Library practices on the collection, use, disclosure, maintenance and protection of personally-identifiable information

As stated in the policy on Privacy and Confidentiality in the Cornell University Library, the Library believes strongly in protecting the privacy of all who use its services, in person and online. The sections below provide details about the Library’s collection, use, disclosure, maintenance, and protection of personally identifiable information that you provide to us. Note that these are general principles; individual sites may have their own specific privacy policies to which links are provided. In addition, the Library also employs third party services that may have their own privacy policies. Some of these are discussed below, but you are encouraged to read the description of their privacy practices on their own web sites.

In addition to disclosing how the Library collects, uses, maintains, and protects its patrons’ privacy, the Library also provides Privacy Services to patrons to guide them in the private exploration and experimentation necessary to pursue scholarly and creative endeavors.

Protecting Your Information

No method of transmitting over the Internet or storing electronic data is 100 percent secure, but this site has measures in place to help protect against the loss, misuse, or alteration of the information that is under our control.

Web Sites

When you use web sites under the control of the library, certain technical information from your web browser is captured in a web activity log. This information normally includes:

  • IP address
  • Type and version of operating system and browser used
  • Date and time of access
  • Pages visited
  • Search queries and result sets
  • Referring URL (the web address of the page from which you followed a link to our site)

The Library uses this information to diagnose and solve problems with its services and to identify and resolve problems with computer security. Raw log files are normally maintained for 90 days for security purposes. (One exception is Project Euclid, which retains complete log files permanently.) For some sites, an aggregated abstract of the data is prepared each night that anonymizes session data so that searches cannot be linked to specific IP addresses or network IDs. This data is then used to analyze and improve system features.

For more information on web privacy, see the University Privacy Office website.

Cookies and Google Analytics

Cookies are small text files that a web site uploads to your computer in order to uniquely identify your browser. Users whose computers accept cookies can store their preferences and access certain features of the web site more efficiently after the first visit. They also allow us to improve our services by better tracking how our web sites are used. You may configure your browser to disable the use of cookies. Some features of our web sites may not function properly, however, if you block the acceptance of cookies.

In 2009, in order to better understand how visitors engage with our websites, the Library began to use Google Analytics on some of its sites. Google Analytics employs first-party cookies for data analysis, and will only use that cookie data for statistical analysis related to your browsing behavior on the Library's websites. According to Google, the data collected is anonymous and cannot be altered or retrieved by services from other domains. As with the library’s cookies, Google Analytics can be disabled by turning off cookies in the preferences settings in your browser. Note that pages monitored with Google Analytics also contain some javascript that allows Google Analytics to track anonymously your actions on the monitored site.


When you search or browse Library web sites or databases, it is theoretically possible that someone else on the Cornell University network could “eavesdrop” on your activities (though this is a violation of Cornell University policy). This is because most data on the Internet is transmitted in clear text. One way to avoid this is to use an encrypted SSL connection using the “https” prefix. Both the Library Catalog and WorldCat Local catalog support HTTPS searches. If you are concerned that someone on the network system may be eavesdropping on your searches, use either one, but change the prefix to https:// before you start your search. You should be aware that even if you use an https connection, the Library cannot guarantee that submissions to our websites, any content residing on our servers, or any transmission from our servers will be completely secure.

External Website Links

From time-to-time, we will link to external websites that we neither own nor control. Cornell University is not responsible for the content, privacy practices, or web accessibility needs on these websites.

Social Media Presence

If you share our content through social media, such as liking us on Facebook or tweeting about us on Twitter, those social networks will record that you have done so and may set a cookie for this purpose.

If you with to opt-out of any of these social interactions, please refer to the specific social media platform for instructions on how to do so.


The Library respects the privacy of all borrowers of library materials. The Library will not reveal the names of individual borrowers nor reveal what books are, or have been, charged to any individual except as required by law. Only staff members who have a functional need to view circulation data can view who has borrowed a book.

The Library seeks to protect user privacy by purging borrowing records as soon as possible. In general, the link connecting a patron with a borrowed item is broken once the item is returned. The exception is when a bill for the item is generated. In that case, the information on who borrowed the item is retained indefinitely in our system. For security reasons, records of who requested items from the Library’s special collections are also retained indefinitely.

Interlibrary Loan and Document Delivery

Interlibrary Loan lending and borrowing records have been retained since at least 2001. They are used in case there are billing problems and to comply with the record keeping requirements suggested by the CONTU (National Commission on New Technological Uses of Copyright Works) guidelines. All such records are treated confidentially. In some cases, information about requests (including the name of the requestor) is shared within the library staff for collection development purposes, but staff are instructed not to further disseminate such information. If you do not want your interlibrary loan request used for collection development purposes, you may so indicate in the “Notes” section of the request form.

The Library at times compiles aggregate data for internal business purposes and to improve Library services, but whenever this happens, all personally-identifiable information is first stripped from the requests.

Collection Development

Purchase requests and items on-order or in-process requested by patrons are linked in the catalog system to the names of users so that they can notified when the items are ready to circulate. Such information is deemed confidential reader information and is not shared outside the Library. As noted above, collection development staff may also receive copies of Interlibrary Loan requests. Such information is used purely for internal operational purposes and is not shared outside the library.

Personalized Services

Some library services require you to provide personal information. If you are asked to provide, and do provide, personal information, the Library will explain why we ask for the information and will use such information for those specific and limited purposes. Information from other sources is not combined with that information. The Library will not sell, share, or otherwise distribute your personal data to third parties without your consent.

Reference Inquiries

You may ask questions of library staff by phone, mail, text, email, IM, and in person. All such inquiries are treated as confidential. Depending on the library unit, paper records with patron identifications may be kept for a few months or indefinitely. Reference questions may be posted to the Ask a Librarian blog, but only with the permission of the person asking the questions and only with all personal information removed.

Licensed Resources and Services

More and more, the Library outsources systems and services to third-party vendors. Most of the digital resources that we offer, for example, come from outside suppliers, as does the current Library Catalog (see the case study below). The Library expects the information service providers with whom we contract to protect the identity of individual users and the information they use. We commonly require, for example that vendors agree not to sell or license information from library users to third parties. Many vendors provide additional personalized services that may require you to identify yourself with your name or a pseudonym. In general, this is done at your discretion; the Library seeks to avoid products that demand personalization.

While the Library seeks to require third parties with which it works to follow accepted library policies regarding privacy and confidentiality, it is not responsible for the privacy practices of these third parties. We encourage users to familiarize themselves with third party privacy policies before using the resources.

Library Surveys/Assessment Projects

Information and data obtained by the Library or its units through surveys (group or individual interviews or other means) in support of assessment of services, collections, facilities, resources, etc., or in support of research related to library and information services, are considered confidential and will not be shared except in aggregations, to protect the privacy of individual participants. When required, surveys are conducted in accordance with the policies of Cornell’s Institutional Review Board for Human Participants.

Children Under 13

The Library does not knowingly request, collect, or share personally identifiable information from users under the age of 13.


If you have questions about the Library’s practices regarding privacy and confidentiality, please contact

Licensed Service Case Study: The Library Catalog

The current Library Catalog is a good example of the privacy issues that are associated with licensed resources and services. The Library contracts with OCLC Online Computer Library Center, Inc. to provide the Library Catalog. Use of the catalog is governed by the OCLC Services Terms and Conditions, accessible after one conducts a search in the catalog. The Terms note that “OCLC's collection and use of any personal information submitted via the OCLC Web site (if any) is governed by OCLC's Privacy Policy. While OCLC does collect records of searches in aggregate and does not purge them, according to Cheryl Snowdon, Product Manager for WorldCat Discovery Services at OCLC:

Individual users are not connected to activities performed on the site. Therefore, searches conducted and records viewed cannot be tied back to individual users. IP addresses are collected but they are not tied to any data, including the searches performed.

OCLC also utilizes web beacons and cookies and the services of a third party firm to measure how visitors use our site. They collect the following information on users of the catalog:

  • IP address of machine being used
  • The domain of that machine
  • The host of that machine
  • Language set in browser
  • Whether cookies are enabled or disabled
  • Browser
  • Plug-ins being used (e.g. Flash, Acrobat, RealPlayer, etc.)
  • What page the user entered the site on (e.g Detailed Record, Search Results), but not the specific record or search conducted
  • Referring URL (where the user clicked from to arrive at Local; includes whether the user clicked from a browser bookmark or whether the page was the home page set in the user's browser)
  • Date and time of visits
  • Javascript enabled or disabled
  • Javascript version
  • Java enabled or disabled
  • Operating system
  • Monitor resolution
  • Monitor color depth
  • Country
  • "Monthly Unique Visitor" (i.e. first visit during the month)

Individual users are not connected to activities performed on the site. Therefore, searches conducted and records viewed cannot be tied back to individual users. OCLC’s contract with Omniture also stipulates that data collected from the OCLC web site is the confidential property of OCLC. Omniture therefore cannot disclose or share that information with any third party without OCLC’s authorization. Furthermore, it is possible to opt-out of Omniture’s cookie tracking.

Requests for Patron Information

Pursuant to the Library’s Privacy and Confidentiality in the Cornell University Library, to protect the privacy of all who use its services, in person and online, the library will deny all requests for patron information, with limited exceptions. The sections below detail what constitutes protected patron information, and the procedure for library staff for handling requests for patron information.

Patron information that is protected

Pursuant to NY CPLR § 4509 the following is protected patron information:

  • Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state, including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records.

Library procedure for handling requests for patron information

If a request for patron information is made, regardless of who is making the request and for what purpose, the request must be denied unless it falls under one of the following exceptions, stated in NY CPLR § 4509:

Disclosure to the extent necessary for the proper operation of library activities.

  • Procedure note: An example of where disclosure would be allowed under this exception is information sharing necessary for staff to determine library routing of patron-requested materials. An example of where disclosure is not allowed under this exception would be a faculty member or student patron request for identifying information of another patron who is in possession of library material that the requesting faculty member or student patron wishes to obtain.

Disclosure upon written consent of the user whose information is to be disclosed.

  • Procedure note: If user is a minor or ward, the user’s parents or guardians must give written consent. Written consents must be collected by library staff prior to disclosure, and kept for review and record keeping by the administration in each library unit.

Disclosure upon court order or subpoena.

  • Procedure note: University Policy 4.13 Acceptance of Legal Papers (PDF) requires all university employees, including library staff, to direct anyone attempting to serve legal papers pertaining to the university to the Office of University Counsel. If approached by a law enforcement official who requests protected patron information from library records, or requests library cooperation to obtain protected patron information, library staff must inform the law enforcement officer that they are not authorized to accept legal papers on behalf of the university, and refer the individual to the Office of University Counsel. Staff should request the individual’s name and agency and then report this information to their immediate supervisor, who will in turn advise Library Administration. The University Librarian or any available AUL will communicate immediately with the Office of University Counsel that they should expect legal papers to be served upon them.
  • If the law enforcement officer insists on leaving papers with library staff, they must immediately refer the officer to the staff member’s immediate supervisor. If the immediate supervisor is unavailable, staff will refer the law enforcement official to the Library Administration Office in Olin Library, Room 201 (607.255.3393). The University Librarian or any available AUL will respond to the request and immediately contact the Office of University Counsel.

Special Notice for EEA Residents

If you are located within the European Economic Area (European Union, Norway, Liechtenstein, and Iceland), we acknowledge the rights granted to you under the General Data Protection Regulation (GDPR).

These rights may include the right to:

  1. access your information held by us;
  2. correct inaccurate or incorrect information about you;
  3. the erasure of your information when it is no longer necessary for us to retain it;
  4. restrict processing of your personal information in specific situations;
  5. object to processing your information, including sending you communications that may be considered direct-marketing materials;
  6. object to automated decision-making and profiling, where applicable; and/or
  7. complain to a supervisory authority in your jurisdiction within the EU.

Please contact us at with any questions, concerns, or if you wish to exercise any of these rights.

Effective Date of Privacy Notice

This privacy notice was last revised on February 12, 2020.