The Path to Creating a New Privacy Policy

NYPL’s Story

Every library has (or should have) one. Ironically, in an institution devoted to reading and intellectual inquiry, it is probably the most seldom-read document in its collections. I am referring to library privacy policies, which have become increasingly important in an era when the broad gathering of information and data is exponentially increasing.

The New York Public Library (NYPL) has aimed to change that with its new privacy policy, publicly released in November 2016. The journey to revise the Library’s privacy had begun before I arrived in November 2015 and became the first full-time director of privacy and compliance at NYPL; and, though I am not an attorney, my position is situated in the Library’s legal department which, as a group, is responsible for the review, if not the actual writing, of most of the NYPL’s legal policies and notices.

As with any almost institution going through a policy-writing process, we began with what we already had. In its 120-year history, NYPL has evolved its data -collection practices from the age of paper call slips to complex digital circulation systems. In the normal course of its operations, NYPL checks out books and materials to patrons (23 million per year), provides classes and programs to both adults and children, and—in the age of the internet—provides access to online information and databases that span the globe.

NYPL’s board of trustees, which has a committee devoted to reviewing the Library’s policies and programs, has consistently expressed the need for library operations to (a) know what information and data we were collecting from patrons; (b) know what we were doing with that information once collected (including who could access it and where); (c) articulate how patrons could opt in and out of our the data that they provide in the course of using the Library; and (d) determine how we respond to legal requests for information (such as subpoenas, warrants, etc.).


Answering the first question—what do we collect—involved a thorough inventory of the Library’s systems, databases, and paper-based information gathering. For instance, besides using our main integrated library system (ILS) to track the borrowing of materials in the branch libraries, we also use an age-old call-slip method in our four major research collections. The attempt to track the myriad data-collection methods began before I arrived and concluded shortly after I started. Finding the sources of data streams, be it analog or digital, involved speaking with every department in the Library to better understand (a) their reasons for collecting the data, (b) where they kept it and for how long, (c) if and when they shared it within or outside the Library and with whom, and (d) how they ultimately disposed of it when it was no longer needed.

These became the key elements of determining NYPL’s current state and how to move forward.

Similar institutions

While the inventory was happening, we also talked to other nonprofit institutions to learn how they had developed and maintained their privacy policies. Among the models we reviewed were those from San Francisco Public Library (partly because California’s library privacy statutes are among the strictest in the nation), the American Civil Liberties Union, as well as our fellow New York City library systems at Brooklyn Public Library and Queens Library. The Smithsonian Institution, another organization that recently had hired a full-time privacy officer, was also a great source of information about best practices for both privacy policies and their underlying practices.


The American Library Assocation (ALA), of course, has long been a bedrock of advocacy for library patron privacy and user rights. For our purposes, the most valuable tools were the ALA’s Intellectual Freedom Committee’s guidelines, including its “Privacy Toolkit,” which outlines the five “Standard Privacy Principles,” which are based on the Electronic Privacy Information Center’s Fair Information Practice Principles. These five principles are

  1. There must be no personal data record-keeping systems whose very existence is secret.
  2. There must be a way for a person to find out what information about the person is in a record and how it is used.
  3. There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person’s consent.
  4. There must be a way for a person to correct or amend a record of identifiable information about the person.
  5. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.

In short, these can be defined as the rights of “notice,” “choice,” “access,” “security,” and “enforcement,” and were at the heart of both our internal discussions as well as the drafting of NYPL’s new privacy policy

Internal discussions

During the spring and summer of 2016, we held discussions with management throughout NYPL, ensuring that we gathered input and feedback from such departments as library services, research, digital, legal, marketing/communications, IT, facilities, and security. Each group has a stake in our privacy policy to the extent that they are engaged in at least some part of the data lifecycle (i.e., collection, storage, use, transmission, etc.). Additionally, we engaged a subgroup of our board of trustees who reviewed the early stages of the drafts and gave their valuable input.

The legal department was at the center of this process, in particular our associate general counsel, who wrote each draft as well as the final document, and NYPL’s general counsel, who was a key player in the shepherding of the new policy from inception through completion.

After four months of solid drafting, the new policy was ready for presentation to the NYPL board of trustees’ Program and Policy (P&P) Committee. The discussion centered on such topics as how long we retain data (minimally), how we respond to subpoenas and warrants (we are creating internal procedures), how to further strengthen public awareness and education about our practices, and how patrons can opt in and out of information gathering.

The newly revised policy approved by the P&P Committee at its September 2016 meeting now provided the public with clear explanations of the following:

  • what information NYPL collects from is users
  • how NYPL uses that information
  • how users can manage the information NYPL collects about them (including methods of opting in and out of that collection)
  • when NYPL shares information with third parties


With official approval of the policy now complete, we had the further work of ensuring that it was adequately rolled out and publicized, both internally and externally. To that end, I worked with our human resources department to create a five-minute online training video that we required all NYPL employees to view. In the video, our general counsel and I explained what changes were represented in the new privacy policy as well as how to answer potential questions from patrons. This was all accomplished in the three weeks before the “go live” date of November 30.

On the morning of November 30, 2016, we launched three simultaneous events to ensure the new policy received maximum attention:

  • The new policy was uploaded to the same location as the previous policy (via a link from our homepage) and labeled with a “last updated” date of November 30, 2016.
  • Visitors to our website ( saw a large yellow banner announcing the new policy at the top of all our webpages. The banner ran for two weeks.
  • Our marketing and advertising department sent a single e-mail announcing the new policy to more than 1 million patrons, donors, and those who had signed up for library events. The e-mail provided a link that gave further information about the reasons for the policy revision and what key elements to look for.

Shortly after the rollout, we used a professional translating service to create versions of the full privacy policy in Spanish, Chinese, and Russian (the three most common non-English languages spoken by New York City residents). These non-English language versions are prominently linked to from the main English-language privacy policy page on NYPL’s website.

In the months and years ahead, we plan to further educate both our staff and the public on best practices for understanding and protecting privacy and information security. One key way to accomplish that is with an internal group that I created early in 2016. The NYPL Privacy Advisory Committee brings together representatives from every division of the Library to get updates on privacy initiatives and news as well as work to work on specific projects. Additionally, we expect the policy will evolve to keep pace with the ever-changing world of technology.

Come visit NYPL’s new privacy policy today at


  • There are currently no refbacks.

ALA Privacy Policy

© 2019 OIF