Libraries @ Montana State University

mobile-friendly page | skip navigation

MSU home page MSU Academic Affairs MSU Administration MSU Admissions Ask a Librarian Ask a Librarian Chat with a Librarian Use IM to Ask a Librarian a Question Ask a Librarian (Via Email) Ask a Librarian

Montana State University Libraries Privacy Policy

I. Introduction

Privacy is essential to the exercise of free speech, free thought, and free association. In the Montana State University Libraries the right to privacy is the right to open inquiry without having the subject of one's interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.

The courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution. The State of Montana provide guarantees of privacy through the Montana Library Records Confidentiality Act (MCA 22-1-1101) [http://data.opi.state.mt.us/BILLS/MCA_toc/22_1_11.htm]. Numerous decisions in case law have defined and extended rights to privacy. MSU Libraries' privacy and confidentiality policies are in compliance with applicable federal, state, and local laws.

User rights-as well as the MSU Libraries' responsibilities-outlined here are based in part on what are known in the United States as the five "Fair Information Practice Principles." These five principles outline the rights of Notice, Choice, Access, Security, and Enforcement.

Our commitment to your privacy and confidentiality has deep roots not only in law but also in the ethics and practices of librarianship. In accordance with the American Library Association's Code of Ethics: "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted."

II. Montana State University Libraries' Commitment to Our Users Rights of Privacy and Confidentiality

This privacy policy explains your privacy and confidentiality rights, the steps MSU Libraries takes to respect and protect your privacy when you use library resources, and how we deal with personally identifiable information that we may collect from our users.

1. Notice & Openness

We affirm that MSU Libraries' users have the right of "notice"-to be informed about the policies governing the amount and retention of personally identifiable information, and about why that information is necessary for the provision of library services.

We post publicly and acknowledge openly the privacy and information-gathering policies of MSU Libraries. Whenever policies change, notice of those changes is disseminated to our users.

In all cases we avoid creating unnecessary records, we avoid retaining records not needed for the fulfillment of the mission of the Libraries, and we do not engage in practices that might place information on public view.

Information we may gather and retain about current and valid library users includes the following:

  • User Registration Information
  • MSU Student/Employee ID numbers
  • Circulation Information
  • Inter-Library Loan Request Information
  • Electronic Access Information
  • Information Required to Provide Library Services
2. Choice & Consent

This policy explains MSU Libraries' information practices and the choices you can make about the way the Libraries collects and uses your information. We will not collect or retain your private and personally identifiable information without your consent. Further, if you consent to give us your personally identifiable information, we will keep it confidential and will not sell, license, or disclose personal information to any third party without your consent, unless we are compelled to do so under the law or to comply with a court order.

If you wish to receive borrowing privileges, we must obtain certain information about you in order to provide you with a library account, which includes your name, home address, telephone number, E-mail address, and (if you are affiliated with Montana State University) your GID/CatCard number. When visiting the Libraries' Web site and using our electronic services, you may choose to provide your name, E-mail address, MSU Banner/GID/CatCard number, phone number, or home address to access certain services or resources.

If you are affiliated with Montana State University, the Libraries automatically receives personally identifiable information to create and update your library account from the Registrar's Office (for students) or Human Resources (for employees).

If you are a citizen of the State of Montana who requests borrowing privileges at the Libraries, you have the option of providing us with an E-mail address for the purpose of notifying you about your library account. You may request that we remove your E-mail address from your record at any time.

We never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to prohibit such unrelated uses, unless we are compelled to do so under the law or to comply with a court order.

3. Access by Users

Individuals who use library services that require the function and process of personally identifiable information are entitled to view and/or update their information. You may either view or update your personal information online or in person. In both instances, you may be asked to provide some sort of verification such as a password or identification card to ensure verification of identity. If you are affiliated with Montana State University you update your information through your MSU MyInfo account. The purpose of accessing and updating your personally identifiable information is to ensure that library operations can function properly. Such functions may include notification of overdue items, recalls, reminders, etc. The Libraries will explain the process of accessing or updating your information so that all personally identifiable information is accurate and up to date.

4. Data Integrity & Security

Data Integrity: The data we collect and maintain at the Libraries must be accurate and secure. We take reasonable steps to assure data integrity, including: using only reputable sources of data; providing our users access to their own personally identifiable data; updating data whenever possible; utilizing middleware authentication systems that authorize use without requiring personally identifiable information; destroying untimely data or converting it to an anonymous form.

Data Retention: We protect personally identifiable information from unauthorized disclosure once it is no longer needed to manage library services. We will purge or shred personally identifiable information on library resource use, material circulation history, inter-library loan requests, and security/surveillance tapes and logs.

Tracking Users: We remove links between patron records and materials borrowed when items are returned and we delete records as soon as the original purpose for data collection has been satisfied. We permit in-house access to information in all formats without creating a data trail. MSU Libraries has invested in appropriate technology to protect the security of any personally identifiable information while it is in the Libraries' custody, and we ensure that aggregate, summary data is stripped of personally identifiable information. We do not ask library visitors or Web site users to identify themselves or reveal any personal information unless they are borrowing materials, requesting special services, registering for programs or classes, or making remote use from outside the library of those portions of the Libraries' Web site restricted to registered borrowers under license agreements or other special arrangements. We discourage users from choosing passwords that could reveal their identity, including social security numbers. We regularly remove cookies, Web history, cached files, or other computer and Internet use records and other software code that is placed on our computers or networks.

Third Party Security: We ensure that our library's contracts, licenses, and off-site computer service arrangements reflect our policies and legal obligations concerning user privacy and confidentiality. Should a third party require access to our users' personally identifiable information, our agreements address appropriate restrictions on the use, aggregation, dissemination, and sale of that information. In circumstances in which there is a risk that personally identifiable information may be disclosed, we will warn our users. When connecting to licensed databases outside the library, we release only information that authenticates users as "members of our community." Nevertheless, we advise users of the limits to library privacy protection when accessing remote sites since some of these remote sites may be able to identify a user's IP address. The electronic resources to which we subscribe (ie. electronic journal and database providers), keep their own usage statistics. None of the resources require personally identifying information, although several do offer opt-in services. As the electronic resources are external Web sites, and not under the control of the MSU Libraries, we encourage you to review the privacy policy of each resource prior to submitting your personal information.

This website uses Google Analytics, a Web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the Web site analyze how users use the site. The information generated by the cookie about your use of the Web site (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Web site, compiling reports on Web site activity for Web site operators and providing other services relating to Web site activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For further information you may wish to consult Google Analytics' Privacy Statement.

Cookies: Users of networked computers will need to enable cookies in order to access a number of resources available through the Libraries. A cookie is a small file sent to the browser by a Web site each time that site is visited. Cookies are stored on the user's computer and can potentially transmit personal information. Cookies are often used to remember information about preferences and pages visited. You can refuse to accept cookies, can disable cookies, and remove cookies from your hard drive. Our Library servers use cookies solely to verify that a person is an authorized user in order to allow access to licensed library resources and to customize Web pages to that user's specification. Cookies sent by MSU Libraries servers will disappear when the user's computer browser is closed. We will not share cookies information with external third parties.

Security Measures: Our security measures involve both managerial and technical policies and procedures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data. Our managerial measures include internal organizational procedures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Our technical security measures to prevent unauthorized access include encryption in the transmission and storage of data; limits on access through use of passwords; and storage of data on secure servers or computers that are inaccessible from a modem or network connection.

Staff access to personal data: We permit only authorized Libraries staff with assigned confidential passwords to access personal data stored in the Libraries' computer system for the purpose of performing library work. We will not disclose any personal data we collect from you to any other party except where required by law or to fulfill an individual user's service request. The Libraries does not sell or lease users' personal information to companies, universities, or individuals.

5. Enforcement & Redress

MSU Libraries will not share data about individuals with third parties unless required by law. We conduct regular privacy audits in order to ensure that all library programs and services are enforcing our privacy policy. Library users who have questions, concerns, or complains about the Libraries' handing of their privacy and confidentiality rights should file written comments with the Dean of Libraries. We will respond in a timely manner and may conduct a privacy investigation or review of policy and procedures.

Only the Dean of Libraries and the Associate Dean of Libraries are authorized to receive or comply with requests from law enforcement officers; MSU Libraries confers with MSU legal counsel before determining the proper response. MSU Libraries will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction that shows good cause and is in proper form. The Libraries has trained all library staff and volunteers to refer any law enforcement inquiries to library administrators.

Last updated: 01/9/2009