ALA Library Code of Ethics Statement III: We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

Privacy issues are a hot-button topic as citizens become more aware of how easily technology can gather, hold and analyze personal data and how increasingly their own online activities can be monitored. As a society, we are weighing our individual need for privacy against our need for security and convenience. Schools reflect the societal concerns and the librarian is often placed in an advisory or even decision-making position regarding privacy issues.

State and national laws are specific about the confidentiality of some forms of student information, including grades, health, and attendance records. Laws for 48 states and the District of Columbia that address the confidentiality of library records can be found on ALA’s Office of Intellectual Freedom website. The Family Educational Rights and Privacy Act (FERPA) is a Federal law that addresses student educational privacy rights. School board policies address student privacy rights and these policies should be in compliance with federal and state laws.

While the librarian needs to be aware of the general laws and board policies regarding student data privacy issues, the ethical choices we must make about giving student library usage information may fall outside the parameters of legally or policy defined “education records.” Circulation records, Internet use logs, and other professional observations generally do not fit the description of an “education record.” State laws referring to library records may not be interpreted as applicable to school library records. (Please remember, I am not a lawyer although I sometimes play one on the Internet.)

Adding complexity to ethical choices that must be made in interpreting the general statement about a library patron’s right to privacy, minors have traditionally been accorded fewer privacy rights than adults. To what extent do we as educators reveal the information-seeking and reading habits of an individual student to other adults who have a custodial responsibility for the well being of that student? Do I let a child’s parent, teacher, or school counselor know if one of my students has been accessing “how-to” suicide materials on the web? Do I give information to an authority on a child’s Internet use if it appears that the authority is just on a “fishing trip” with little probable cause for needing this data?

There are often legitimate pedagogical reasons to share with a child’s teachers information about that child’s library resource use. Is the child selecting reading materials at a level that allows that child to practice his or her reading skills? Is the child using the online resources to complete a classroom assignment? Who should have access to the records accomanying online reading program and collections?

While most of us can agree that violating the privacy of our students for our own convenience (displaying overdue lists that link student names with specific materials on the library bulletin board, school website, or sending such information to parents directly) or blindly supplying information about student reading or browsing habits to any adult who requests such information is unethical, finer guidelines need to be established if we are to act ethically in the broader context of student and school welfare.

I would suggest we ask ourselves as librarians when making decisions about student privacy issues:

• What are my school’s policies and state and federal laws regarding the confidentiality of student information? Have I consulted with and can I expect support from my administration regarding decisions I make regarding student privacy? Is there recourse to the school’s legal counsel regarding difficult or contentious issues?
• What is the legitimate custodial responsibility of the person or group asking for information about a student?
• How accurately and specifically can I provide that information?
• By providing such information is there a reasonable chance the information may prevent some harm to either the individual or to others in the school or community?
• Is there a legitimate pedagogical reason to share student information with a teacher? Am I sharing information about materials that students are using for curricular purposes or for personal use?
• Have I clearly stated to my students what the library guidelines are on the release of personal information? If the computers in the library are or can be remotely monitored, is there a clear statement of that fact readily posted?
• If student activity on a computer is logged, are students aware of this record, how long the log is kept, how the log may be used, and by whom?

As librarians, we of course need to help students be aware of technology issues related to privacy both so that they can protect their own privacy and honor the privacy of others. Students need to understand that businesses and organizations use information to market products, and that information is often gathered electronically, both overtly and covertly. Students need to know that a stranger is a stranger, whether met on the playground or on the Internet and that personal information shared with a stranger may put themselves and their families at risk. Students need to know that schools have the right to search their files when created and stored on school owned computer hardware. Students need to be taught to respect the privacy of others: that because information is displayed on a computer screen doesn’t make it public; that information inadvertently left accessible does not mean that it is appropriate to access it.

We need to help the school set good guidelines. Helen Adam’s (2002) booklet The Internet Invasion: Is Privacy at Risk lists six specific school topics related to privacy, and the librarian should understand the privacy issues surrounding each and be able to help make good school policy related to them:

1. Addressing Privacy in an Acceptable Use Policy
2. Privacy Policies or Statements on District Websites
3. Identifying Students on District Websites
4. Making Student Records Available Electronically
5. Conducting Market Research on Students
6. Students Providing Personal Information About Themselves

As Adams reminds us, “This is one of the gray areas for thinking individuals to ponder.”

See also the recently released: Library Privacy Guidelines for Students in K-12 Schools, ALA 4/2/2016