Institutional Data Policy

Adopted December 15, 2015.

Purpose

The library is committed to continuous improvement of its services for and with the Oak Park community. As such, it uses specific types of information to achieve its mission, vision, and strategic goals. Taken together, this information is called “institutional data.”

Principles

The library is guided by the values of accountability and integrity in the provision of public services. These values speak to the need for openness and responsibility in its information curating practices. As such, the library upholds the American Library Association’s Library Bill of Rights position statement regarding users’ reasonable expectation to confidentiality and privacy.

Scope

“Institutional data” is information created, collected, maintained, transmitted, or recorded in ordinary operations for the library to improve its services, collections, programs, spaces, and customer experiences. It includes: (1) data used for planning, managing, and assessing library operations in an ongoing and formative manner to meet the library’s Mission, Vision, and Strategic Plan; metrics created, collected, maintained, and reported as required for the Illinois Public Library Annual Report (IPLAR) to the Illinois Secretary of State and State Librarian; and aggregated, anonymous data collected in surveys or via digital analytics directly related to services.

It does not include personal data which is information created, collected, maintained, transmitted, or recorded by personal or library-owned devices, media, or systems that is personal in nature and not related to library business.

Privacy, Collection, and Uses of Information

The library does not collect, store, maintain, or use any personal information from customers or staff without obtaining their permission to do so. Personal information that is collected with permission is limited to what is necessary for the proper administration of the library, only used for the intended purpose for which it was collected, and is not stored beyond its intended use. See policy on Confidentiality of Circulation Records.

Non-personal, non-identifiable, aggregated information is used by the library for ordinary administration and institutional accountability. Access to and security of institutional data is limited to those library staff professionals as determined by the Executive Director whose roles and responsibilities require it in the ordinary provision of service and consistent with its intended purpose at the time of collection.

On occasion, the library may partner with other public service agencies, educational institutions, or funders beyond what is required for the IPLAR where aggregated data may be shared in order to refine services or collaboratively address a community-identified priority. No personal information would be shared without explicit consent acquired.

Choice means giving users options as to how any personal information collected may be used. Provision of many library services requires the collection and retention of personally identifiable information. Whether this is required (e.g., in order to circulate library material), automatic (e.g., as in some web-based library services), or voluntary (e.g., when engaging in a survey), this information is retained only as long as is necessary to fulfill the function for which it was initially acquired.

For expedience and service of users, the library has adopted an “opt-in” approach for aggregated data. This means that by using library spaces, materials, and services, the default is consent for non-personalized information to be gathered (e.g., number of people entering the building in a day, number of people using a database, etc.). Where personally identifying information is requested, consent—verbal, paper, or digital—is required at the point of collection. This includes, but is not limited to, customer service surveys, focus groups, or other qualitative service-improvement information.

« Back to Policies