James Madison University Libraries Privacy Policy

Approved for public posting on 07/30/2019. This policy will be reviewed on an annual basis. Minor edits made 7/31/2019.

Introduction

JMU Libraries strives to respect and protect the privacy of its users. This policy outlines the types of information we collect, how we secure it, and your ability to limit or access that information. It is created with reference to the American Library Association’s (ALA) Code of Ethics, the privacy interpretation of the ALA Library Bill of Rightsthe Society of American Archivists Core Values and Code of Ethics, the JMU Web Privacy Policy, and JMU policies. 

This policy will be reviewed routinely as new technology and practices emerge, to ensure ongoing protection of your privacy by JMU Libraries. This policy covers all units and operations under the authority of JMU Libraries. The policy does not extend to any entity not under the control of JMU Libraries, even if it is physically located in library space. This policy will be reviewed every three years, under the purview of Deans Council. 

Information We Collect

In order to offer library facilities and services it is necessary to collect personally identifiable information (PII)Any locally captured PII is stored securely with only authorized staff members having access, and is not shared with anyone else except as required by law or University policy. Information is purged after a set amount of time; in some cases, record keeping requires information to be stored perpetually 

The sections below describe the specific information gathered as you use library services. 

Facilities

  • Use of Special Collections requires registering with name, address, affiliation, and topic of research, as well as materials requested and accessed. These records are retained perpetually. 
  • Use of the Makery in Carrier and Rose Libraries may require the completion of training and a form affirming the user agrees to follow Makery regulations. These forms include name, student/employee ID, and signature. The paper forms are kept in a secured location, and a Google document with the patron name is retained in a staff-accessible account.  
  • Security cameras are placed throughout the library facilities. A live feed is available to campus safety and library staff responsible for building security. Recordings are stored for two weeks by JMU Public Safety and may be used in the case of an incident. Questions about recorded footage are referred to JMU Public Safety. Card swipes are placed throughout the library facilities. This data is available to campus safety and library staff responsible for building security. Data is stored by JMU Card Services and may be used in the case of an incident. Questions about card swipe data are referred to JMU Card Services.   
  • Public Services maintains information forms related to lost and found recovery. These paper forms capture name and email address and are securely stored for one semester and then destroyed. JMU Libraries follows the procedures detailed on the JMU Lost and Found page. 
  • Public Services maintains a record of the eID, date/time, and room location for Book A Group Study. 

Reference and Instruction Services

Chat reference services collect IP address, chat transcript, and any identifying information provided by the patron. Email reference services collect name, email, and status, as well as the question asked. In-person and phone consultation services collect question asked, answers, faculty e-id and demographic information (college, job classification). This information is stored on servers maintained by SpringShare, the vendor for these services, and is accessible by JMU Libraries staff.  

Workshop and programming services use a registration system that collects name, employee ID, email, and department. Data from these services is also entered into MyMadison and is accessible by JMU faculty and staff. These records are retained perpetually. 

Sometimes, library instruction, programming, consultations, or research assistance may make use of tools such as Google Apps or other non-JMU tools. Information acquired through these tools may be maintained for internal assessment purposes. 

Hardware: Desktop Computers, Scanners, Copiers

  • All library technology is covered by JMU IT policies, which are listed here. Certain information about workstation sessions is logged by JMU IT, please review the Appropriate Use of Information Technology policy. Generally, all information stored locally on publicly available library computers is cleared when the user logs off. Ensure the security of your information by never leaving your computer unattended in a public area and by logging out or restarting the computer when you’re finished. 
  • The scanner machines located throughout the Libraries do not store any information locally. You may choose to use features for scan-to-email, which logs a copy of your email address and timestamp for JMU Libraries staff only. Follow directions to ensure your email address is not displayed publicly. Please ask for assistance if you are unsure about using this feature.

Library Website and Authentication for Electronic Resources

When you access the library website or authenticate to access electronic resources from off campus the library may collect your IP address, eID, and name of the resource accessed.  

OpenAthens allows JMU users to connect from off-campus using Shibboleth to authenticate. Shibboleth is included in JMU IT’s Privacy Notice 

The library also uses Google Analytics to collect information about visitors to library websites. In most cases, the information collected contains your country, the technology you used, the pages accessed, and the length of your session. In some cases, your IP address is collected.  

Catalog and Use of Library Materials 

Your patron account includes your name, address, phone, email, eID, barcode, and university affiliation, as well as a record of fines you have incurred and/or paid. The record of items you have checked out of the library is maintained only while you have the items checked out or if you have fines associated with them. Otherwise, the borrowing history is purged immediately from your account after you return the materials; the item’s record, however, retains the ID of the most recent borrower. After your departure from the university, your patron account becomes inactive and is kept on file for four months. After four months, your library patron account is deleted.  

The library catalog has optional features such as saving items, search history, and borrowing history available to logged-in users who chose to use these features. Requests for purchases and similar records are also maintained on library servers, secure network drives, and JMU email accounts. This information is kept indefinitely. Paper hold slips are discarded after an item is checked out. 

The equipment reservation form on the Libraries website records patron name, eID, and requested item via an email to the Equipment Manager, which is stored perpetually. 

Members of the public may use public workstations via a community login process. The community logins are paper forms that collect the date, time, patron name and the type of login (1-hour key, researcher key, or guest wireless key). Those forms for kept for one year and then destroyed. 

Fines

Information related to the accrual and payment of fines is collected in various manners. Patron fine/item information is kept within the library system, in a secured fine ledger at each library location, and in secured paper and electronic records that are shared with the University Business Office, if the fine reaches invoicing stage. Upon invoice, a printed bill that includes the patron and item information is created and maintained in the Circulation Systems & Borrowing Coordinator’s office. Item information is only shared with the University Business Office if that office sends the patron account to a collection agency.  

Within the individual patron account, a record of all items for which that patron has been billed is maintained. This information is secured behind an administrative log-in. 

All financial documentation is kept for four years (one year longer than the state requires). Beyond that threshold, at the end of each fiscal year, all fine data from the library system is deleted and any paid paper invoices are securely destroyed. Any invoice that has not been paid is kept until the time at which it is paid. 

Interlibrary Loan and Document Delivery

Patron information stored by the Interlibrary Loan and document delivery system, ILLiad, include name, address, phone, email, eID, barcode, and university affiliation. Requests, including item names, placed through interlibrary loan and document delivery services are stored in the ILLiad database hosted at JMU, and recorded in a shared email account. These records are retained perpetually. 

Third-Party Services

The library contracts with many third-party services to provide services, including reference management, ebooks, electronic resources, academic software, and digital collections. These vendors are expected to comply with JMU policies. These services may collect session data of various kinds such as IP address, resources accessed, and search logs. Some vendors offer additional services you can optionally access with a personal account, but there are services which require registering with your JMU email address. Use of vendor services is governed by their privacy and security policies. Certain policies are listed below, but please check a vendor’s website if you have specific questions: 

Security of Your Information

Information submitted through the Internet can be potentially compromised. Most pages requiring a password are securely transmitted. All browsers should have security warnings about whether a page is secure or not. Information collected through use of the library website or resources will be stored on vendor servers, in JMU email accounts, or on secure network drives.  

Access to Your Information by You and Others

If you have concerns or questions about information the library has collected about you, please contact the Libraries at https://www.lib.jmu.edu/help/email.aspx. Information collected may be used for assessment purposes. Research using PII-related information will only be conducted in accordance with IRB regulation. Requests for your information by law enforcement will be referred to the appropriate JMU authorities. 

If you wish to inspect the data that the library currently holds about you, JMU Policy 2112, section 6.1 provides: 

Students who wish to inspect and review their education records may do so by submitting a written request to the official responsible for the specific record desired. The responsible official must respond within 45 days of the request by sending the student a copy of the requested record or arranging an appointment for the student to review the requested data. 

Such requests should be directed to JMU Libraries’ general email: https://www.lib.jmu.edu/ask/email/