Library practices on the collection, use, disclosure, maintenance and protection of personally-identifiable information
As stated in the policy on Privacy and Confidentiality in the Cornell University Library, the Library believes strongly in protecting the privacy of all who use its services, in person and online. The sections below provide details about the Library’s collection, use, disclosure, maintenance, and protection of personally identifiable information that you provide to us. Note that these are general principles; individual sites may have their own specific privacy policies to which links are provided. In addition, the Library also employs third party services that may have their own privacy policies. Some of these are discussed below, but you are encouraged to read the description of their privacy practices on their own web sites.
When you use web sites under the control of the library, certain technical information from your web browser is captured in a web activity log. This information normally includes:
- IP address
- Type and version of operating system and browser used
- Date and time of access
- Pages visited
- Search queries and result sets
- Referring URL (the web address of the page from which you followed a link to our site)
The Library uses this information to diagnose and solve problems with its services and to identify and resolve problems with computer security. Raw log files are normally maintained for 90 days for security purposes. (Two exceptions are arXiv and Project Euclid, which retain complete log files permanently.) For some sites (most notably the Classic Voyager catalog), an aggregated abstract of the data is prepared each night that anonymizes session data so that searches cannot be linked to specific IP addresses or network IDs. This data is then used to analyze and improve system features.
For more information on web privacy, see CIT’s Privacy Tips for the Web.
Cookies and Google Analytics
For more information on cookies, see CIT’s Web Privacy Tips: Understanding “Cookies”.
When you search or browse Library web sites or databases, it is theoretically possible that someone else on the Cornell University network could “eavesdrop” on your activities (though this is a violation of Cornell University policy). This is because most data on the Internet is transmitted in clear text. One way to avoid this is to use an encrypted SSL connection using the “https” prefix. Both the Classic Catalog and WordCat Local catalog support HTTPS searches. If you are concerned that someone on the network system may be eavesdropping on your searches, use either one, but change the prefix to https:// before you start your search. You should be aware that even if you use an https connection, the Library cannot guarantee that submissions to our websites, any content residing on our servers, or any transmission from our servers will be completely secure.
The Library respects the privacy of all borrowers of library materials. The Library will not reveal the names of individual borrowers nor reveal what books are, or have been, charged to any individual except as required by law. Only staff members who have a functional need to view circulation data can view who has borrowed a book.
The Library seeks to protect user privacy by purging borrowing records as soon as possible. In general, the link connecting a patron with a borrowed item is broken once the item is returned. The exception is when a bill for the item is generated. In that case, the information on who borrowed the item is retained indefinitely in our system. For security reasons, records of who requested items from the Library’s special collections are also retained indefinitely.
Interlibrary Loan and Document Delivery
Interlibrary Loan lending and borrowing records have been retained since at least 2001. They are used in case there are billing problems and to comply with the record keeping requirements suggested by the CONTU (National Commission on New Technological Uses of Copyright Works) guidelines. All such records are treated confidentially. In some cases, information about requests (including the name of the requestor) is shared within the library staff for collection development purposes, but staff are instructed not to further disseminate such information. If you do not want your interlibrary loan request used for collection development purposes, you may so indicate in the “Notes” section of the request form.
The Library at times compiles aggregate data for internal business purposes and to improve Library services, but whenever this happens, all personally-identifiable information is first stripped from the requests.
Purchase requests and items on-order or in-process requested by patrons are linked in the catalog system to the names of users so that they can notified when the items are ready to circulate. Such information is deemed confidential reader information and is not shared outside the Library. As noted above, collection development staff may also receive copies of Interlibrary Loan requests. Such information is used purely for internal operational purposes and is not shared outside the library.
Some library services require you to provide personal information. If you are asked to provide, and do provide, personal information, the Library will explain why we ask for the information and will use such information for those specific and limited purposes. Information from other sources is not combined with that information. The Library will not sell, share, or otherwise distribute your personal data to third parties without your consent.
You may ask questions of library staff by phone, mail, text, email, IM, and in person. All such inquiries are treated as confidential. Depending on the library unit, paper records with patron identifications may be kept for a few months or indefinitely. Reference questions may be posted to the Ask a Librarian blog, but only with the permission of the person asking the questions and only with all personal information removed.
Licensed Resources and Services
More and more, the Library outsources systems and services to third-party vendors. Most of the digital resources that we offer, for example, come from outside suppliers, as does the current Library Catalog (see the case study below). (The Classic Catalog is still managed internally.) The Library expects the information service providers with whom we contract to protect the identity of individual users and the information they use. We commonly require, for example that vendors agree not to sell or license information from library users to third parties. Many vendors provide additional personalized services that may require you to identify yourself with your name or a pseudonym. In general, this is done at your discretion; the Library seeks to avoid products that demand personalization.
While the Library seeks to require third parties with which it works to follow accepted library policies regarding privacy and confidentiality, it is not responsible for the privacy practices of these third parties. We encourage users to familiarize themselves with third party privacy policies before using the resources.
Library Surveys/Assessment Projects
Information and data obtained by the Library or its units through surveys (group or individual interviews or other means) in support of assessment of services, collections, facilities, resources, etc., or in support of research related to library and information services, are considered confidential and will not be shared except in aggregations, to protect the privacy of individual participants. When required, surveys are conducted in accordance with the policies of Cornell’s Institutional Review Board for Human Participants.
Children Under 13
The Library does not knowingly request, collect, or share personally identifiable information from users under the age of 13.
If you have questions about the Library’s practices regarding privacy and confidentiality, please contact LIBGATEWAY-L@cornell.edu.
Licensed Service Case Study: The Library Catalog
Individual users are not connected to activities performed on the site. Therefore, searches conducted and records viewed cannot be tied back to individual users. IP addresses are collected but they are not tied to any data, including the searches performed.
OCLC also utilizes web beacons and cookies and the services of a third party firm to measure how visitors use our site. They collect the following information on users of the catalog:
- IP address of machine being used
- The domain of that machine
- The host of that machine
- Language set in browser
- Whether cookies are enabled or disabled
- Plug-ins being used (e.g. Flash, Acrobat, RealPlayer, etc.)
- What page the user entered the site on (e.g Detailed Record, Search Results), but not the specific record or search conducted
- Referring URL (where the user clicked from to arrive at WorldCat.org/WorldCat Local; includes whether the user clicked from a browser bookmark or whether the page was the home page set in the user's browser)
- Date and time of visits
- Java enabled or disabled
- Operating system
- Monitor resolution
- Monitor color depth
- "Monthly Unique Visitor" (i.e. first visit during the month)
Individual users are not connected to activities performed on the site. Therefore, searches conducted and records viewed cannot be tied back to individual users. OCLC’s contract with Omniture also stipulates that data collected from the OCLC web site is the confidential property of OCLC. Omniture therefore cannot disclose or share that information with any third party without OCLC’s authorization. Furthermore, it is possible to opt-out of Omniture’s cookie tracking.