The statement below explains the steps that Portland Community College (“PCC”) Library takes to respect and protect your privacy when you use library resources. (PCC) Library has a deep-rooted commitment to protecting the privacy and confidentiality of library users. This commitment is in compliance with local, state and federal rules, as well as PCC policies, and is consistent with the American Library Association’s Code of Ethics. Oregon Revised Statute 192.502 (23) exempts from disclosure under open records law: “The records of a library, including: (a) Circulation records, showing use of specific library material by a named person; (b) The name of a library patron together with the address or telephone number of the patron; and (c) The electronic mail address of a patron.” Privacy and confidentiality practices A. Notices and openness PCC Library posts its privacy and confidentiality practices on the library website and regularly reviews them with library faculty, staff, and student workers. The library avoids creating unnecessary records and retains records in compliance with applicable records retention regulations. B. Gathered and retained information Information gathered and retained may include the following: Students and PCC employees: Information required to have a library account is supplied by Banner. That information is not retained when a student or employee leaves PCC once the account is in good standing. Community users: Information is retained as long as the user has an account with PCC Library. Records of material checked out, charges owed, payments made. Electronic access information. Requests for interlibrary loans, Summit loans, or reference service. C. Choice and consent If you provide personally identifiable information to PCC Library, it may retain your private and personally identifiable information. If you you provide PCC Library with personally identifiable information, the library will keep it confidential and will not sell, license, or disclose personal information to any third party without your consent, except agents working on behalf of the library or unless PCC library is legally permitted to do so. If PCC Library makes a service available for your convenience that may in some way lessen the library’s ability to protect the privacy of your personally identifiable information or the confidentiality of information about your use of library materials and services, PCC Library will: (1) provide you with a privacy warning regarding that service; and (2) make it possible for you to “opt in” or “opt out” of that service. Examples: the ability for you to track your reading history or write reviews in the library catalog is attached to your library account, and may lessen the privacy you otherwise have in your information. D. User access and responsibility You are entitled to view your personally identifiable information and are responsible for keeping your information accurate and up-to-date. The library will explain the process for accessing or updating your information on its website or in person, upon request. E. Data integrity and security PCC Library takes reasonable steps to ensure data integrity and protects personally identifiable information by electronically purging or manually shredding data once the prescribed retention period has been completed. When PCC provides aggregate summary data for which personally identifiable information is not needed, PCC removes personally identifiable information. F. Third-party security PCC Library ensures that the library’s contracts, licenses, and offsite computer service arrangements reflect library policies and legal obligations concerning user privacy and confidentiality. Library agreements address appropriate restrictions on the use, aggregation, dissemination, and sale of that information. When connecting to licensed databases outside the library, the library releases only information that authenticates users as registered PCC Library borrowers. Nevertheless, users must be aware, when accessing remote sites, that there are limits to the privacy protection the library can provide. Some users may choose to take advantage of RSS feeds from the library catalog, public blogs, hold and overdue notices via e-mail or text message, and similar services that send personal information related to library use via public communication networks. These users must also be aware that the library has limited ability to protect the privacy of this information once it is outside the library’s control. G. Cookies Users accessing the library’s website will need to enable cookies in order to access a number of resources available through the library. Library servers use cookies solely to verify that a person is an authorized user in order to allow access to licensed library resources and to customize web services to that user’s specification. Cookies sent by library servers containing authorization information will disappear soon after the user’s computer browser is closed. H. Security measures Library procedures limit access to data and data for unauthorized purposes. PCC Library limits access through use of passwords and storage of data on secure servers or computers that are inaccessible from a modem or network connection. I. Staff access to personal information Library staff may access personal data stored in the library’s computer system only for the purpose of performing their assigned library duties. Staff are prohibited from disclosing your personal data to any other party, unless required by law or to fulfill your service request. The library does not sell, lease, or give users’ personal information to companies, governmental agencies, or individuals except as required by law or with a user’s authorization. J. Enforcement and redress If you have a question, concern, or complaint about PCC Library’s handling of your information, you may file written comments with the Library Dean. PCC Library will respond in a timely manner and may conduct a privacy investigation or review of practices and procedures. The Library Dean is the custodian of library records and is the only party authorized to receive or comply with public-records requests or inquiries from law enforcement officers. The Dean may delegate this authority to designated members of the library’s management team. The Library Dean may confer with the Director of Public Safety, Vice President for Academic Affairs, or Vice President of Administrative Services before determining the proper response to any request for records. PCC will provide state, federal, or local government authorities with personally identifiable information only when it is legal to do so. Library employees are trained to refer any law enforcement inquiries to the Office of the Library Dean. K. Illegal activity is prohibited and not protected In accordance with PCC Policies, library users may not use PCC resources to commit illegal actions. Nothing in this statement prevents the library from exercising its right to enforce its behavior rules, protect its facilities, network, and equipment from harm, or prevent the use of library facilities and equipment for illegal purposes. The library can electronically monitor public computers and external access to its network and reserves the right to do so. Staff is authorized to take immediate action to protect the security of library users, staff, facilities, computers, and network. This includes contacting law enforcement authorities and providing information that may identify the individual(s) perpetrating a violation. Reviewed 4/27/2015, 6/6/2016 Updated 11/22/2010 Related PCC Policies