bylaws, and current policy.
We have a question that relates to the intersection of New York state level library privacy laws (https://www.nysenate.gov/legislation/laws/CVP/4509) and FERPA. Our campus has a newish system that is attempting to correlate student actions and activities with academic success and retention. As such, it could be helpful to include things like visits to the writing center, appointments with academic advisors, and also library activities, such as whether a class came in for a library information literacy session or whether a student made an appointment for a library one-on-one consultation. FERPA lets institutions share academically related information within certain bounds.
We are wondering what the privacy balance is here given that the information would stay in-institution, but not in-library. Here's what we are considering doing:
1) Noting in the system which classes had a library session(s). Within the system, that would identify individual students within those classes.
2) putting an opt-in statement on our one-on-one research appointment form and if the student consents, then providing to system the student name, appointment date/time, and course that the help was for (but not anything about the specific content of the appointment).
Have we crossed any lines here? Do we even need the opt-in statement? Is this something clear or fuzzy/grey? What should we be considering that we haven't thought of? Thanks.
Depression. Burn-out. Dissatisfaction. Lack of connection. Lack of money. Lack of parking.
These are just some of the reasons students give when they choose to leave—or are forced to leave—their college or university before graduating.
Many times, these reasons snuck up on them, although in hindsight, they could be seen: a pattern of missing classes, a downward trend in grades, maybe even dropping out of clubs and other campus activities. And almost always, after a student leaves (often in tears) faculty and staff, coaches and friends, are left wondering: could they have done more?
No matter what events led up to it, for each such incident of student “attrition,” the stakes are high: student loans, a sense of failure, the end of a career dream, and perhaps even a medical condition that went untreated while the student struggled on their own.
But what if the clues could be seen earlier? What if the downward spiral could be stopped?
Fueled by increasing technological capabilities, many institutions of higher education are developing cross-campus, inter-sector systems to do just that: hoping to correlate the warning signs and fight student attrition through early intervention. Using a variety of commercially available and home-programmed tech, they are tracking everything from dining hall meals, to class attendance, to visits to the gym. These factors, as well as comments from concerned faculty or staff, are then routinely assessed and cross-checked for red flags.
Because libraries are increasingly hosting classes and providing adjunct space for group work, it makes sense that such a system would consider tracking library usage. After all, it can be a good sign that a student is just getting out of their dorm room!
But there is a tension within this well-meaning system. College is where young adults journey to find their independence and privacy; promoting this maturation is part of a college or university’s purpose. Further, a net of privacy laws constrains the easy sharing of certain types of information. But knowing the painful consequences of unchecked student struggles, many institutions work hard to find the right blend of metrics and policies to be able to intervene.
Part of this hard work is finding the right path through that net of privacy laws. As the member writes, the biggest privacy law of all, FERPA, does allow such inter-departmental sharing, and even parental notification about safety concerns, when the time is right. It does this through both application of the law, and “FERPA waivers.”
But in New York, FERPA is not the only privacy rule to apply to these information-sharing systems. As the member states, New York’s Civil Practice Laws and Rules (the “CPLR”) §4509 (“4509”) also governs a student’s records—at least, their library records. And it sets the bar high.
4509 is a short law where every word matters, so it is worth quoting in full here:
Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state, including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute. [emphasis added]
As you can see, “college and university libraries,” even though they are part of larger institutions, are clearly covered by this law.
So how does 4509 impact the member’s question?
First, every library (academic or not) should have a clear sense of what it regards as “library records.” As can be seen in the statute, the term is not precisely defined (“including but not limited to” leaves a lot of room for argument!). Some of the obvious ones are listed in the law (circulation records, database searches, copy requests) but unnamed others could be just as vital to privacy (use of a 3-D printer, security footage covering the circulation desk, and in the member’s example, the use of research appointments). And still others activities that use the library may or may not apply (classes conducted in the library, but not part of library programming, are arguably excludable).
To protect the records as required by law, a library must know precisely what records it must protect. This is why, just like a public or association library, a college or university library should have a “Privacy of Library Records” policy clearly showing where it draws the line. Such a policy should also have a “subpoena response protocol,” so the library can train staff on how to receive internal and external third-party demands for information.
And in a perfect world, this college or university “Privacy of Library Records Policy” should be known and supported by the institutional officer who oversees the library (a Provost or Academic VP). This officer’s authority, from time to time, may be needed to ensure the policy is respected by campus safety officers, student disciplinary administration, and any other department that might want library records in service of another institutional purpose. Librarians should not hold the 4509 lines alone!
Now, back to the member’s scenario. Once a library knows precisely where it “draws the line” on library records, the member’s instinct is right: any access to information that falls within the institution’s definition of “library records” should be either denied, or allowed only as the law requires: via a signed consent from the user/student.
I know, just what every student wants—to fill out another form! But these 4509 consents, just like a “FERPA Waiver,” are not only mechanisms to ensure legal compliance, they are a chance to educate students about their right to privacy.
For instance, the consent form (I imagine it would be a digital click-through on a password-protected student account, but it could be a paper form) could say:
“The privacy of library records is protected by the law in New York State (CPLR 4509). Your enrollment in the [SYSTEM NAME] will ask the library to disclose certain library records that are protected by this law. As a library user at an library in New York, you have the right to keep your library records private. A list of what [LIBRARY NAME] considers to be library records is here [link to policy]. If you would like to consent to the [NAME OF LIBRARY] sharing your library records with only [SYSTEM], please check the below consent:
[ ] I am at least 18 years of age, and consent to the limited sharing of my library records for purposes of sharing the information with the [SCHOOL NAME] [SYSTEM]. This consent does not allow sharing my library records, even within the school, for any other purpose. No consent to share the records with external entities is give.
I understand I will need to renew this consent every fall semester, and that I may revoke this consent at any time.
Of course, there is no legal requirement for annual renewal, but it is worth considering. A year is a long time in the life of the typical undergraduate student, who may enter college with one set of civil rights values, and leave with another. With an annual renewal, the library not only complies with the law, but educates the student about their privacy rights on an annual basis.
So, to address the member’s final questions:
Have we crossed any lines here?
No. By thinking about this issue during the planning phase of the system, you are making sure the lines are bright and well-defined.
Do we even need the opt-in statement?
You could call it that, but I recommend calling it a “4509 Consent.” That would build awareness of this important law in our future leaders (and librarians). Of course, as a lawyer, I may be biased as to how important that is (but it’s really important!).
Is this something clear or fuzzy/grey?
Not so long as your library has a clear and routinely evaluated policy defining what it regards as “library records.” This can be tough at an integrated institution, where so much information technology crosses through different sectors. But it should be done.
What should we be considering that we haven't thought of?
I think you should consider buying yourself a nice cup of coffee or tea for doing your part to support a commitment to personal privacy in the United States of America and State of New York. Unlike in the European Union, our privacy currently risks death by a thousand cuts. Every bit of armor counts.
And thank you.
 I was a general counsel at a university for ten years…even as the in-house lawyer, I had a few of these moments.
 The “Family Education Rights Privacy Act,” a federal law often blamed for institutions not telling families about students’ struggles sooner.
 If this answer were to address those bases, it would be about ten pages longer, so we’ll just assume the system in this scenario complies with all the regulations and guidance listed here: https://studentprivacy.ed.gov/audience/school-officials-post-secondary.
 Neither is CPLR 4509. These systems have to navigate HIPAA, state health and mental health laws, and depending on what they do, even PCI and defamation/libel concerns.
Should an event occur, is it legal in NYS to institute a lockdown in a public library?
This question brought back a lot of memories for your “Ask the Lawyer” attorney.
Between 2006 and 2017, I was a full-time in-house attorney on a college campus. On April 16th, 2007, my time in higher ed was forever changed, when the entire campus froze to watch the reporting from Virginia Tech. 32 people dead. 17 wounded.
Over the years, as incident after incident occurred on schools and college campuses, my colleagues in higher education would wonder “Are we next?”
I was lucky; my campus had no such incident during my time there (or since). But I was there for the development of our active shooter response protocol, there for our on-campus trainings, and there, as an administrator, for our “incident response” trainings with local, state and federal law enforcement…getting ready for a day when we might not be lucky.
Large (and small) public institutions and facilities like schools, museums, malls, and of course libraries have been struggling with how to prepare for the day someone brings a gun and threatens or perpetrates violence on their property. It is a horrific thing to contemplate, and a scary prospect to plan for…especially because there is a diversity of opinion as to what the best prevention and training techniques really are.
Some institutions have the benefit of mandates. In New York, all schools must practice active shooter response, and there are laws, regulations and experts in place to guide those mandated drills. And college campuses are mandated to prepare for emergency response.
Public libraries, on the other hand, do not have such a state-wide mandate. Although chartered and operated in connection with a municipality, they are independent operators. This means that though they may choose to follow whatever policy or procedure their municipality has developed for emergency response, or to adopt their own, that choice requires board approval.
But the member’s precise question is: is it legal in NYS to institute a lockdown in a public library?
First, let’s clarify what is meant by “lockdown.”
Per §155.17 of Chapter 8 of New York’s Rules & Regulations:
Lock-down means to immediately clear the hallways, lock and/or barricade doors, hide from view, and remain silent while readying a plan of evacuation as a last resort. Lock-down will only end upon physical release from the room or secured area by law enforcement.
To some people, “lockdown” (hiding, barricading) in the face of an active shooter sounds like a really good idea. Others might prefer to run. And still others think the best option would be to fight.
According to the New York State Division of Homeland Security and Emergency Services, depending on the situation, any of these could be the right choice. Watch the video, “480 Seconds” at this link. It depicts, in stark and practical terms, the different “best” responses, depending on an active shooter situation. http://www.dhses.ny.gov/aware-prepare/step3.cfm
“Lockdown,” as defined in the NYS Education Law, was determined to be the best option for schools because they house a large, vulnerable population of minors. While many of us only hear about this procedure through our kids (as we try to conceal our terror), school librarians know first-hand that the drills our kids do are only a small part of a system that requires:
Any lockdown plan should be this well-developed, because as “480 Seconds” shows, sheltering in a secure place is not the only response to an active shooter situation. Further, even in a place with a lockdown plan, responses will vary by building type, function, and population served (consideration of people with different disabilities, for instance, requires continually renewed attention). Given certain variables, a lockdown procedure might be the best option, but even once that has been determined, ensuring doors can be secured, signage is properly posted, and staff are trained, are all critical elements of the plan.
So, is it legal to institute a lockdown procedure in a public library? Yes. Library boards can (and should) pass emergency response policies, include active shooter policies, and a lockdown plan might be determined to be the best response. That said, unlike schools entrusted with minors, libraries serve a large population of independent, autonomous adults. Unlike law enforcement responding at the scene, a staff directive to stay in place will only have the force of library policy…which is different from an order by law enforcement. A person who wants to leave (and whose biology is telling them they MUST leave) might do so.
For me, the most important aspect of this question is not if a lockdown policy at a public library is “legal,” but how a public library develops its active shooter response plan and trains its staff. This can be no cut-and-paste job; it is a work for a credentialed and experienced expert. There is grant money and aid out there for not-for-profit libraries to seek this critical input. And in many places, simply reaching out to local government can put you in touch with all the resources you need.
Just like “480 Seconds,” the services of an expert will help your library apply the collective wisdom about active shooter situations to the somber but vital act of planning for an actual situation.
We can never be truly ready for an active shooter incident, but we can be prepared. Lockdown might be part of that preparation. Thank you for this important question.
 It was probably a false sense of security, but these were the times when I was glad to have ROTC on campus.
 There is one exception to this: a public library that rents its property may be required, in its lease, to follow the rules of its Landlord. But that would still mean the board had approved the terms of the lease.
 This video is not graphic, but it is very serious. I suggest you not watch it at your library unless it is part of an in-depth and well-considered training on active shooter response, led by a credentialed and experienced expert (local law enforcement should be able to assist in finding that person).
 See NYS Education Law §2801-a.
 An emergency response plan, along with plans for an active shooter, is listed as a recommended policy in the NY Library Trustees’ Association’s 2018 Trustee Handbook, page 115.
 Of course, some libraries have private security, or coordinate with law enforcement. If that is the case for your library, their training and level authority must be incorporated into your plan, and that may change the dynamic.
 This is very serious: your plan and training should be put in place using a contracted, person with established credentials and experience writing and training on emergency preparedness and active shooter response. There are many accredited and recommended programs for this. For a public library, this would be through the usual procurement process.
Pornography and public computers in libraries have gone hand-in-hand for some time and I'm doing some research on how library policies should handle addressing this in a realistic and proactive way. The question that I am researching is whether or not it is legal to explicitly list pornography as something that cannot be accessed on library computers. I understand ALA and the Intellectual Freedom Committees stance on this issue as well as the first amendment ramifications and I am certainly not advocating for censorship, however, I've seen several policies that have tried to circumvent the issue by having vague, unhelpful policies and others that have flat out said that it is not allowed. Any clarifying help from a legal standpoint would be appreciated.
My understanding is that it would not be constitutional to have a policy restricting pornography, however, there could be something in the policy that restricts the displaying of pornography or other offensive content.
Because libraries are guardians of the first amendment, and because there is no consistent definition of “pornography,” the answer is: NO. I cannot offer legal guidance that simply bans porn…any more than I could suggest that a public library start charging admission. Such guidance would cut into the fundamental heart of a library’s mission.
But there is a way to achieve your underlying objective: Focus on civil rights.
How does a “focus on civil rights” keep porn off library computers, you ask?
Let’s start with the fundamentals: why would a library would need to consider limiting internet porn in the first place? The answer is pretty simple. Aside from the malware—and the abysmal amount of copyright theft perpetrated by many porn sites-- no one wants to work or congregate in a place where other people are watching porn.
At best, it’s icky. At worst, it creates an atmosphere of gender-based discrimination (of any gender…of any sexual orientation…and of those who do not gender-identify, too). So in New York, where the stakes for a sexual harassment claim have never been higher, providing a porn-free environment is an unquestioned goal at most places of employment…including libraries.
And so the true question here is not if a library can outright restrict access to internet pornography, but rather, how can a library make sure it’s not honoring one civil right at the expense of another? How does a library remain a beacon for the first amendment, but stand as a bulwark of equal access and fair treatment, too?
This balance can be achieved. The key, just like in other matters involving fundamental rights, is to have a clear, well-developed policy, applied by trained professionals, well-documented and guiding you every step of the way.
Every library policy should be customized for its unique environment (and harmonized with other policies), but here is a quick example of the type of document I describe, designed to fit into a library code of conduct, patron access agreement, or other behavior-related policy:
The[INSERT NAME] library absolutely respects users’ rights to reliably and confidentially access content, but also has a duty to ensure that its shared community space is free of behavior that demeans, intimidates, or discriminates against patrons, other visitors, and employees.
Therefore, to ensure compliance with local, state, and federal civil rights laws, anyone using or displaying library resources in a manner that creates an atmosphere that could harass, sexually harass, or discriminate against others may be asked to modify their behavior.
Examples that may require staff to ask you to modify behavior include, but are not limited to:
Any request for modification, action or determination under this policy will place the highest priority on the right of patrons to access content, and will seek ways to address the concern without restricting that access. Modification could include:
In some cases, however, “modification” may simply mean a request to discontinue the behavior. Examples include but are not limited to: deliberately leaving images of violence in a children’s area; prominently displaying sexually graphic content in full view of other patrons and employees; any activity that uses content to negatively target another person in the library.
Patrons who refuse to modify their behavior or to collaboratively resolve a concern may be found in violation of the library’s Code of Conduct and subject to restriction of privileges, per library policy.
“Prominently displaying” means the content is intentionally or incidentally visible to others, risking a hostile atmosphere.
By focusing not on the restriction of “pornography,” but on the creation of a respectful and welcoming environment for all, a library positions itself to ensure optimal access to content, but to follow state, local, and federal civil rights laws, too. And since one person’s anatomy textbook is another person’s porn, a policy that allows for proactive solutions, using incremental and creative adjustment, helps balance liberty with a respectful environment.
What part of first amendment jurisprudence allows this? The first amendment does prohibit the government from abridging the freedom of speech. However, it does not guarantee that all forms of protected speech may be heard on property owned or controlled by the government. Instead, the state (just like an owner of private owner property), has “power to preserve the property under its control for the use to which it is lawfully dedicated.” Further, as in any case “where the principal function of the property would be disrupted by expressive activity,” courts will not consider the main reading and reference area of a public library to be public forum where expression cannot be regulated.
Here is an example: let’s say I am working on book about inter-generational trauma. With only the best of intentions (writing a book exploring how the trauma of one generation can impact the next) I claim a table for myself near the reference desk, and start laying out books with pictures from the Jim Crow era. At the next table over, a young person sees the pictures, and suddenly finds the library is not the warm, happy place it was ten minutes ago. She gets very emotional, and the reference librarian notices. Using the policy, the librarian could then say: “I see you are working on an important project. Since this is a high-traffic area and these are some very stark imagines, can you consider moving to a table where you can access the material, but not risk a negative impact on others? That would help us serve you while also making sure the reference area is welcoming to all.”
If I say “yes,” and move, we all move on. If I say “no,” there may be a need for further discussion, but under the library’s policies, one way or another, an adjustment is made.
How could this work with a patron accessing porn on a public computer? The librarian states: “This is a public area that serves many people, and its environment must be respectful of our visitors and employees. What you are viewing is not consistent with that requirement, so it cannot be displayed is this area. Please stop now.”
If I say “yes,” and move, we all move on. If I say “no,” there isn’t much need for further discussion, since under the library’s policies, one way or another, an adjustment will be made.
This is what is called in first amendment jurisprudence a “time, place, and manner” restriction. Considering the mission of the library—to serve all—a policy of keeping the common areas free of graphic violence, invective, and sexually explicit content is very reasonable…especially since most parts of a library are not considered a “public forum.” It is the same restriction that allows librarians to ask people to speak quietly or not play music on their cell phones that others can hear.
I appreciate that this approach does require library staff to make and enforce value judgments about content—and some librarians may feel uneasy about that role. But the essential function of libraries rests on the ability of librarians to make content-based decisions. In fact, because they are trained to categorize and assess various types of information, librarians are some of the best-qualified people in the world to take such a burden on.
The case Sund v. City of Wichita Falls—also called the “Heather Has Two Mommies” case—shows the importance of qualified professionals making content decisions using consistently applied, well-reasoned policy. In that case, a town board tried to allow patrons to over-ride a head librarian’s decision as to where to shelve a children’s book depicting a positive, happy tale of a girl and her two mothers. When striking down the law, the judged cited the library’s careful accession policy and the level of training required of the librarian—and then confirmed that she had the final say in shelving decisions.
Librarians use such content discernment on a routine basis, and today’s civil rights laws demand they apply it to not only collections, but the library’s environment, as well. A policy that is well-developed, harmonized with other policies, and the subject of routine training and practice for staff can give this responsibility a reliable formula. Like all critical policies, such a policy should be custom-drafted and carefully considered before being approved by trustees, since if the resulting discernment is ever challenged, the board will need to stand by—or overrule—how it was applied in the field.
Balancing conflicting civil liberties requires careful analysis and diplomacy. But at the end of the day—I’m just gonna say this—unless they work in a very unique type of place, librarians have the right to expect a workplace largely free from internet porn. That freedom—and the freedom of patrons to access content without undue restriction—starts with your library’s commitment to civil rights.
Thank you for this important question.
 The only reason I know this is because I am a copyright attorney. No, really.
 See the new laws passed in 2018 about increased employer liability for sexual harassment.
 Obviously the sound editor at an erotic film production company hopes for a steady stream of work, but that’s the exception, not the rule.
 See the case Citizens for Cmty Values, Inc. v. Upper Arlington Public Library Board of Trustees, 2008 U.S. Dist LEXIS 85439 (2008), United States District Court for the Southern District of Ohio.
 I have no pre-emptive solution for people who bring their own laptops and are able to reserve a room, unless you have a policy that employees may enter such a room at any time, in which case my same advice applies.
 This case is a good read for any librarian seeking a refresher on the important of clear policy and a supportive board of trustees. It is also very laudatory of the librarian who fought for the right of the library to properly shelve the book.
I am not a judge, so I get to have a definition! Here is it: “Anything on the internet depicting a sex act, that comes with at least two pop-up adds.”
Beginning on October 9, employers in NYS are required to make interactive training which meets state outlined minimum standards to their employees to combat sexual harassment in the workplace. As a cooperative public library system which serves a membership of public libraries including those which employ 1-3 staff members, we would like to support our members by providing the training centrally. We have no governing or financial authority over these independent libraries. Their employees are not our employees.
Can we provide training centrally for the employees of member libraries, as long as the training itself meets the minimum training standards?
Do different levels of employees need to be provided with different training sessions, for instance do library staff persons need to be provided a training space free of the library director?
Do trustees serving on library (or any non-profit) board need to participate in this training and if so, do they need their own session?
It is my understanding that training can only be shared if all the institutions have agreed to the state version of the policy AND been given the state created training module. Is that true?
The member is right: New York State has taken the huge step of requiring ALL employers—whether they employ one, or one thousand—to train their people to recognize and report sexual harassment and illegal retaliation.
But this training requirement does not stand alone. Also as part of the amped-up law:
The resulting need to revise policies, adopt reporting forms, and organize trainings has hit many strategic plans and budgets hard. Libraries, who always feel budget pressure, are among the not-for-profits feeling the pinch.
Since this law passed along with the budget this spring, I have been counselling clients that this training requirement should not be viewed as simply another unfunded mandate (although it is), but an opportunity. What kind of opportunity? An opportunity for library leadership to gather and train their valued people to recognize and reject discriminatory behavior right from the start.
But at the end of the day, no matter how worthy the topic, convening personnel and hiring a qualified trainer costs money. Which brings us to the member’s great questions (underlined below).
First Question: Can we provide training centrally for the employees of member libraries, as long as the training itself meets the minimum training standards?
My answer to this is…Hold on. Before we talk about resource-sharing, let’s talk about scope:
Trustees, interns, and volunteers should be part of this training. 
Why trustees? When a small institution has a concern related to sexual harassment, trustees become front-line decision-makers. Further, trustees are generally the “supervisors” of directors—and the new law specifically requires that supervisors be trained. And finally—but most critically—library trustees set the tone for mission and leadership at the library. You cannot change or evolve a library’s culture without trustee involvement.
Why interns and volunteers? This new law comes with liability for harassment directed even at “gig” workers. This liability can be caused by any person acting on behalf of the library—even a volunteer. So every person who works at the direction of your institution should know this law, and how to work within it, together.
With that scope of attendance in mind, based on the guidance from the state thus far, if the policy and reporting form track the model policies provided by the state: my answer is YES.
Second Question: Do different levels of employees need to be provided with different training sessions, for instance do library staff persons need to be provided a training space free of the library director?
NO! In fact, I believe a library would lose much of the value of the sessions if it did so.
Why is that? While the stark requirement of the policy is to review the law, a side benefit of such a training is creating an esprit de corps for combatting bad behavior together. That can best happen if each level of authority—from trustee, to supervisor, to employee to intern or volunteer—hears and honors the obligations of the other.
If the different authority levels are balkanized into different trainings, a valuable opportunity to build trust and accountability in service to the library’s mission of equal access is lost.
Third Question: Do trustees serving on a library (or any non-profit) board need to participate in this training and if so, do they need their own session?
The new law does not mention training trustees or directors specifically. But since boards generally supervise the Director or Executive Director, and are responsible for a library’s legal compliance in all matters, it is my conclusion that library trustees must be trained.
And—although my comments above recommend against it—they can be trained separately.
There is a related area, however, where separate training might be appropriate and warranted. In this day and age, governing boards should know: 1) the library’s insurance coverage for sexual harassment/discrimination claims, 2) the procedure for notifying the insurance carrier of a claim, and 3) how and when to call in third-party investigator to look into a complaint. Having trustees aware of these things, before a mandatory training under the new law, would be optimal.
Fourth Question: It is my understanding that training can only be shared if all the institutions have agreed to the state version of the policy AND been given the state-created training module. Is that true?
Let’s start this answer with what a library is looking for when arranging the required training—a required element of which is a live, in-person trainer that attendees can ask questions of.
What does the library need from this trainer? At bare minimum, the trainer needs to provide a session that meets the requirements of the law. Therefore, my guidance to those arranging trainings for a single entity is that the contract or hire letter contain assurance such as:
On [DATE/S], [PROVIDER] will provide [SINGLE INSTITUTION] with an interactive session based on the State of New York’s “Model Sexual Harassment Prevention Training” guidance and [Institution’s] Sexual Harassment Policy and Reporting Form. When the training is complete, trainer will certify that all elements for sexual harassment trainings required by applicable NYDOL and NYDHR guidance, and the laws of New York, have been met.
For a multi-institution training organized by a membership alliance or network, I suggest that the contract or hire letter contain some extra details, such as:
On [DATE], [Provider] will provide [Institution]’s members with an interactive session based on the State of New York’s “Model Sexual Harassment Prevention Training” guidance and [Institution’s] Sexual Harassment Policy and Reporting Form. When the training is complete, trainer will certify to each institution that all elements required by applicable NYDOL and NYDHR guidance, and the laws of New York, have been met.
As this is a multi-institutional training, to enable certification for each attending institution, the following practices will be observed:
Attendance is limited to 5 institutions, 60 attendees.
I based this guidance on what will no doubt be the next chapter in this legal saga: allegations of liability due to failure to properly update policies and train personnel.
The “certification” approach I am suggesting above is not required by the new law. Rather, it is designed to help your members, or your institution, create a record that will easily demonstrate that they endeavored to follow that law. It is designed to show that, even if a system or group had to share resources and do a mass training, a truly interactive and meaningful experience was intended. This is a key element of limiting liability.
Of course, in a perfect world, people attend sexual harassment trainings not only to limit liability and because they are compelled to, but to learn how to ensure such behavior is rare, quickly called out, and immediately corrected.
The importance of such training cannot be over-stated. When I was a 16-year-old page at a public library in the 1990’s, I was harassed by a patron. I was too young and inexperienced to know my rights, or what to do. Fortunately, I had the good luck to be on shift with an amazing assistant director. When the bad behavior started, this graceful woman walked over to the patron, and simply said, “This has to stop now.” And despite his displeasure, it did.
Many decades later, her unambiguous, dignified, and immediate action inspires me, as I hope it does you.
Done right, these mandatory trainings are an opportunity for your library’s team to practice this type of skillful handling. It is also a chance for supervising staff--who now have the term “mandatory reporter” in their job descriptions—to be assured that they are supported and backed up by informed and committed trustees.
Finding ways to collaborate and share resources to make such training and practice as accessible and rewarding as possible is a great initiative. Thank you for this excellent array of questions.
 Uber drivers who transport your interlibrary loans, for example.
 The State’s late issuance of required guidance—released less than 2 months before the effective date—didn’t help, either.
 I know, that’s not really the question. But this is very, very important.
 Yes, some of those volunteers might be very young! It will be the job of your trainer to train your employees both well, and appropriately.
 September 26, 2018. A I write this, they are assessing thousands of public comments—including some submitted by me—and that may change the basis of my advice. So if you are reading this in 2019, please check for updates.
 Just so you know, “my firm belief” is based on years of conducting anti-discrimination trainings, ten years as an in-house counsel at a university, and time as an Interim HR Director. I am not just going with my gut here.
 Nor does the current model policy, report form, or training materials. Considering that New York is a hive of corporations, this void is rather mind-boggling, but these State resources were compiled with haste. I imagine this will be addressed in later versions.
 Or some other reasonable number. This is just a recommendation. Basically, you don’t want the number of institutions or attendees to make the “interactive” requirement arguably meaningless.
 But by no means the only element. The most important one will be following the new law, and documenting that you are following it!
 Bernice Cosgrove.
 The patron was quite upset. In retrospect, he may have had some mental health concerns. These matters often come with complications that require tact, diplomacy, and compassion.
The director of the college print shop has come to me for copyright assistance. Our faculty often ask for photocopies of materials for distribution to students in class. She asks the faculty member if they have the appropriate permissions for making copies but is not always convinced by their answers. Is there any form she can ask faculty to sign attesting to their right to reproduce the materials that will protect the college in the case of copyright infringement? Thank you!
This question seems simple, but it actually involves some high-end concepts of business law and liability.
Most libraries, museums, theaters, and other units within large institutions are actually part of the same entity. In other words, although they may have a distinct identity within their institution (“The Michael Library” “The Peter Museum” or “the Catherine Gym”), there is only one actual legal entity (“Romanov College”).
Many people find these niceties hard to grasp, but here is why it is important: in this scenario, the single entity (the college) includes the on-campus copy shop. This means that what the shop does, the entity does…including alleged infringement.
This same unity generally applies to employees, too. In a body of law called “Master and Servant,” if an employee is performing a task related to their job, and not deliberately violating employer policy or the law, for purposes of the legal system, the employee’s actions will generally be imputed to the institution.
This is why institutions are best served in this area by educating their employees about copyright, and documenting the employees good-faith efforts to abide by the law (it is also why many HR manuals have warnings about the consequences of not following policy: it limits the institution’s ability to protect you).
This puts lot of pressure on the employees who staffing the in-house copy shop. What are their responsibilities? Do they need to educate their co-workers on copyright risk? Are they expected to protect the entire college? Each institution has different policies and job descriptions that answer those questions differently.
That said, is there a simple approach that can help with this? Yes. For the in-house copy shop (NOT for an on-campus contractor), below is a framework to address copyright priorities with diplomacy, tact, and helpfulness. It is designed to be used with an institution’s “Fair Use Assessment” form, and to route people to the person responsible for permissions at your institution.
NOTE: All that said, any copyright-related form not custom-designed for your organization should be reviewed for cohesion and consistency with other institutional policies, including those in the employee manual. Never use any copyright-related form without considering your institution’s unique needs and approach to copyright and liability! If your institution has an in-house lawyer, compliance officer, risk manager, or insurance carrier, make sure they are part of finalizing any such form or solution.
[INSTITUTION NAME] COPY SHOP COPYRIGHT HELPER
Hello! Thank you for coming to the [INSTITUTION NAME] copy shop to arrange duplication of your class materials.
As an instructor who generates your own copyright-protected material, you know the value of copyrights to others, and you know there are penalties for improper, unauthorized duplication.
Please follow the process below. When you check “yes” to 1 or 3, we are happy to assist you with your copies!
1. Do you have written permission from the copyright holder or their agent to make copies?
If “yes,” attach the permission, and let’s get copying!
If “no,” please move to question 2.
2. Do you have verbal permission from the copyright holder or their agent to make copies?
If “yes,” please confirm the permission in writing, return to us and check “yes,” above, and we’ll get right on this for you!
If “no,” please move to question 3.
3. Do you regard this copy as a fair use?
If “yes,” please fill out the attached [INSTITUTION NAME] fair use assessment form, and we’ll get your copies made!
If “no,” or “I don’t know,” please move to question #4.
4. Do you find this process frustrating and need help arranging permission to use this material, or more input on fair use?
If “yes,” please see XXXX at OFFICE LOCATION, who assists with permissions at INSTITUTION NAME. You can also call them at NUMBER or reach them at EMAIL. We hope to see you again soon!
MATERIALS (Title, number of pages):_______________________________
 This is one of the reasons many institutions opt to host a separate company for on-campus duplication services.
 I know! The law needs to move on. Perhaps “Captain” and “team member” can replace this.
 That said, never assume that is the case! Every allegation of liability must be carefully reviewed by a lawyer, as there are many exceptions and precise formulas that control such things.
 Demonstrable, good-faith effort to abide by the law can actually limit damages when copyright infringement is attributable to a not-for-profit education institution.
 If you don’t have either or one of these, share this RAQ with the decision-maker at your institution who could make that happen. Both the form, and a person who can facilitate permissions, are worthwhile risk management investments.
We are finding that librarians within larger institutions (like colleges and museums) are the go-to resource for copyright questions, which could also include institutional copyright concerns. What should a librarian do if the "question" they are presented with is really an allegation of copyright infringement?
“Ask The Lawyer” has touched on this topic a bit before. In our a 9/19/17 RAQ post “Skating the Line Between Helpful Information and Legal Advice,” we discussed the risks posed when patrons and co-workers confuse the helpful attitude and boundless information provided by librarians with legal services.
The bottom line from that guidance was:
When [asked for legal advice], librarians must emphasize the boundary between good service and legal advice. Here is a formula for that:
I [the librarian] provide access to library materials based on the law and policy of my profession and institution; you [the user] should consult your own attorney regarding any legal concerns about your use of the materials being provided.
The current question takes this issue one step further: what if, when asked to play this front-lines role, the librarian is alerted to a potential claim of infringement against their institution?
Here are a few examples of how this can emerge:
Coach to librarian: “I thought I would check with you…this guy called us and said we used his photo of the volleyball team on fliers without his permission. But we’re not-for-profit, so copyright doesn’t apply, right?”
Curator to librarian: “We used a photo of the artist to promote the current installation on Facebook and some photographer is claiming we need a license? But the artist said it was okay!”
HR Director to librarian: “You are our go-to on copyright. This person says they generated it on their own time, but we own everything our employees create on our computers, right?”
Before anything else, it is important to say: many institutions have an established protocol for handling ANY threat of litigation, be it copyright infringement, slip-and-fall, or breach of contract. So first and foremost, librarians at larger institutions should know their institution’s policy or procedure for when a lawsuit is threatened. The risk manager, business manager, in-house legal counsel, or the employee who coordinates insurance coverage is often the point person for this.
When your institution has such a protocol, the reply to questions that reveal a threatened claim of infringement should be “That sounds like it could be a claim of copyright infringement. You should refer that the XXX, who handles claims.” And whether or not the inquirer follows through, to protect both the librarian and the institution, the librarian should then e-mail XXX to say “Today I referred Coach/Curator/HR Director to you, as they were contacted by someone who might have a legal claim.” This makes sure the legal hot potato doesn’t stop at the library, even if the other employee doesn’t follow through.
Of course, not every place will have an XXX, and not every person will seek advice the moment the threat of a claim arises. Here are some alternate versions of our three scenarios:
Coach to librarian: “This guy called us about three months ago and said we used his photo of the volleyball team on fliers without his permission. We also put it on t-shirts. Can you look at this “cease and desist” letter?”
Curator to librarian: “Remember that awesome installation? Well, I’m forwarding you some emails between me, the artist, and his photographer. They say we owe like $2,000.00 in licensing fees, but it’s fair use, right?”
HR Director to librarian: “I need to send this letter about work-for-hire, can you review?”
In these scenarios, institutional debate or engagement with the claimant is well under way. Even though things might be further along, and tempers hotter, the priority is still to end the engagement and get the matter in the right hands as soon as possible. So, even if your institution doesn’t have an XXX, and the situation arrives at your door a little more “hot,” the best thing to say to your co-worker is: “This sounds like a legal matter. We need to connect you with our attorney.”
If your co-worker has been so kind as to refer the (often angry) claimant to you without warning, and you are now on the phone with them, it is generally wise to:
1. Listen, and make notes of what the claimant is saying.
2. DO NOT ARGUE, DEBATE, or SUPPLY INFORMATION.
3. Use your customer service skills to simply say “This sounds very important. I have made a note, and will make sure someone gets back to you by [date].”
4. When arranging appropriate follow-up, minimize internal e-mail discussion, which could become discoverable evidence. Remember, the back-and-forth the employees engage in, unless it involves an attorney providing legal advice, is not subject to attorney-client privilege.
5. Get that legal hot potato to your attorney or insurance carrier and get out!
I realize that budgets are tight in the not-for-profit world, and not everyone has an attorney in-house or on call. This is where your insurance carrier could be a key player. Most bigger institutions have some form of coverage that addresses copyright. Your carrier does not want you to spend time arguing with a claimant, generating potentially damaging evidence! So in the absence of a lawyer, your insurance liaison and carrier (who will use a lawyer) might give your institution a place to send the “hot potato.”
The bottom line: every institution has a slightly different way it approaches litigation risk, but every institution should have an established way. Making sure library staff are aware of and comfortable with their institution’s protocols, and are supported in those protocols by trustees, officers and key personnel, are the keys to this issue. The statutory damages and mandatory attorneys’ fees often involved in copyright litigation make this a high risk management priority.
Librarians should be on the front lines of information access and fair use, but not the first line of defense for copyright litigation. Hopefully your institution appreciates this critical distinction, and supports it.
Or there’s always law school….
 I am sorry if any of these fictional scenarios have triggered stressful memories.
 If there isn’t one, I pose an alternative in a few paragraphs, but in most instances, there is.
 See the helpful script in paragraph two to remind people you are not a lawyer.
 Some alert carriers right away, others are wary of having a high claim number. Some carriers want to know the moment there is even HINT of a claim. This is something the person responsible for insurance will know.
 I am writing this guidance to be shared with such stakeholders, if it can be helpful.
Are libraries legally required to obtain photo releases from all patrons (children's parents, teens, adults), even if we don't name those patrons before publishing photos to our social media accounts and/or press releases?
This is a huge question. To answer it, let’s start with where the mania over image releases comes from.
New York Civil Rights Law, §50, states:
A person, firm or corporation that uses for advertising purposes, or for the purposes of trade, the name, portrait or picture of any living person without having first obtained the written consent of such person, or if a minor of his or her parent or guardian, is guilty of a misdemeanor.
In this age where every “click” and post is potentially monetized (and thus “advertising”), this rule is tough to advise on. If I post a picture of my sister on Facebook, and her smiling face helps Facebook get attention for a sidebar advertisement, can she fulfill a threat made back in 1987 to get me in “sooooooooo much trouble?” Not quite. But if I create an ad for an event to be held at my law firm, and I use someone’s image without permission, that could be problematic.
The next layer of concern could come from Facebook itself. As they say in their “Terms,” users may not:
…do or share anything:
So, if my sister alleges that I have “violated her rights,” by posting her picture, am I risking my Facebook account, too?
A lot of this comes down to how Civil Rights Law §50 is being applied these days. As of this writing, I did not find any case law where simply posting an image to Facebook violated §50. Further, recent case law gives insight into what the courts will consider to be “advertising.”
“Under Court of Appeals precedent, the statute is to be narrowly construed and strictly limited to nonconsensual commercial appropriations of the name, portrait, or picture of a living person. A use for advertising purposes has been defined as a use in, or as part of, an advertisement or solicitation for patronage.” 
This sounds helpful, until you starting thinking that, in the world of Facebook, everything is only one degree from being an advertisement. So how does a library post photos of patrons using their library without losing sleep at night?
The 2013 case of Leviston v. Jackson is instructive. In Leviston, a woman sued the rapper 50 Cent for posting a sex tape (not made for commercial use) featuring her on his unmonetized web site. During his testimony, 50 Cent stated that he posted the video to antagonize an opponent in a rap war. During his testimony, 50 Cent admitted that rap wars are conducted in part to test the mettle of different rappers, and to bring attention to the combatants. The judge, seizing on this admission that rap wars are in part for “attention” (of the commercial variety) refused to dismiss the Plaintiff’s claim.
So, if your public library is at war with the association library across town, or fighting a budget battle, and you would like to post pictures of patrons claiming “Our Books Our Bigger!” your library should get written image releases. If, however, your not-for-profit library is simply publicizing “new hours!”, the person whose image you use would have a very weak claim (if they had a claim at all).
That said, in general, it is a good practice for libraries to get image releases whenever possible. First, you never know when you might snap the perfect picture to illustrate why a new resources or a bigger budget would really help your mission. Second, asking for permission to use a person’s image will emphasize your library’s respect for personal privacy and patron confidentiality. And finally, by memorializing permission to use an image, you reinforce the patron’s connection to the library…and generate a great record for the archivist who will be trying to catalog your photos in 2118!
Thank you for your question.
 Leviston v. Jackson.
We are planning on installing a bike rack for our community members. With it begs the question, should we also loan bicycles? Many libraries already do. Here is but one example: http://cpl.prl.ab.ca/about-us/policies/bike-borrowing-agreement. My question is, as long as you have a policy in place, and the borrower signs the agreement, are all injuries waived once off your property? Is it really as simple as that? Please help me identify any worst case scenario possibilities that I should be prepared for.
From tools, to bikes, to digital printers, an increasing number of libraries are providing access to more than information.
I imagine someone has named this phenomenon, but I got a J.D., not an MLS, so I couldn’t find its overall name. Therefore, I call it “The Library of Things.” 
Joining “The Library of Things,” signals a sea change in the identity of a library. It expands its lending model beyond information (books, media, data) to capability (printers, kayaks, cameras). It converts a community asset from a place of intellectual access to a source of physical action and production.
This combined role is re-framing community awareness of libraries. But whether it’s called a “makerspace,” or a “tool library” or simply a “3D printer,” these resources are challenging traditional library laws and ethics governing access, liability, and patron privacy. The member’s question is a perfect example of the complications that brings.
What complications? The “Library of Things” is not simply about accessing assets, but using them, applying them, and sometimes, riding them. Most library law (parts of the education law, CPLR 4509, a robust array of civil rights jurisprudence, and a body of case law regarding library operations) is built around that premise that a library’s mission to provide access to information must be safeguarded at all costs. But that jurisprudence is largely silent on the issues posed by using equipment to take action or produce something. That function, while important, is not enshrined in the law. Prediction: the Library of Things will soon start testing the conventions of libraries’ legal status quo.
But let’s get down to the brass tacks (or the greased chains). What about the bikes?
Regarding the member’s precise question (“…as long as you have a policy in place, and the borrower signs the agreement, are all injuries waived once off your property? Is it really as simple as that?”), the answer is “no.” The liability for lending equipment is a varied as the disclaimers and warrantees that equipment comes with, and in general, a simple policy and waiver are not the only things needed to anticipate risk and reduce liability. So how does a library do it?
First (and I cannot say this enough): no library should contemplate the loan of functional equipment without thoroughly considering the risks and conditions of that equipment’s use. The member’s question says it all: Please help me identify any worst case scenario possibilities that I should be prepared for.
When it comes to lending bikes, here an initial laundry list or “worst case scenario” thinking:
Don’t worry…there are many ways to address the risks these questions highlight. One solution, which can greatly ease the burden on a library, is to have the liability assumed (and insurance provided) by a third party through a rental contract. With that approach, rather than accession the bikes, the library picks up the fee (rather like paying for access to a database), and the patrons, following an established policy, check the bikes out on their card. In such an arrangement, the library’s contract, the underlying policies, and the agreement signed by the patron, could be drafted to promote safety and to shift the liabilities away from the library…an arrangement that must be confirmed by the right combination of contract provisions and proof of insurance.
Second: no library should contemplate the loan of functional equipment without thoroughly considering the unique nature of their library. Is the library a public institution? Is it affiliated with a larger organization? What are the limits of its insurance? Are there physical hazards near it that warrant enhanced care? If your public library is at the top of a steep hill with a railroad crossing at the bottom, it should not use the same bike loan policy as the college library in the flat town with no CXS line.
Third (but in many ways, first): Is the contemplated asset critical to the mission of the library? Is fulfilling the patron need for this equipment consistent with the library’s strategic plan and goals? If the answers are “yes,” then addressing the first two questions should be easier, since clearly the identified risks and complications will be worth it. If bikes with baskets help fulfill the mission to deliver books to the senior center, then bikes with baskets it is.
And finally, there are ancillary considerations. Is the loan of equipment a “circulation record” subject to privacy laws? Is the service as accessible as possible per ADA? Do you need to follow a procurement policy when seeking a third-party bike provider or a purchase source?
When developing a bike loan program, it’s essential to consider:
That’s a lot, but there are resources to help you. The library’s insurance carrier should be consulted at the outset. The NY Department of Transportation maintains a list of current bike laws. There are an array of groups that offer free safety training, and many civic organizations offer free helmets. If possible, a third party vendor is the way to go, since it can help limit the library’s liability. Liability waivers should be custom-drafted to fit your library and the precise arrangements it has made for the bikes, but drafting your waiver should be the last step, after you’ve made your decisions about safety and conditions.
With a little coordination, you can address all the bells (but by law, leave off the whistles).
There’s a lot to wade through, but one thing is clear: libraries are evolving. This means that with a few fits and starts, the law will evolve with them. So once your organization decides to join the Library of Things, know the assets, know your library, stick to your mission, and roll with it.
With the right planning, it’s as easy as riding a—
 I invented this term as I wrote. During editing, my husband (who does have a library degree) checked “Library of Things,” and found that it’s been in use for quite a while. So I got to think I was clever for about 2 hours.
 I’m not a historian, either, but I really do think this change is significant. Think about it: Ben Franklin, who founded this continent’s first formal lending library, was a printer. But did that library give members free access to a printing press? Or a candle mold? Lending things has not been baked into the model.
 These documents should be reviewed by the library’s lawyer. It doesn’t hurt to have them reviewed by the library’s liability insurance carrier, too.
 For instance, Camrose, AB, the library in the member’s question, is in Canada, a country with a markedly different approach to risk and health issues.
A member asks…[We] are switching to a Paid Time Off (PTO) model in 2018 and are looking for guidance on how to handle payout of the benefit when an employee terminates from employment. We would like to offer each employee their full yearly amount of PTO at the beginning of the calendar year (or start date of employment for new hires). However, we are concerned about the budget impact of having to pay out for every hour of PTO an employee has amassed in situations where employees terminate early in the year. As such, we are exploring a policy in where an employee receives all of their PTO hours at the beginning of the year and is free to use those days for time off. But if they terminate, they would only be paid out for a prorated amount of the PTO balance they have based on the number of hours they worked during the calendar year in which they terminated. Would such a system, if made clear in our Personnel Policy and not impacting any time accrued under a previous policy, be acceptable? Alternatively, would the Library be able to cap the amount of hours paid out upon termination to an amount we determine (35 hours/70 hours)? … Any feedback you could provide would be greatly appreciated. [Emphasis added]
Libraries are service-intensive environments, which means they depend on their employees to report to work. However, since so much depends on staff, libraries are also wise to give their employees the tools for self-care and a proper work-life balance. A PTO policy is a great way to facilitate this.
What is “PTO?” Put simply, PTO is a finite amount of paid time off work (scheduled or unscheduled), to be used for vacation, short illnesses, “mental health days,” or whatever else is needed (note: often, bereavement is excluded). By not dividing time off into distinct types, PTO enhances employee privacy and flexibility—while decreasing the administrative burden of tracking the type of time.
The increasing use of PTO also makes sense as the ADA, the FMLA, and the upcoming New York Paid Family Leave Act have changed the landscape of medically-related time off.
Before we get to the heart of the member’s question, let’s start with some crucial basics. Under NY labor law, employers must have a written policy (or policies) governing sick leave, vacation, personal leave, and holidays.1 Under that law, as governed by the policy, the value of these “wage supplements” must be paid out at termination.
That said, conditions can be put on the terms of these “supplements”; according to the DOL the amount of time that can be cashed out “depends upon the terms of the vacation and/or resignation policy.”
This guidance is backed up by case law: New York courts2 have held that the required policies about PTO can specify that employees lose accrued benefits if such loss is a condition of the policy.
Among other things, conditions in PTO policies may cover the following:
How PTO accrues (annual, or more incremental);
How eligibility and earned amounts are governed (for instance, part-time vs. full-time, or based on years of service);
How much PTO can be paid out at termination;
If eligibility for payout survives termination for misconduct;
How “scheduled” and “unscheduled” (sick, emergency meeting, etc.) PTO is granted;
If a certain amount of reasonable notice before quitting is required to get the payout;
If a restriction on the number of employees using PTO at once is needed (this is critical for service-intensive environments like libraries).
In addition, any transitional/new policy can (and should) expressly address already accrued wage supplements (for instance, converting any unused vacation to PTO, or paying it out). As the member shows sensitivity to in their question, the new policy should never nullify wage supplements already accrued.
So, here we are, at the heart of the member’s question: can the amount of PTO cashed out at termination be pro-rated based on the time of year the resignation happens? The answer is: Once given, PTO should not be clawed back based on a variable factors, even those factors are set out in the policy. However, the solution is just as the member posits (and as is listed in the third bullet, above): uniformly capping the amount to be paid out, and applying it without fail.3
The nature of the library (public, private, part of a larger entity, etc.);
The bylaws and role of any board policy or committee (for instance, if there is a personnel or HR committee, this topic would be of interest to them);
Any union contracts or other contractual obligations at play;
The full suite of employee benefit policies, and the recruitment, development, and employee retention and compliance goals they serve;
The budget impact of any changes.
Once a library arrives at draft policy, prior to it being enacted, a lawyer should review the policy to ensure it is compliant, and works well with related legal obligations, contracts, policies and procedures. Further, it is ideal if the policy is reviewed by the treasurer, and/or the person preparing the budget, and/or the person who files any tax forms on behalf of the entity. I’m no accountant, but I know PTO is logged in a specific way on balance sheets, and it can have an impact on financial statements.
So once you have your draft PTO policy, invite your lawyer, your treasurer, and your accountant (there’s a joke in there somewhere, I know), over for a quick cup of coffee, and make sure everyone says you’re ready to launch!
1 Section 195.5 of the Labor Law states: Every employer shall notify his employees in writing or by publicly posting the employer's policy on sick leave, vacation, personal leave, holidays and hours.
2 [See Glenville Gage Company, Inc. v. Industrial Board of Appeals of the State of New York, Department of Labor, 70 AD2d 283 (3d Dept 1979) affd, 52 NY2d 777 (1980).]
3 PTO can also be given on a more incremental basis, but this nullifies some of the flexibility benefits it can bring. That said, the policy should consider when an employee first qualifies, and if starting employees get a pro-rated amount based on their start date.
Can a library report a crime based on use of library resources while honoring CPLR 4509 (assuring the confidentiality of circulation records)?
CPLR 4509 is a critical caisson in a library’s foundation, protecting users from those who would draw negative inferences based on access to the library. The law sets out, in bold, simple language, that librarians shall not disclose such records to law enforcement (or others), unless there is an appropriate subpoena, court order, or disclosure is required by law.
That said, there will be instances when serious patron misconduct might require a report to law enforcement—but the mere act of reporting it will disclose a circulation record (for instance, a patron signing onto a library computer that is then used for a crime). How does a library report the criminal behavior, while honoring the letter and spirit of 4509?
The American Library Association has compiled a great array of information on balancing these priorities, and it is clear that the answer lies in the library’s policies. I will not re-create this excellent list of considerations here, but when it comes to this particular question, it is clear every library should have:
The New York Library Trustees Association has a thorough database of policies addressing, from a variety of libraries, addressing these topics. But just use these for inspiration, since policies must be crafted, evaluated, and periodically revised to serve the mission, legal requirements, and operational needs of your particular library. Ideally, your lawyer should not only review the final product, but be ready to assist with any law enforcement request, is a good idea.
A library that makes sure it has addressed the points in the above bullets, and has trained their staff on these priorities, is ready to protect circulation records, while safeguarding the “proper operation of the library!”
 Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state, including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute.
 Note the ALA guidance on steps to minimize creating/retaining circulation records.
It has come up at our Reference meetings that patrons are using our technology to alter documents such as doctor’s notes (extending days of medical excuse, for example) and our staff is increasingly uneasy about assisting patrons with this. We try our best to ignore what people have on the screen but sometimes they ask for our help with altering scanned documents, and it's impossible to pretend we don't see what they are doing. We are uncomfortable telling patrons we decline to help them based on ethical reasons, because that would show admitting we have read what is on the screen. We are somewhat concerned about liability and potential obligation to report illegal activity. What are some ways we can shield staff from having to help patrons commit fraud?
Wow. There is really just no hum-drum day for librarians, is there?
Okay, let’s take this in stages.
First, the member’s question starts with the premise that the alteration of certain documents is illegal. That premise is correct. And although there are any number of crimes such alteration could be (depending on the type of document), here in New York, the catch-all term would be “Forgery.”
Forgery is a crime that comes in many degrees, but whatever degree, it involves the act of falsely making or altering a document (meaning the forger invented it wholly, or—as in the scenario—somehow manipulates or alters the original). However, it is important to note that a critical element of Forgery, no matter what degree, is the intent to defraud, deceive, or cause injury.
Second, the member raises the concern that, if library staff assist a patron who turns out to be a forger, they could risk being implicated in the crime—or feel an obligation to report what they have seen. While I found no case law addressing this precise scenario, these are valid concerns.
We’ll start with some good news: for staff to be (legally) implicated, they would have to be aware of the forger’s criminal intent. In other words, the staff would have to know that the person was planning to defraud, deceive, or cause injury; the mere suspicion would not make them part of a crime.
That said, if the content visible on the screen makes it difficult to ignore a crime in progress (for instance, the manipulation of child pornography) or the possibility of imminent harm to another (someone changing the checkboxes on a Power of Attorney, for example), both library operational integrity, and staff well-being, may require removing personal service, removing privileges, and/or alerting law enforcement.
Unfortunately, after looking at case law, guides from the ALA, and numerous policies in the field, I could find no graceful way for staff to simply discontinue service, without telling a patron why. Since staff assistance is in many ways as much of a right (once it is routinely provided) as access to your collection and technology, withholding it without a clear basis is a due process concern (for public libraries) and a professional ethics/best practices concern (for private libraries).
That said, I can offer the following steps to making sure staff are ready to address this difficult situation:
First, every employee and volunteer assisting patrons should have the phrase “service to patrons, in accordance with established policies and procedures” in their employee handbook, job description or volunteer letter (the wording doesn’t have to be precisely this, but the requirement of staff to follow library policies should be express).
Second, an institution providing access to “maker equipment” (computers, scanners, 3D printers, recording devices, tools, etc), should have a posted, public policy forbidding use of library equipment for illegal activity. Something like:
“Use of library equipment for illegal activity is forbidden. Examples of illegal activity include but are not limited to: manipulating illegal content, engaging in forgery (falsely altering documents), gaining unauthorized access to other computers or networks, and 3D printing of illegal devices. Staff assisting you, who suspect illegal activity, are authorized to discontinue assistance, and the library may discontinue your library access and contact law enforcement. Patrons using technology to alter official or signed documents should be aware that such activity may be perceived as potentially in violation of this policy.”
As with any library policy impacting access and privileges (including staff assistance), such a policy should have an established procedure, and at least one level of appeal.
Third, staff and volunteers should be trained on how to withdraw service while honoring the rights of patrons. A very simple policy (coordinated with current bylaws and other institutional policies before implementation), such as the generic one below, could assist with balancing staff well-being with patron rights:
It is the policy of the library that, to promote the integrity of operations, and the well-being of staff, use of library equipment and staff services in furtherance of illegal activity is forbidden.
Staff concerned that a patron’s use of library technology may violate the law shall withdraw their services and/or patron access to the technology, per the below procedure.
In making this policy, the library re-affirms that unless authorized by law, patron records, including those generated by the use of technology, are confidential, and that users of the library technology have a right to privacy.
In making this policy, the library re-affirms that all patrons are entitled to excellent service and access, and that such service and access shall not be removed without due process.
A staff member identifies a potential violation, withdraws from the patron, and consults a supervisor to confirm that withdrawing service and/or access is appropriate.
If the supervisor, upon further assessment, agrees that the use violates the policy, and that withdrawing service and/or access is appropriate, the supervisor will initiate the removal, and provide in writing to the patron:
On [DATE], your access to [/SERVICE/TECHNOLOGY] was removed, on the basis that the use was barred under our posted policy (copy enclosed). This removal may be appealed by sending a letter of appeal to [PERSON], at [ADDRESS] by [DATE]. The library respects your privacy and does not require you to appeal or to provide any further information regarding this matter, unless you choose to do so.
If an appeal is filed, the [PERSON TO WHOM APPEAL IS DIRECTED] shall consult leadership and legal counsel as needed, and shall notify the patron, in writing, as to the result of the appeal within [#] business days.
If there is concern that IMMINENT HARM may be caused by patron use of technology, staff shall immediately alert XXXX, who shall determine if law enforcement must be called, or if there are any additional immediate action take, per governing procedures.
I am sorry to not have a more graceful solution, but I cannot advise that staff simply withdraw services and not return to the patron. I have designed the above generic policy to provide a “uh-oh” moment for the patron, when they can remove themselves from a situation, and the supervisor can choose to not pursue the matter further. This is a delicate dance on the tightropes of confidentiality and operational integrity.
Further, I have added the final clause in bold so the person in charge at the time is reminded to use the “buddy system” when it comes to making tough calls about safety, inferring criminal intent, and assessing imminent harm. These are decisions that, whenever possible, should not be made in isolation.
This balancing, giving a situation time to breath, and due process, are the best way to shield library staff while honoring library principles. I hope you don’t have to use it too often! But with more and more people relying on libraries for service beyond the traditional quest for information, I suspect more institutions will be addressing this issue.
 NY Penal Law 170.00
 Of course, a prosecutor can pursue criminal charges if they believe they can prove such awareness…and they can try and prove it by using knowledge of the content. And for certain documents, merely altering them is a crime. So erring on the side of caution is wise.
 At the heart of this question is staff who don’t want to be implicated in wrongdoing, but honor their professional ethics, including the obligations to:
· Provide the highest level of service to all library users, and accurate, unbiased responses to all requests for assistance;
· Distinguish between personal convictions and professional duties;
· Strive for excellence via use of professional skills;
· Protect each patron’s right to privacy and confidentiality;
 This is advised by the ALA at http://www.ala.org/advocacy/intfreedom/guidelinesforaccesspolicies, and of course is required for municipal institutions.
 As part of this training, staff should be alerted to the library’s policies about any signs of activity posing a risk of imminent harm (which may be a result of illegal activity).
 This coordination is critical. Please don’t use any model language without considering your full suite of bylaws, manuals, policies, and procedures already in place.
We are looking to determine if there is a specific time frame for which email must be held. Can we designate in a policy that email will not be considered original documents - that all original documents must be in print format? AND if this is possible, how long then are we required to hold onto archived e-mail?
Please also comment on how, for state institutions, this issue is impacted by the NYS Archives Schedule MI-1 Schedule, which states:
“Generally, records transmitted through e-mail systems have the same retention periods as records in other formats that are related to the same program function or activity. E-mail records should be scheduled for disposition in conjunction with any other records related to the program function. Local governments may delete, purge, or destroy e-mail records provided that the records have been retained for the minimum retention established in this Schedule and are not being used for a legal action or audit.”
WNYLRC ATTORNEY’S RESPONSE
This has been a tough question to mull over! That is because the answer is superficially “yes,” but in reality: “no.”
How do we get to this disjointed conclusion? Schedule MI-1, as the member did, is a great place to start.
From there, although it is a bit older (in Internet years), the 2010 guidance from the New York State Archives, “Developing a Policy for Managing E-mail” (to which the Schedule MI-1 refers), speaks to this issue. On page 7, it states:
“Another management strategy has been to rely on the “lowtech” method of printing out important emails to integrate them into a paper recordkeeping system. Printing emails is still a viable option for a small organization with limited technology support and finances, provided that individuals across the organization consistently apply records retention requirements to the printed emails, capture all essential metadata, and file the emails with their respective attachments.” [emphasis added]
This would suggest that, for certain institutions, under certain circumstances, e-mail does not need to be retained in its original form to be an “original document.”
However, while it would be elegant, I cannot endorse this approach. As the guidance further states on page 13:
“The concept of “official copy” is problematic when dealing with email because of the volume of emails, the difficulty of controlling all copies, and the occasional need to prove an email was received as well as sent.” [emphasis added]
Since 2010, even more concerns make this a dubious solution. For a private institution, the requirements of accreditors, insurance carriers, and other stakeholders must be considered…while for libraries and archives that are part of local governments, per NYS regulation, the conversion of archival electronic records must be conducted in consultation with the State Archives, who may or may not endorse such a policy, based on the categories of documentation it would impact.
That said, for certain categories of documentation transmitted or received as e-mail (as defined by MI-1 or private policy), the “print approach” may work. As a wholesale solution, however, it is not legally viable.