Common Misperceptions Pertaining to the Michigan Library Privacy Act
By Lance M. Werner
Being reasonable is generally thought of as an admirable personality trait. Having reasonable library employees and library boards is a large part of maintaining strong customer service and public relations. On occasion, taking actions that seem reasonable can result in a violation of the law.
The purpose of this article is to discuss situations where reason and the Michigan Library Privacy Act (the Privacy Act), 1982 PA 455, MCL 397.601 et seq., may be at odds. As most libraries know the Privacy Act prohibits the unauthorized release of library records that contain confidential information. The library records, which have been afforded confidential status, are those that personally identify a library user, including contact information, and/or records containing information about the materials that a particular library user has circulated. This article focuses on two different scenarios that lend themselves to misapplication of the Privacy Act. The first scenario pertains to illegal activities by library patrons that occur within the library. The second scenario concerns the use of library records to produce voter or mailing lists.
Unfortunately, library patrons occasionally engage in illegal activities in the library. Some of these activities are sexual or violent in nature and sometimes they are just bizarre. When these types of activities occur, I usually receive a phone call or an email from the library asking what can we do?
When illegal activities occur in the library such as disrobing or fighting, call the police right away. It is perfectly reasonable to report a crime in the library. Merely being in a public library does not enshroud patrons in a veil of privacy. Hopefully law enforcement officers are able to respond quickly and catch the person in the act. If the police arrive and the person has left the library, the library staff may suddenly find themselves in the position where reasonableness and the law may seem incompatible.
The reasonable v. legal conundrum usually arises when the law enforcement officers ask for personal information contained in a library’s record about the “patron”. It seems perfectly reasonable to furnish the requested information to law enforcement officers in the wake of such an incident, but to do so would probably result in a violation of § 3 of the Privacy Act, MCL 397.603. It is also notable that there are civil consequences under § 4 of the Privacy Act, MCL 397.604 for the wrongful disclosure of confidential information. A library employee who violates the Act may be personally liable.
The Privacy Act is clear regarding when to disclose confidential information. Permissible disclosure can only occur one of two ways. The information can be disclosed if the person identified in the record has given written permission or if the library has been ordered by a court to disclose the information. Even then, the library still has the right to appear in court to dispute the court order.
While certain types of library records have been afforded confidential status, personal knowledge has not. This means that if a library employee personally knows the name of the alleged criminal, the staff member can disclose the information to law enforcement officers.
The bottom line is this: library board members, employees, and volunteers are all legally bound to follow the law, even if doing so seems to defy reason and common sense. This situation also demonstrates why libraries should have policies in place that furnish a mechanism for the disclosure of confidential information in accordance with the law, including the mandates of the Privacy Act.
On a related front, it is no secret that for a lot of libraries, millage funding is the difference between being open and closed. It is also well known that library newsletters are a solid tool for advocacy and public relations. Identifying the “target audience” in consideration of library millage campaigns and newsletters lends itself to the misapplication of the Privacy Act.
Obviously, libraries have patron databases containing identification and contact information. While it might seem reasonable to use the information stored in a library’s patron database to identify the “target audience” for the creation of mailing lists and the like, to do so without permission of the patrons would violate § 3 of the Privacy Act on a grand scale.
As I mentioned previously, § 4 of the Privacy Act prescribes civil consequences for the wrongful disclosure of confidential library information. Section 4 states that the person whose information was wrongfully disclosed can bring a civil action for actual damages or $250.00, whichever is greater in addition to attorney’s fees and court costs. Attorney’s fees often amount to thousands of dollars.
To illustrate what I meant by “grand scale” above, I offer the following hypothetical: A library used its patron database to generate a mailing list without permission. The patron database contained the names and contact information for 10,000 people. Each of those 10,000 people sues the library and receives the awards provided by § 4 of the Privacy Act. Hypothetically speaking, it is possible that the library would be responsible for paying a money judgment in excess of $2.5 million dollars, without attorney’s fees and court costs being added in. It is easy to see that the results would be catastrophic for the library, to say the least.
The bottom line here is this: do not use the library’s patron database to generate mailing lists, even if it seems to make sense and be reasonable. The legal way to gather information for mailing lists is to seek permission from library patrons. This can be accomplished during the library card application process or through another method of obtaining written permission.
It is vital that libraries have policies in place addressing disclosure and use of confidential library records. For libraries, the legal way is the only way.
As always, this discussion has been furnished as an informational service of the Library of Michigan and is not intended in any way to constitute legal advice. Please feel free to the Library of Michigan - by phone at (517) 373-1580 for further information.