Submission Date:
Question:
We are a municipal library and the building is owned by the county. The county will be installing security cameras outside the library in multiple locations for safety reasons. These cameras will not be regularly monitored unless there is a reason to consult them. We will not be viewing the footage per a patron’s request. They will be maintained by our county facilities staff and consulted only in cases where a criminal act was committed.
I have two questions related to this.
1. What type of permanent notification do we need to post about the use of cameras?
2. What major points do we need to ensure we include in our privacy policy?
Answer:
Many libraries, for a variety of good reasons, have security cameras. Some libraries control those recording systems; others do not. But no matter how they get there, when cameras are in a library, the questions posed by the member are critical.
Here is why: every library in the State of New York is bound by ethics and law to safeguard patron privacy. Those obligations start with the ethics of the American Library Association[1] and the New York Library Association,[2] assuring patron privacy; these ethics find legal teeth in New York Civil Practice Law and Rules[3] and the Public Officer's Law.[4]
At the local level, patron privacy is often reinforced in a library's ethics statement, bylaws, and policies. The practical duties of patron privacy are found in job descriptions (particularly of directors and IT professionals), and in membership terms between libraries and systems. And it is part of every new employees' on-boarding.[5]
Because librarians and library leadership are so aware of this privacy obligation, and because assurance of patron privacy is a key component of information access, protecting patron privacy is often referred to in the library community as nigh-unto-sacred duty. So sacred, in fact, that I have met more than one librarian willing to go toe-to-toe with law enforcement seeking unauthorized access to patron data.[6]
While it takes a certain type of gumption to stand up to law enforcement, it takes another type (equally critical, but not as concentratedly defiant) of gumption to think about patron privacy in the context of software, landlords, and security cameras. One takes a willingness to take a stand in the moment. The other takes a willingness to think about details, to leave nothing to chance, and to ask a lot of very specific, very persistent questions.[7]
Both of these types of gumption are critical to the modern librarian, but only one gives you an easily dramatic answer to the question "how was your day?"
We'll leave the dramatic aspect of this for another time.[8] Below, please find a boring--but vital-- checklist of steps and language to help a library answer the questions posed by the member, when a landlord is using cameras trained on library premises:
Step 1: Assess what the library's lease says about security and use of cameras
For libraries with landlords (remember, your library has a landlord even if you only pay a token amount of rent,[9]) it is important to have a written lease.
Why? Because, among other critical things,[10] that lease can provide clarity about who provides the on-site security (including a camera system) and set the stage for how the landlord and the tenant will manage security-related details.
In this case, the member has clarified that the security system will be controlled by the municipal (county) landlord. Here are the details posited by the member:
These cameras will not be regularly monitored unless there is a reason to consult them. We will not be viewing the footage per a patron’s request. They will be maintained by our county facilities staff and consulted only in cases where a criminal act was committed.
These details, upon which the library will base its own actions, should be confirmed in the lease. Such confirmation should include, whenever possible, a marked survey or map of the property, showing the limits of the camera's line of sight.
Step 2: Assess if the lease terms and security camera arrangements promote the privacy commitments of the library
Just a note: while a municipality may procure and install a camera system with the intent to only monitor it "in the event of alleged criminal activity," in my experience, there is no way to enforce such a restriction, and some risk that the use of the cameras could change over time.
For instance:
- The recordings could be subject to disclosure under the Freedom of Information law;
- The recordings could be accessed via subpoena in the event of an alleged personal injury or other civil claim;
- The temptation for a town, city, or county to use the recordings internally (even for something as innocent as using them to check if a snowplow crew did a good job, or if a worker is arriving on time) might be hard to resist.
A library can't control this. That said, when a camera system is installed, a library can request assurance that the municipality's internal policy, governing the cameras, include language:
- Alerting the users of the system to the sensitivity of patron records at a library;
- Confirming that the footage showing people entering and leaving the library is not regarded as a "library record" by either party; and
- Confirm that under no circumstances should the security cameras enable recording of information reflecting patron use of services.[11]
Once a library performs these two steps, it can answer the member's two questions:
First question: What type of permanent notification do we need to post about the use of cameras?
Once the library has written assurance that the landlord's use of recording technology will not result in the creation or disclosure of a library record, it is up to the director and board if, or how, your library should alert the community.
Personally, as a patron, I would appreciate a "courtesy notice" such as: "Your library records are confidential. Please know that while our landlord has security cameras in [ZONES], the library does not allow recording that could impact patron privacy inside the building."[12]
OR (if the library makes use of its own security cameras): "Your library records are confidential. Please know that our landlord has security cameras in [ZONES] and may use those for security purposes, but any security camera record maintained by the Library that shows use of library services is considered confidential and is used for library purposes only."
Second question: What major points do we need to ensure we include in our privacy policy?
The privacy policy of the library, or in the alternative, the minutes of the board, should reflect the details and privacy safeguards confirmed through the two-step analysis above.
For instance, after the analysis is done, the board can note in the minutes: "Regarding the landlord's use of outside security cameras: As of DATE, the Library's landlord, NAME, will have security cameras observing certain outdoor areas, including library property. The Library has verified that its lease, and the landlord's internal policy, prevent the landlord's security cameras from generating or disclosing confidential library records. The public will be notified as to where the cameras are recording, and that such recordings are not confidential library records."
I appreciate that this review/confirm process can be a bit clunky. However, it is also an opportunity to alert a critical partner (a landlord, and sponsoring municipality) to the importance of library-patron confidentiality, and to assure the public that privacy is a priority. By seizing the moment to confirm that privacy is being properly considered and enforced, a library not only assures its ethics and legal compliance, but can create an ally in that eternal (and important) fight.[13]
I hope this approach is helpful.
[2] As found in the NYLA Code of Ethics: " III. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted."
[3] CPLR 4509 states: “Library records, which contain names or other personally identifying details regarding the users ...including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute.”
[4] https://docs.dos.ny.gov/coog/ftext/13308.htm
[5] If it's not, it should be.
[6] You guys are so cool when you do that.
[7] Like the member is, here.
[8] Actually, we address it here: RAQ #26.
[9] Generally, this token rent is placed at $1/year. Just once it would be fun to see a more random number, like $1.26/year.
[10] Such as insurance, hours of operation, emergency procedures, notification in the event of injury, protocol for repairs, capital improvements, etc... For more commentary on this, see RAQ #166 about having any MOU with a sponsoring municipal entity.
[11] If security cameras are aimed at a curbside pick-up location, the library should consider if the recording is a library record.
[12] Forbidding recording in a public library is a controversial topic, I know. This language is written to address recording that can impact patron privacy.
[13] Hey, I managed to make careful attention to minutia sound dramatic!
Tag:
Ethics, Municipal Libraries, Privacy, Law enforcement, Surveillance
