Privacy Policy

Last reviewed and revised 7/21/2025 

Introduction 

JMU Libraries strives to respect and protect the privacy of its users. This policy outlines the types of information we collect, how we secure it, and your ability to limit or access that information. It is created with reference to the American Library Association’s (ALA) Code of Ethics, the privacy interpretation of the ALA Library Bill of Rights, the Society of American Archivists Core Values and Code of Ethics, the JMU Web Privacy Policy, and JMU policies.  

This policy is reviewed annually as new technology and practices emerge, to ensure ongoing protection of your privacy by JMU Libraries. This policy covers all units and operations under the authority of JMU Libraries. The policy does not extend to any entity not under the control of JMU Libraries, even if it is physically located in library space. This policy will be reviewed by the Executive Committee of Deans Council.  

Information We Collect 

In order to offer library facilities and services it is necessary to collect personally identifiable information (PII). Any locally captured PII is stored securely with only authorized staff members having access, and is not shared with anyone else except as required by law or University policy. Information is purged after a set amount of time; in some cases, record keeping requires information to be stored perpetually.   

The sections below describe the specific information gathered as you use library services.  

Facilities 

• Use of Special Collections requires registering with name, address, affiliation, and topic of research, as well as materials requested and accessed. These records are retained perpetually.  

• Use of The Makery may require the completion of training and a form affirming the user agrees to follow Makery regulations. These forms include name, student/employee ID, and signature. The paper forms are kept in a secured location, and a Google document with the patron name is retained in a staff-accessible account.   

• Security cameras are placed throughout the library facilities. A live feed is available to campus safety and library staff responsible for building security. Recordings are stored for two weeks by JMU Public Safety and may be used in the case of an incident. Questions about recorded footage are referred to JMU Public Safety. 

•  Card swipes are placed throughout the library facilities. This data is available to campus safety and library staff responsible for building security. Data is stored by JMU Card Services and may be used in the case of an incident. Questions about card swipe data are referred to JMU Card Services.    

• Library & Information Services maintains forms related to lost and found recovery. These paper forms capture name and email address and are securely stored for one semester and then destroyed. JMU Libraries follows the procedures detailed on the JMU Lost and Found page.  

• Library & Information Services maintains a record of the eID, date/time, and room location for group study rooms. This information is stored on servers maintained by Springshare, the vendor for these services, and is accessible by JMU Libraries staff.   

Reference and Instruction Services 

Chat reference services collect IP address, chat transcript, and any identifying information provided by the patron. Email reference services collect name, email, and status, as well as the question asked. In-person and phone consultation services collect question asked, answers, faculty e-id and demographic information (college, job classification). This information is stored on servers maintained by Springshare, the vendor for these services, and is accessible by JMU Libraries staff.   

Workshop and programming services use a registration system that collects name, email, status, and JMU  College or Unit.  This information is stored on servers maintained by Springshare, the vendor for these services, and is accessible by JMU Libraries staff. These records are retained perpetually.  

Sometimes, library instruction, programming, consultations, or research assistance may make use of tools such as Google Apps or other non-JMU tools. Information acquired through these tools may be maintained for internal assessment purposes.  

Hardware: Desktop Computers, Scanners, Copiers, Guest Wireless Internet 

• All library technology is covered by JMU IT policies. Certain information about workstation sessions is logged by JMU IT, please review the Appropriate Use of Information Technology policy. Generally, all information stored locally on publicly available library computers is cleared when the user logs off. Ensure the security of your information by never leaving your computer unattended in a public area and by logging out or restarting the computer when you’re finished.  

• The scanner machines located throughout the Libraries do not store any information locally. You may choose to use features for scan-to-email, which logs a copy of your email address and timestamp for JMU Libraries staff only. Follow directions to ensure your email address is not displayed publicly. Please ask for assistance if you are unsure about using this feature. 

• Members of the public may use public workstations via a community login process. The community logins are paper forms that collect the date, time, patron name and the type of login (1-hour key, researcher key, or guest wireless key). Those forms for kept for one year and then destroyed.  

Library Website and Authentication for Electronic Resources 

When you access the library website or authenticate to access electronic resources from off campus the library may collect your IP address, eID, and name of the resource accessed.   

OpenAthens allows JMU users to connect from off-campus using Shibboleth to authenticate. Shibboleth is included in JMU IT’s Privacy Notice.   

The library also uses Google Analytics to collect information about visitors to library websites. In most cases, the information collected contains your country, the technology you used, the pages accessed, and the length of your session. In some cases, your IP address is collected.   

Library Search and Use of Library Materials  

Your patron account includes your name, address, phone, email, eID, barcode, and university affiliation, as well as a record of fines you have incurred and/or paid.  With the exception of equipment loans, the record of items you have checked out of the library is maintained until those items are returned. Equipment loan data is kept for a maximum of 30 days or until 1 subsequent checkout, whichever comes first. After your departure from the university, if there are no outstanding loans or fines associated with your account, your library account becomes inactive and is deleted within two years. 

Requests for purchases and similar records are also maintained on library servers, secure network drives, and JMU email accounts. This information is kept indefinitely. Paper hold slips are discarded after an item is checked out.  

The equipment reservation form on the Libraries website records patron name, eID, and requested item via an email to the Equipment Manager, which is stored perpetually.  

Fines 

Patron fine and related item information is kept within the library system (which includes the patron account) and electronic records both of which are secured behind an administrative log-in.  Electronic records are shared with the University Business Office to facilitate the payment process.  Item information is only shared with the UBO if unpaid invoices are sent to a collection agency, otherwise fine and item information may only be shared with the patron account holder.  Expired patron accounts cannot be deleted until fines are resolved. 

Within the individual patron account, a record of all items for which that patron has been billed is maintained. This information is secured behind an administrative log-in and is only available to authorized employees of the JMU Libraries.   

Interlibrary Loan  

Patron information stored by the Interlibrary Loan and document delivery system, ILLiad, include name, address, phone, email, eID, barcode, and university affiliation. Requests, including item names, placed through interlibrary loan and document delivery services are stored in the ILLiad database hosted at JMU, and recorded in a shared email account. These records are retained perpetually.  

Third-Party Services 

The library contracts with many third-party services to provide services, including reference management, ebooks, electronic resources, academic software, and digital collections. These vendors are expected to comply with JMU policies. These services may collect session data of various kinds such as IP address, resources accessed, and search logs. Some vendors offer additional services you can optionally access with a personal account, but there are services which require registering with your JMU email address. Use of vendor services is governed by their privacy and security policies. Certain policies are listed below, but please check a vendor’s website if you have specific questions:  

• Ex Libris 

• EBSCO  

• JSTOR ProQuest  

• Springshare   

• OpenAthens   

• Canvas   

• LinkedIn 

• LinkedIn Learning Information 

• Pressbooks 

• Camtasia 

• SPSS – IBM 

• Explorance (Blue) 

• GoReact 

• Gradescope 

• Poll Everywhere 

• Respondus 

• SAS 

• Sensus Access 

• Mathworks

• Turnitin 

• Mathematica 

• Adobe

• Aviary 

• Third Iron (LibKey) 

• Overleaf 

Security of Your Information 

Information submitted through the Internet can be potentially compromised. Most pages requiring a password are securely transmitted. All browsers should have security warnings about whether a page is secure or not. Information collected through use of the library website or resources will be stored on vendor servers, in JMU email accounts, or on secure network drives.   

Access to Your Information by You and Others 

If you have concerns or questions about information the library has collected about you, please contact the Libraries. Information collected may be used for assessment purposes. Research using PII-related information will only be conducted in accordance with IRB regulation. Requests for your information by law enforcement will be referred to the appropriate JMU authorities.  

If you wish to inspect the data that the library currently holds about you, JMU Policy 2112, section 6.1 provides:  

Students who wish to inspect and review their education records may do so by submitting a written request to the official responsible for the specific record desired. The responsible official must respond within 45 days of the request by sending the student a copy of the requested record or arranging an appointment for the student to review the requested data.  

Such requests should be directed to the Libraries’ general email.