Commitment to Privacy

As expressed in its mission, Cornell University aims to “discover, preserve, and disseminate knowledge” and “promote a culture of broad inquiry throughout and beyond the Cornell community.” These aims can only be achieved by safeguarding the intellectual freedom and privacy of Cornell’s students, faculty, and staff—all of whom need space for private exploration and experimentation in pursuing scholarly and creative endeavors.

We at Cornell University Library are proud of our enduring commitment to privacy and confidentiality, and we acknowledge that traditional approaches to protecting patron privacy and confidentiality need to be augmented as more and more library collections involve licensed electronic resources from third-party vendors, and as new technologies gather user data with increasing stealth and ease.

As part of expanding our efforts to safeguard patron privacy and confidentiality, we list the following library services and features. For questions or feedback, contact us at cul-privacy@cornell.edu.

Digital Privacy Literacy

Our digital privacy literacy workshops and individual consultations help students and researchers in several ways:

  • To understand how the internet works.
  • To identify potential risks to privacy, security, and anonymity encountered day to day while conducting personal or academic tasks digitally.
  • To master practical actions that reduce risks to privacy.

Each semester, we conduct at least one public drop-in workshop about digital privacy literacy. View the full Library workshops calendar.

In addition, upon request, we lead privacy workshops customized for classes, academic departments, and other campus groups or organizations. Email us at cul-privacy@cornell.edu about workshops for your class or group.

We also offer individual consultations by appointment. To schedule your one-on-one consultation, stop by a reference desk or email us at cul-privacy@cornell.edu. You can also ask a librarian to reach out to us with your privacy questions.

Apart from supporting Cornell students and researchers, the Library is committed to developing the privacy expertise of all of our research and teaching librarians.

Licensing for Privacy

Cornell University Library provides online access to e-resources from hundreds of vendors that vary greatly in addressing patron privacy. Some vendors only require users to confirm affiliation with a subscribing institution to get access, while other vendors seek to gather significant user information by requiring more steps before granting access—including asking users to create unique accounts with vendors, subscribe to their newsletters, or provide extensive demographic and industry information.

The Library fights against these privacy degradations in solidarity with our peer institutions. Whenever possible, we negotiate with vendors on licensing agreements for online resources in order to secure strong privacy protections for our patrons on and off campus. When we are unable to negotiate changes to invasive policies, we weigh alternatives and proper actions, including canceling subscriptions, if necessary.

When choosing vendors, we balance the risks and benefits of their resources. In addition, we are developing ways to inform users of vendors’ privacy practices—whether good or bad—including a notification system that warns about risks posed by resources that our patrons may deem essential despite our privacy concerns.

As part of raising awareness about privacy issues related to licensing, we are also creating an online collection of privacy policies from various vendors so that these policies and how they change over time can be monitored and studied. We have already started a  web-archiving collection that automatically collects privacy statements from vendors, today and into the future. 

Email us at cul-privacy@cornell.edu with questions or concerns about licensed resources.

Privacy Risk Consultations

Some library patrons require assistance beyond general information literacy. Their needs for privacy are high-stakes—if they fail, the consequences could be serious.

For these members of the Cornell community, the Library offers individual consultations to help reduce risk and/or protect anonymity. The following are examples of situations that might prompt a request for a specialized consultation: 

  • Exposure to threats or harassment for one’s scholarly work.
  • Digital communication with human subjects whose anonymity must be protected.
  • Living in, working in, or visiting countries with restrictive information-access regimes.
  • Crossing the U.S. border.
  • Personal identities with an increased risk of doxing, harassment, or surveillance.

These consultations are treated with a high degree of confidentiality. However, there are limits to our ability to maintain confidentiality in the following instances: the individual is believed to be actively self-harming or potentially harming others; the welfare of minors is in involved; when we receive legal requests, as outlined in University Policy 4.13.

Email us at cul-privacy@cornell.edu to schedule a consultation.

We believe strongly in protecting the privacy of all who use our services, in person and online. This includes our patron’s right to read anonymously. Consequently, our staff members hold in confidence to the extent allowable by law all information about individual users and their choices of research or study material. Please help us protect your friends’ and colleagues’ right to privacy, and your right, by not asking staff members for this kind of information.

New York State law (NY CPLR § 4509) protects the confidentiality of library records including, but not limited to, the circulation of library materials, database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, reserve requests, and the use of audiovisual materials, films, and sound recordings. Such records are to be confidential and can only be disclosed with the user’s consent or in response to a subpoena, court order, or other legal requirements. Library patrons should be aware that Federal legislation (USA PATRIOT Act of 2001, The USA Freedom Act) has expanded the circumstances under which a federal agent may request patron records held by the Library; if such records are requested by federal authorities, the Library is prohibited by law from notifying the patron of that request. The Library forwards any law enforcement requests for patron records to the Office of the University Counsel in accordance with University Policy 4.13, Acceptance of Legal Papers.

To safeguard your privacy, the Library has in place procedures that minimize instances of the retention of Library records.  In addition, the Library follows relevant Cornell policies, including University Policy 4.5, Access to Student Information, University Policy 4.12, Data Stewardship and Custodianship, University Policy 4.13, Acceptance of Legal Papers, and University Policy 5.9, Access to Information Technology Data and Monitoring Network Transmissions.

Information on how the Library implements the policy outlined above is found in our description of Library practices on the collection, use, disclosure, maintenance, and protection of personally identifiable information.

The sections below provide details about our collection, use, disclosure, maintenance, and protection of personally identifiable information that you provide to us. Note that these are general principles; individual sites may have their own specific privacy policies to which links are provided. In addition, the Library also employs third-party services that may have their own privacy policies. Some of these are discussed below, but you are encouraged to read the description of their privacy practices on their own web sites.

In addition to disclosing how we collect, use, maintain, and protect our patrons’ privacy, we also provide Privacy Services to guide you in the private exploration and experimentation necessary to pursue scholarly and creative endeavors.

Protecting Your Information

No method of transmitting over the Internet or storing electronic data is 100 percent secure, but this site has measures in place to help protect against the loss, misuse, or alteration of the information that is under our control.

Websites

When you use websites under the control of the Library, certain technical information from your web browser is captured in a web activity log. This information normally includes:

  • IP address
  • Type and version of operating system and browser used
  • Date and time of access
  • Pages visited
  • Search queries and result sets
  • Referring URL (the web address of the page from which you followed a link to our site)

The Library uses this information to diagnose and solve problems with our services and to identify and resolve problems with computer security. Raw log files are normally maintained for 90 days for security purposes. (One exception is Project Euclid, which retains complete log files permanently.) For some sites, an aggregated abstract of the data is prepared each night that anonymizes session data so that searches cannot be linked to specific IP addresses or network IDs. This data is then used to analyze and improve system features.

For more information on web privacy, see the University Privacy Office website.

Cookies and Google Analytics

Cookies are small text files that a website uploads to your computer in order to uniquely identify your browser. Users whose computers accept cookies can store their preferences and access certain features of the website more efficiently after the first visit. They also allow us to improve our services by better tracking how our websites are used. You may configure your browser to disable the use of cookies. Some features of our websites may not function properly, however, if you block the acceptance of cookies.

In 2009, in order to better understand how visitors engage with our websites, the Library began to use Google Analytics on some of its sites. Google Analytics employs first-party cookies for data analysis, and will only use that cookie data for statistical analysis related to your browsing behavior on the Library’s websites. According to Google, the data collected is anonymous and cannot be altered or retrieved by services from other domains. As with the library’s cookies, Google Analytics can be disabled by turning off cookies in the preferences settings in your browser. Note that pages monitored with Google Analytics also contain some javascript that allows Google Analytics to track anonymously your actions on the monitored site.

HTTPS

When you search or browse our Library websites or databases, it is theoretically possible that someone else on the Cornell University network could “eavesdrop” on your activities (though this is a violation of Cornell University policy). This is because most data on the Internet is transmitted in clear text. One way to avoid this is to use an encrypted SSL connection using the “https” prefix. Both the Library Catalog and WorldCat Local catalog support HTTPS searches. If you are concerned that someone on the network system may be eavesdropping on your searches, use either one, but change the prefix to https:// before you start your search. You should be aware that even if you use an https connection, the Library cannot guarantee that submissions to our websites, any content residing on our servers, or any transmission from our servers will be completely secure.

External Website Links

From time-to-time, we will link to external websites that we neither own nor control. Cornell University is not responsible for the content, privacy practices, or web accessibility needs on these websites.

Social Media Presence

If you share our content through social media, such as liking us on Facebook or tweeting about us on Twitter, those social networks will record that you have done so and may set a cookie for this purpose.

If you with to opt-out of any of these social interactions, please refer to the specific social media platform for instructions on how to do so.

Circulation

The Library respects the privacy of all borrowers of library materials. We will not reveal the names of individual borrowers nor reveal what books are, or have been, charged to any individual except as required by law. Only staff members who have a functional need to view circulation data can view who has borrowed a book.

The Library seeks to protect user privacy by purging borrowing records as soon as possible. In general, the link connecting a patron with a borrowed item is broken once the item is returned. The exception is when a bill for the item is generated. In that case, the information on who borrowed the item is retained indefinitely in our system. For security reasons, records of who requested items from the Library’s special collections are also retained indefinitely.

Interlibrary Loan and ScanIt

Interlibrary Loan lending and borrowing records have been retained since at least 2001. They are used in case there are billing problems and to comply with the record keeping requirements suggested by the CONTU (National Commission on New Technological Uses of Copyright Works) guidelines. All such records are treated confidentially. In some cases, information about requests (including the name of the requestor) is shared within the library staff for collection development purposes, but staff are instructed not to further disseminate such information. If you do not want your interlibrary loan request used for collection development purposes, you may so indicate in the “Notes” section of the request form.

The Library at times compiles aggregate data for internal business purposes and to improve Library services, but whenever this happens, all personally-identifiable information is first stripped from the requests.

Collection Development

Purchase requests and items on-order or in-process requested by patrons are linked in the catalog system to the names of users so that they can notified when the items are ready to circulate. Such information is deemed confidential reader information and is not shared outside the Library. As noted above, collection development staff may also receive copies of Interlibrary Loan requests. Such information is used purely for internal operational purposes and is not shared outside the library.

Personalized Services

Some library services require you to provide personal information. If you are asked to provide, and do provide, personal information, the Library will explain why we ask for the information and will use such information for those specific and limited purposes. Information from other sources is not combined with that information. The Library will not sell, share, or otherwise distribute your personal data to third parties without your consent.

Reference Inquiries

You may ask questions of library staff by phone, mail, text, email, IM, and in person. All such inquiries are treated as confidential. Depending on the library unit, paper records with patron identifications may be kept for a few months or indefinitely. Reference questions may be posted to the Ask a Librarian blog, but only with the permission of the person asking the questions and only with all personal information removed.

Licensed Resources and Services

More and more, the Library outsources systems and services to third-party vendors. Most of the digital resources that we offer, for example, come from outside suppliers, as does the current library catalog (see the case study below). The Library expects the information service providers with whom we contract to protect the identity of individual users and the information they use. We commonly require, for example that vendors agree not to sell or license information from library users to third parties. Many vendors provide additional personalized services that may require you to identify yourself with your name or a pseudonym. In general, this is done at your discretion; the Library seeks to avoid products that demand personalization.

While the Library seeks to require third parties with which it works to follow accepted library policies regarding privacy and confidentiality, it is not responsible for the privacy practices of these third parties. We encourage users to familiarize themselves with third party privacy policies before using the resources.

Library Surveys and Assessment Projects

Information and data obtained by the Library or its units through surveys (group or individual interviews or other means) in support of assessment of services, collections, facilities, resources, etc., or in support of research related to library and information services, are considered confidential and will not be shared except in aggregations, to protect the privacy of individual participants. When required, surveys are conducted in accordance with the policies of Cornell’s Institutional Review Board for Human Participants.

Children under 13

The Library does not knowingly request, collect, or share personally identifiable information from users under the age of 13.

Contact

If you have questions about the Library’s practices regarding privacy and confidentiality, please contact LIBGATEWAY-L@cornell.edu.

Licensed Service Case Study: the Library Catalog

The current library catalog is a good example of the privacy issues that are associated with licensed resources and services. The Library contracts with OCLC Online Computer Library Center, Inc. to provide the library catalog. Use of the catalog is governed by the OCLC WorldCat.org Services Terms and Conditions, accessible after one conducts a search in the catalog. The Terms note that “OCLC’s collection and use of any personal information submitted via the OCLC WorldCat.org Web site (if any) is governed by OCLC’s Privacy Policy. While OCLC does collect records of searches in aggregate and does not purge them, according to Cheryl Snowdon, Product Manager for WorldCat Discovery Services at OCLC:

Individual users are not connected to activities performed on the site. Therefore, searches conducted and records viewed cannot be tied back to individual users. IP addresses are collected but they are not tied to any data, including the searches performed.

OCLC also utilizes web beacons and cookies and the services of a third party firm to measure how visitors use our site. They collect the following information on users of the catalog:

  • IP address of machine being used
  • The domain of that machine
  • The host of that machine
  • Language set in browser
  • Whether cookies are enabled or disabled
  • Browser
  • Plug-ins being used (e.g. Flash, Acrobat, RealPlayer, etc.)
  • What page the user entered the site on (e.g Detailed Record, Search Results), but not the specific record or search conducted
  • Referring URL (where the user clicked from to arrive at WorldCat.org/WorldCat Local; includes whether the user clicked from a browser bookmark or whether the page was the home page set in the user’s browser)
  • Date and time of visits
  • Javascript enabled or disabled
  • Javascript version
  • Java enabled or disabled
  • Operating system
  • Monitor resolution
  • Monitor color depth
  • Country
  • “Monthly Unique Visitor” (i.e. first visit during the month)

Individual users are not connected to activities performed on the site. Therefore, searches conducted and records viewed cannot be tied back to individual users. OCLC’s contract with Omniture also stipulates that data collected from the OCLC website is the confidential property of OCLC. Omniture therefore cannot disclose or share that information with any third party without OCLC’s authorization. Furthermore, it is possible to opt-out of Omniture’s cookie tracking.

As stated in our policy on Privacy and Confidentiality at Cornell University Library, we protect the privacy of all who use our services, in person and online. We will deny all requests for patron information, with limited exceptions. The sections below detail what constitutes protected patron information, and the procedure for library staff for handling requests for patron information.

Patron Information That Is Protected

Pursuant to NY CPLR § 4509 the following is protected patron information:

  • Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state, including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records.

Library Procedure for Handling Requests for Patron Information

If a request for patron information is made, regardless of who is making the request and for what purpose, the request must be denied unless it falls under one of the following exceptions, stated in NY CPLR § 4509:

Disclosure to the extent necessary for the proper operation of library activities.

  • Procedure note: An example of where disclosure would be allowed under this exception is information sharing necessary for staff to determine library routing of patron-requested materials. An example of where disclosure is not allowed under this exception would be a faculty member or student patron request for identifying information of another patron who is in possession of library material that the requesting faculty member or student patron wishes to obtain.

Disclosure upon written consent of the user whose information is to be disclosed.

  • Procedure note: If user is a minor or ward, the user’s parents or guardians must give written consent. Written consents must be collected by library staff prior to disclosure, and kept for review and record keeping by the administration in each library unit.

Disclosure upon court order or subpoena.

  • Procedure note: University Policy 4.13 Acceptance of Legal Papers (PDF) requires all university employees, including library staff, to direct anyone attempting to serve legal papers pertaining to the university to the Office of University Counsel. If approached by a law enforcement official who requests protected patron information from library records, or requests library cooperation to obtain protected patron information, library staff must inform the law enforcement officer that they are not authorized to accept legal papers on behalf of the university, and refer the individual to the Office of University Counsel. Staff should request the individual’s name and agency and then report this information to their immediate supervisor, who will in turn advise Library Administration. The University Librarian or any available AUL will communicate immediately with the Office of University Counsel that they should expect legal papers to be served upon them.
  • If the law enforcement officer insists on leaving papers with library staff, they must immediately refer the officer to the staff member’s immediate supervisor. If the immediate supervisor is unavailable, staff will refer the law enforcement official to the Library Administration Office in Olin Library, Room 201 (607.255.3393). The University Librarian or any available AUL will respond to the request and immediately contact the Office of University Counsel.

Special Notice for EEA Residents

If you are located within the European Economic Area (European Union, Norway, Liechtenstein, and Iceland), we acknowledge the rights granted to you under the General Data Protection Regulation (GDPR).

These rights may include the right to:

  1. access your information held by us;
  2. correct inaccurate or incorrect information about you;
  3. the erasure of your information when it is no longer necessary for us to retain it;
  4. restrict processing of your personal information in specific situations;
  5. object to processing your information, including sending you communications that may be considered direct-marketing materials;
  6. object to automated decision-making and profiling, where applicable; and/or
  7. complain to a supervisory authority in your jurisdiction within the EU.

Please contact us at gdpr@cornell.edu with any questions, concerns, or if you wish to exercise any of these rights.

Effective Date of Privacy Notice

This privacy notice was last revised on February 12, 2020.

To help maintain user privacy and confidentiality, we provide computer systems that have anonymous logins and that are programmed to return the kiosk to its original state when restarted. Our computers are also set up to restart after a period of inactivity to help ensure that no identifying information is left behind by the user.

A list of public computers available at the Library can be found on the public computing policies page.

Email us at cul-privacy@cornell.edu for questions or concerns about public computing.

Violations against the university may be of two types: personal and property. The Cornell University Library Security Policy defines security violations against the library’s buildings and property. Violations against individuals are covered under separate university rules.

The security of Cornell University’s scholarly resources is one of the responsibilities of the Cornell University Library. Collections must be secured against theft and abuse. The following policies, which apply to all library users, extend the general statements in the Cornell University Campus Code of Conduct. Guidelines for the detection of violations and application of penalties or remedies are offered as well.

The following acts constitute violations against the university:

  • To sequester or “stash” library property within a university library for the exclusive use of an individual or group.
  • To ignore or fail to respond to overdue or recall notices.
  • To deface, mutilate, or otherwise damage library property.
  • To remove or attempt to remove library property from a university library without proper authorization.
  • To steal or knowingly possess stolen library property.
  • To traffic, for profit or otherwise, in library property.
  • To refuse to show Cornell or other identification upon request of library staff.
  • To be in nonpublic areas without authorization or in library facilities after closing hours.
  • To urge another to commit violation

In order to fulfill the library’s responsibility for securing materials, library staff are authorized:

  • To check the books and all possessions of persons as they leave the library.
  • To request to see the identification of any person in the library.
  • To question any person if it appears that library regulations are being violated.
  • To call Cornell Public Safety and request any person suspected of violating library regulations to wait until a Public Safety officer arrives.

Formal Disciplinary Procedures

We consider all offenses listed above sufficiently serious to warrant swift and firm disciplinary action, regardless of the monetary value of the library property involved. We will work closely with university and law enforcement officials to assure prompt and equitable adjudication.

Depending on the nature of the infringement, the violations listed in Part I are subject to probation, reprimand, penalties, suspension, or dismissal through the campus judicial system. In accord with the Cornell University Campus Code of Conduct, most complaints will be handled through the Judicial Administrator, but more serious cases will be prosecuted through local criminal courts.