I. Introduction
The Portland State University Library believes privacy is an essential element of intellectual and academic freedom and subscribes to the Code of Ethics of the American Library Association, which states: “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” The courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution. Oregon Revised Statute 192.502 (22) exempts from disclosure under open records law the records of a library, including: (a) circulation records, showing use of specific library material by a named person; (b) the name of a library patron together with the address or telephone number of the patron; and (c) the electronic mail address of a patron. This Library’s privacy and confidentiality policies are in compliance with applicable federal, state, and local laws.
As part of Portland State University, the Library also follows the University’s Web Privacy Policy, which is incorporated into this notice by reference.
II. Portland State Library’s Commitment to Our Users’ Rights of Privacy and Confidentiality
This privacy policy explains your privacy and confidentiality rights, the steps this Library takes to respect and protect your privacy when you use library resources, and how we deal with personally identifiable information that we may collect from our users. In addition to the rights described in the University’s Web Privacy Policy, the Library also provides additional access and rights.
1. Notice & Openness
Library users have the right of “notice” — to be informed about the policies governing the amount and retention of personally identifiable information, and about why that information is necessary for the provision of library services. In all cases, we avoid creating unnecessary records, we avoid retaining records not needed for the fulfillment of the mission and operations of the library, and we do not engage in practices that might place information on public view. Information we may gather and retain about current and valid library users include the following:
- User registration information
- Circulation information
- Interlibrary loan information
- Electronic access information
- Other information required to provide library services
2. Choice & Consent
If you wish to receive borrowing or interlibrary loan privileges, we must obtain certain information about you in order to provide you with a library account. If you are affiliated with Portland State University, the library automatically receives personally identifiable information from campus systems to create and update your main library account. When visiting our library’s Website and using our electronic services, you may choose or be asked to provide your name, e-mail address, library card barcode, phone number, or home address.
3. Access by Users
Individuals who use library services that require the use of personally identifiable information are entitled to a set of rights regarding that personal information. You may view your personal information online or in person and request that it be updated if it is not correct. (For some services, corrections are made at the campus level if you are a Portland State affiliate.) You may be asked to provide verification of your identity during these instances. The purpose of accessing and updating your personally identifiable information is to ensure that library operations can function properly. Such functions may include notification of overdue items, recalls, reminders, etc. The library will explain the process of accessing or updating your information so that all personally identifiable information is accurate and up to date.
You may also exercise your rights by submitting a Data Subject Access Request (DSAR) via the PSU Support Desk or sending an email to the Data Protection Officer at DPO@pdx.edu.
4. Data Integrity & Security
Data Retention: We protect personally identifiable information from unauthorized disclosure once it is no longer needed to manage library services. The Library purges or shreds circulation history from our collections at regular intervals.
Tracking Users: Library turnstiles capture ID card data that is stored with Campus Public Safety and used by the Library solely for the purpose of counting entries to the building. Visitors to the Library without ID cards are asked to sign in to a visitor log. The Library purges or shreds visitor logs after five years. Beyond entry data, we do not ask library visitors or Web site users to identify themselves or reveal any personal information unless they are borrowing materials, requesting special services, registering for programs or classes, or making remote use from outside the Library of those portions of the Library’s Web site restricted to registered borrowers under license agreements or other special arrangements. We regularly remove cookies, Web history, cached files, or other computer and Internet use records and other software code placed by users on our Library Research Computers.
Confidentiality and Staff Access to Personal Data: We will not disclose any personal data we collect from you during reference interviews, instruction sessions, or other means to any other party except where required by law or to fulfill your service request. We permit only authorized Library staff with assigned confidential passwords to access personal data stored in the Library’s computer systems for the purpose of performing library work. The Library does not sell or lease users’ personal information to companies, universities, or individuals.
5. Enforcement & Redress
The Library will not share data on individuals with third parties unless required by law. Library users who have questions, concerns, or complaints about the Library’s handling of their privacy and confidentiality rights may file written comments with the University Librarian or contact the Data Protection Officer at DPO@pdx.edu. We will respond in a timely manner and may conduct a privacy investigation or review of policies and procedures. We authorize only the University Librarian and/or her designees to receive or comply with requests from law enforcement officers, as noted in formal policies and procedures. We will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order, or other investigatory document is issued by a court of competent jurisdiction and is in proper form. All library staff and volunteers are trained to refer any law enforcement inquiries to library administrators and managers.
6. Illegal Activity Prohibited and Not Protected
Users must comply with the PSU Computer & Acceptable Use Policy and may conduct only legal activity while using library resources and services. Nothing in this statement prevents the Library from exercising its right to enforce its rules or policies; protect its facilities, network, and equipment from harm; or prevent the use of Library facilities and equipment for illegal purposes. The library can electronically monitor public computers and external access to its network and reserves the right to do so when a violation of law or library policy is suspected. Staff is authorized to take immediate action to protect the security of library users, staff, facilities, computers, and the network. This includes contacting law enforcement authorities and providing information that may identify the individual(s) perpetrating a violation.
Adopted by Library, February 28, 2008
Last Updated: December 9, 2024