| I have . . . | Met | Not Yet | Next Steps |
| Educated myself about state and federal laws affecting minors’ privacy in schools and libraries and reviewed American Library Association policy statements related to privacy and personally identifiable information (PII) about patrons. | | | |
| Analyzed my state’s library records law and understand how it applies to student library records. | | | |
| Inquired how the Family Educational Rights and Privacy Act (FERPA) applies to school library records in my district. | | | |
Developed best practices operational privacy guidelines as a first step toward creating a school library privacy policy OR With other stakeholders developed a privacy policy that includes: description of PII collected, who may access library patron records, the circumstances under which minors’ records may be released legally, FERPA guidelines, state library record law protections where applicable, and guidance for the extension of the maximum privacy protections possible. The draft was reviewed by the school district’s legal counsel, and administration sought formal approval of the policy by the school board or institution’s governing body. | | | |
| Posted the library’s privacy policy for patrons to read. | | | |
| Created library procedures granting the maximum privacy possible to students regardless of age. | | | |
| Protected circulation records with passwords and provide different levels of access for student assistants, adult volunteers, and library staff. | | | |
| Configured automation software to delete students’ circulation history. | | | |
| Created a records retention policy that protects students’ privacy by retaining library user records for the shortest period possible and destroyed records when they are no longer needed. | | | |
| Retained as few student library records as possible; and purged library records identifying individual students’ use of resources and services on a regular basis. | | | |
| Trained library staff, volunteers, and student assistants about the confidentiality of all library records, instructing them not to examine circulation records of others. | | | |
| Proactively educated administrators and teachers about student privacy and the confidentiality of library records. | | | |
| Taught students to respect the confidentiality of library records – their own and those of others. | | | |
| Informed students of overdue materials in a manner that respects their privacy. | | | |
| Protected students’ interlibrary loan and reserve requests from the scrutiny of non-library staff. | | | |
| Modeled best practice by making sure that conversations with students about materials being checked out or used in the school library are confidential. | | | |
| Guarded information gained through student use of resources and services by not divulging it indiscriminately to faculty, administrators, or others. | | | |
| Refrained from affixing labels denoting a book’s reading level or leveling a collection to avoid having students learn the reading levels of their peers. | | | |
| Advocated for incorporating privacy into the district’s acceptable use policy (AUP). | | | |
| Included information about protecting one’s privacy online as part of instruction on Internet safety. | | | |
| Encouraged students to realize that citizens have privacy rights under the 4th and 5th Amendments, state, and federal laws. | | | |
| Celebrated Choose Privacy Week (May) and Data Privacy Day (February) to raise awareness about privacy. | | | |
| Reached out to parents by communicating library policy as it relates to student privacy and providing information about protecting minors’ privacy online. | | | |
| Demonstrated personal judgment when violating a student’s privacy by speaking to a counselor or principal out of concern for a student’s welfare or the safety of others. | | | |
| Counseled that surveillance camera(s) not be aimed at the circulation desk or be intrusive in recording actions of persons using the school library. | | | |
| Discussed privacy concerns with vendors of any technology currently owned or under consideration for purchase and requested that they include privacy protections in future software changes. | | | |
| Prior to purchase, discussed with e-book lending and digital content vendors their collection of users’ PII; tracking of digital content use; aggregation, anonymization, retention, and sharing of patron data; and security measures to ensure the protection of library patrons’ privacy. | | | |
| Collaborated with technology staff and faculty to evaluate apps, considering whether they collect PII, share data with third parties, and are compliant with FERPA. | | | |
The checklist was developed by Helen R. Adams and originally published in School Library Media Activities Monthly 25, no. 7 (March 2009). It was revised in July 2012 and August 2015 to reflect new information.