HomeMy WebLinkAboutAgenda Packet - LB - 2019.07.16CITY O
p
ipQRATED ,
City of Burlingame
Meeting Agenda - Final
Library Board of Trustees
BURLINGAME CITY HALL
501 PRIMROSE ROAD
BURLINGAME, CA 94010
Tuesday, July 16, 2019 5:30 PM Library Conference Room
1. CALL TO ORDER
2. ROLL CALL
a. Swearing in of new Trustees Danielle Garcia and Elisabeth Ostrow
3. APPROVAL OF MINUTES
a. Approval of the Library Board of Trustee Minutes for June 18, 2019
Attachments: Minutes
4. FROM THE FLOOR (PUBLIC COMMENTS)
Members of the public may speak about any item not on the agenda. Members of the public wishing to
suggest an item for a future Council agenda may do so during this public comment period. The Ralph M.
Brown Act (the State local agency open meeting law) prohibits the City Council from acting on any matter
that is not on the agenda.
a. Patron Comment on Drag Queen Story Hour
Attachments: Comment Card
b. Patron Comment on Head Over Heels Event
Attachments: Comment
5. CORRESPONDENCE AND INFORMATION
a. June 2019 Statistics
Attachments: June Circulation and Study Room Usage
June Circulation and Study Room Usuage Trailing 12 Months
June Programs
6. REPORTS
a. City Librarian's Report
Attachments: Report
City of Burlingame Page 1 Printed on 711212019
Library Board of Trustees Meeting Agenda - Final July 16, 2019
b. Speaker's Series
C. Trustee Account Balance and Detailed SDendina Report
Attachments: Report
d. Monthly Topic - Adult Services (Adult Programs)
Attachments: Monthly Topics
7. UNFINISHED BUSINESS
a. Special Topics for Remaining Trustee Meetings Revised
Attachments: Santa Cruz Public Library Grand Jury Report
8. NEW BUSINESS
a. Kanopy Statistics - Tommy McMahon
Attachments: KanopV Statistics
b. Nomination and Election of President and Secretary to The Board of Trustees from
August 2019 through August 2020
9. ANNOUNCEMENTS
10. ACTION ITEMS
11. ADJOURNMENT
Any writings or documents provided to a majority of the Library Board of Trustees regarding
any item on this agenda will be made available for public inspection at the Reference Desk of
the Burlingame Public Library, 480 Primrose Road, Burlingame, California.
City of Burlingame Page 2 Printed on 711212019
Burlingame Library
Board of Trustees Minutes June 16, 2019
Roll Call
Trustees Present: Kerbey Altmann, Andy Blanco, Mike Nagler,
Randi Murray
Trustee Absent: Lisa Rosenthal
Staff Present: Sidney Poland, Recorder
Brad McCulley, City Librarian
New Trustee: Elisabeth Ostrow
II. Library Board of Trustees Minutes
The Trustees unanimously approved the minutes of the May 15, 2019
Trustee Board meeting with the correction of Jeff McFadden's name.
M/S/C (Murray/Altmann)
III. From the Floor (Public Comments)
There were not any representatives from the public who attended the
Trustee meeting.
IV. Statistics
Highlights for adult programs were a Zine Fest for the first Friday Art
Series, Historical Society Event on the Burlingame Post Office and
Citizens Environmental Council program on Designing Your Own Native
Plant Landscape. Total attendance was 228. Children's most popular
event was Superheroes and Comic Books, a three-part program
consisting of a Superhero Dance Party, Free Comic Book Day and
Making Comics Workshop. Attendance for all 3 events was 313.
V. Reports
A. City Librarian's Report - Highlights
• Acknowledging Gay Pride month in June the second annual
Drag Queen Night will be held June 19th. Children's Drag
Queen Story Time featuring books, music and dancing will
be held June 29th.
• Installation of LED lights continues with an ongoing
adjustment of amount of lighting necessary for specific
locations in the library.
• Easton has closed once this year when the temperature
reached 86 degrees internally. Closing threshold is 83
degrees.
• Ebsco is replacing Gale suite of online educational
resources. PLS directors voted to make this change. In
addition, all PLS libraries are moving to Zino eMagines. Our
library will discontinue Flipster.
B. Foundation Report
John Ward will host a garden tour at his home on June 30th to
support Call Primrose and the Burlingame Library Foundation.
C. Speaker's Series
The first musical program, Jazz in the Ballroom, hosted by the
Foundation was enjoyed by all who attended. Trustee Murray noted
that making sponsorships available for purchase contributed to the
financial success of the event. Dates of the 3 remaining Speaker
Series events for 2019 - 2020 are as follows:
• Lucy Kalanithi - Author Talk - September 1 Stn
• Susan Orlean - Author Talk - November 3ra
• Kim Sajet - National Portrait Gallery Director - January 26tn
D. Trustee Account - The Trustees reviewed the expenditures for the
month of April 2019.
A question arose regarding the expenditure for Edelweiss. Brad will
check with Jeannine regarding this issue.
E. Monthly Topic - Strategic Plan
Brad gave a review of the Strategic Plan citing the specific goals and
the progress made by staff. Goal D: Listen to our community &
share our stories was singled out as an example of a goal that
reaches beyond number statistics. The purpose of the goal is to find
a way to capture the outcome of the program such as what did
attendees learn or take away from the presentation that was a new
concept.
VI. Unfinished Business
Brad sent a letter to Manuel Santamaria of the Silicon Valley
Foundation requesting funds for (1) new window shades for the entire
building at a cost of $37,463.31 and (2) new donor wall face plates and
signage for the building at a cost of $3,232.22. The Trustees approved
the cost for both of these items at the May Trustee meeting
VII. New Business
A. Parking in the Fall
• The City is closing the two parking lots on the south side of
Howard to build underground parking and housing in September
of 2019. 200 parking spaces will be lost.
• The City Council has planned to use the upper level parking area
behind the library for valet parking.
• Library staff will not be able to park in any metered parking stalls
in Lot A or A 3.
• Library staff will retain the 16 spaces in what is known as the
library parking lot which is not metered.
• Brad noted that hopefully there will be alternatives for staff
parking
B. Review "Special Topics" for Remaining 2019 Trustee Meetings
Trustee Murray requested that "Special Topics" include a separate
session for adult programing. Brad will revise the schedule.
C. Request for Payment of Freight Invoice for State Delivery
The Trustees unanimously passed a motion to fund the YRC shipping
invoice in the amount of $327.00. M/S/C (Murray/Kerbey)
VIII. Action Items
Brad will hand out copies of the New Commissioners Handbook to the
Trustees at the July Meeting.
IX. Adjournment
The Meeting was adjourned at 7:00pm. M/S/C (Kerbey/Murray). The
next meeting of the Library Board of Trustees will be held on July 18,
2019 in the Upper Level Meeting Room at 5:30pm.
Respectfully Submitted
Brad McCulley
City Librarian
City of Burlingame
COMMENTS
Please share your ideas with us!
TP"
V`oi
flame
Emall/P
Library Card #
Mon 7/1, 10:15 AM
I have been meaning to drop you a line to say how much the Head Over Heels event was so great. I was
not able to fill out the survey and just wanted to give you some quick feedback.
Everyone involved was so talented. My neighbor and I especially enjoyed the Q&A after the
performances. We also enjoyed the MC, I believe his name is Manuel. He is very comfortable in front of
a microphone and audience!
Thanks to everyone for all they did to make that evening special! Have a good summer.
Kind Regards,
Constance Quirk
Burlingame, CA
BPL Circulation and Study Room Usage
June 2019 - including Auto -Renewals & App Renewals
1.800 -Main Circ Easton Circ -E-media Circ -Study Room Usage -Tech Lab Usage
E-media
5,406
1.600
1.400
1.200 Easton
8,045
Main
61,112
1.000 Study Rooms
351
/ Tech Lab
207
0.800
0.600
June June June June June June
2014 2015 2016 2017 2018 2019
BPL Circulation and Study Room Usage - Trailing 12 Months
June 2019 - including Auto -Renewals & App Renewals
-Main Circ Easton Circ E-media Circ -Study Room Usage -Tech Lab Usage
1.300
E-media
Tech Lab
1.200 /
Main
1.100
Easton
1.000 Study
Rooms
(in minutes,
not sessions)
0.900
Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun
2018 2018 2018 2018 2018 2018 2018 2019 2019 2019 2019 2019 2019
Library Programs
June 2019
Adult Programs
25 617
programs patrons
Children's, Teen, and Easton Programs
196 6,586
programs patrons
Highlights
Speaker Series — Freddy Cole Jazz Concert
250
patrons
Head Over High Heels 2
77
(Drag program for adults)
patrons
Repair Cafe
76
patrons
Summer Reading Kick-offs:
total of
Main 325 patrons
475
Easton 150 patrons
patrons
Drag Queen Storytime
137
patrons
Space Yoga Storytime
54
patrons
City Librarian Report to Board of Trustees
16 July 2019
BURL NOAMI
Personnel Updates:
Comings and Goings
o Welcome Volunteer Coordinator David Whitman — coming to us by way of San Mateo Public and ACT Theater
in SF. David is also Passport Intake certified.
o Two retirees have been hired temporarily to assist us with projects — Amy Gettle (key safe organization) and Jan
Eustis (book -talks for seniors).
Recruitments
o The Library is looking for an hourly custodian working one day a week as an alternate for our current custodial
staff. Preferably a local resident with a very flexible schedule.
o Circulation will be recruiting for more Library Aides and Assistants
General Updates:
o Monthly Topic — Adult Svcs programming and Kanopy
o Strategic Plan 2019/2020 — N/A
o Passport Intake update — staff are planning a "Passport Fair" on the Library front porch — drop in photos,
forms reviewed etc... with many staff in place to make it fast.
o Policy —
• Library Security Camera policy -- pending
• Community Board Posting policy -- pending
o Training —
• All -Staff meeting June 20' went well — good communication was the theme and we had a good
discussion about the parking issue in the Fall. These will be held quarterly.
• Professional Development Day will be held Oct 14t1i in lieu of Columbus Day (with permission of
Unions)
o Significant Upcoming Events —
• Summer Reading "Family Fun Nights" are in full swing and popular as ever.
• Head Over High Heels 2 & Pride Month Drag Queen Storytime — both events were well attended
successes as part of Gay Pride Month (see attached comments)
• Librarian Jason Yap has started his Foundation grant funded Computer classes for Seniors, full classes
and very well received.
o Facilities update —
0 Staff are looking into new alternatives for "step stools" in stacks as they present an ADA issue for those
in wheelchairs.
o Foundation report —
• John Ward Garden Tour fundraiser June 30 was a success raising approximately $2400 and many new
adherents.
o PLS/PLP — PLP has recently dealt with some public pushback for its use of the Gale/Cengage software
"Analytics on Demand" including a Santa Cruz County Grand Jury investigation and report.
LIBRARY TRUSTEES ACCOUNT DETAIL FISCAL 2018-2019
5/31/2019
Account No Name 7/ 1 / I8 Balance
5320 Copier Fund $ 12,145.15 $
5330 General Donations $ 1,388,42 $
5340 Duncan Collections $ 50,522.54
5350 Education and Appreciation $ 2,413,82
YTD YTD
Revenue Expenses
2,469.05 $ 2,117.30 $
200.00
$ 1,683.92
$ 2,881.78 $
5360 Farrel (Julia) Book Fund $ 9,056.78 $ 280.81
5390 WiElert (Wayne) Fund $ 5,777,47 $ 5,777.47
Total $ 81,304.18 $ 2,949.86 $ 12,460,47
CITY OF BURLINGAME
OTHER LOCAL GRANTS & DONATIONS
FISCAL YEAR 2018-19
AS OF MAY 2019
5/31/2019
Transfer
Balance Expense Detail
(850.00) $
11,646.90 $2117.30 Copier Lease and Expenses
$
1,588.42
$
48,838.62 $1183.92 Sound for Speaker Series- Gavin Jones
$500.00 Edelweiss Collection Development
850.00 $
382.04 $200.00 Volunteer $5 Starucks gift cards
$1831.78 Sixto's Brunch for Staff Appreciation
$850.00 Cafe coupons for Staff
$
9,337.59
$
- $4986.39 Shades for Reading Room
$516.08 Gavin Jones Sound
$275.00 Roto Rooter for Cafe
$ 71,793.57
Updated: 6/12/2019
05/31/19
- Balance YTD- YTD- Balance
DEPT REV# EHP# DESCRIPTION 7/1/2018 Revenues Expenditures 5/31/2019
LIBRARY 39525 69525 Library Trustee Account 81,304.18 $ 2,949.86 12,460.47 71,793.57
Monthly Focus Topics
September
Web/Social Media/Marketing
October
Adult Svcs — eResources & collection
development
November
Strategic Plan
December
Teen
January
SVCF Investment Update
February
Strategic Plan
March
Children
April
Technical Services
May
Strategic Plan
June
Web/Social Media/Marketing
July
Adult Svcs Programming
August
Strategic Plan
W
rXA
Vfe
OF
-15
S9�
l
It
Patron Privacy at Santa Cruz Public Libraries
Trust and Transparency in the Age of Data Analytics
Summary
Libraries are one of the most trusted institutions in our country. People place
librarians in the same class as doctors, nurses, firefighters, and teachers.
— Erin Berman, Library Privacy Advocate
The quotation from Berman reflects the importance of libraries as sanctuaries of intellectual
freedom. In the Digital Age, however, the role of libraries is evolving. In an attempt to satisfy
perceived patron demand, some libraries, including Santa Cruz Public Libraries (SCPL), have
started using data analytics tools similar to those used by businesses to market products to
consumers. Using these tools in libraries is a potential threat to patron privacy and trust.
This report examines SCPL's use of third -party data analytics in relation to current
California law pertaining to confidential patron data; industry best practices for patron
privacy; current SCPL privacy policy and staff concerns regarding privacy,
transparency, and patron consent; and the perceived usefulness of these analytical
tools. The Grand Jury has concluded that SCPL management did not recognize the
importance of
• informing patrons how SCPL uses their personal data;
• giving patrons the opportunity to consent to use of their personal data;
• explaining patron data use in proposed privacy policy and online documents;
• adopting best practices outlined by the American Library Association;
• carefully evaluating risks versus rewards when using data analytics;
• staying abreast of state laws concerning library use of patron data; and
• resolving the disagreements among staff regarding the use of data analytics and
its implications for patron privacy.
Published June 24, 2019 Page 1 of 24
Background
Although Santa Cruz County library services began in 1916, the current structure of the
Santa Cruz Public Libraries (SCPL; the Library) system, created in 1996, consists of a
network of ten neighborhood library branches distributed county wide, a web -based
digital library, a bookmobile, and community -based programs.
Last year, SCPL expenditures were about $12M ($7.6M in salaries and $4.2M in
operating costs). SCPL employs about 90 full-time equivalents and serves roughly
135,000 registered patrons. All SCPL employees are City of Santa Cruz employees.
The Watsonville library system is not part of SCPL and is not a subject of this Grand
Jury investigation.
SCPL is governed by the Library Joint Powers Authority (JPA), the agreement for which
was last amended in 2015. The JPA board is currently composed of the County
Administrative Officer and the city managers from Capitola, Santa Cruz, and Scotts
Valley. Among other responsibilities, this board chooses the Library director and votes
on approval for budget and library policies.
SCPL is also guided by the Library Advisory Commission (LAC). The LAC represents
the community by providing advice and feedback to the JPA board and the Library
director. The LAC reviews programs and services and makes necessary
recommendations as they pertain to the provision of these programs and services. The
LAC consists of seven members:
• Three residents of unincorporated Santa Cruz County appointed by the County
Board of Supervisors.
• Two Santa Cruz city residents appointed by the Santa Cruz City Council.
• One Capitola resident appointed by the Capitola City Council.
• One Scotts Valley resident appointed by the Scotts Valley City Council.
In early 2019 the LAC recently agreed to participate in the review of library policies,
including privacy policies."'
As prescribed by Measure S, approved by voters in 2016, SCPL is in the midst of a
massive infrastructure upgrade, which will dramatically affect all of the branches in the
system.
SCPL's "Strategic Plan 2017-2021: Premise and Process," published on the SCPL
website, stresses the importance of finding better ways to connect with patrons. This
planning document quotes former Santa Cruz Museum of Art and History Director Nina
Simon's book, The Art of Relevance:
The most powerful way to gain access to a new community is not by
creating programming or marketing campaigns you think might fit
their interests. Instead it starts with networking.... Listen to their
interests and concerns. The more you understand what matters to them
and what experiences they seek, the better you can assess whether and
how you can connect with them. [emphasis added]
Published June 24, 2019 Page 2 of 24
Using this premise of community relevance, in 2016 SCPL initiated conversations with
individuals, small groups, and organizations to explore new potential directions for the
Library. However, the concluding paragraphs of the SCPL's "Premise and Process"
document describe the proposed use of a data analytics tool called Gale Analytics on
Demand (AoD) that "allows the Libraries to have access to detailed analysis of SCPL
household level data to better understand communities' and patrons' needs."
There is a disconnect within the SCPL's "Premise and Process" document. The
document suggests that the best way to understand patrons' interests and concerns is
to ask patrons directly. Contrarily, the document advocates obtaining patron information
by using a data analytics tool, which does not involve any direct interaction with patrons.
There is also a conflict between how SCPL protects patron privacy and how SCPL uses
patron data to "better understand communities' and patrons' needs." The Grand Jury
found that SCPL did not adequately research protection of patron information when
using data analytics tools.
The Grand Jury also found that SCPL did not inform patrons what additional information
about them was gathered and retained in the library's computer system, nor were they
allowed a choice about whether they consented to SCPL gathering this information.
Scope and Methodology
The Grand Jury interviewed staff and management of SCPL, as well as representatives
of the JPA board and the LAC.
The Grand Jury also interviewed representatives of external library organizations with
expertise in patron privacy and data analytics.
Grand Jury members attended JPA board and LAC meetings.
The Grand Jury sought legal advice in understanding specific State laws governing
library mandates and requirements for handling confidential patron information.
The Grand Jury reviewed the SCPL public website, budget and planning documents,
internal documents and reports, operational procedures, and contracts with third parties.
The Grand Jury reviewed documents from external organizations including the
American Library Association (ALA), Pacific Library Partnership (PLP), Califa Group (a
state-wide purchasing consortium supporting regional consortia like PLP), and the State
Library Board.
The Grand Jury compared and contrasted the online privacy policies of selected
American libraries and conducted additional internet research concerning data analytics
and library patron privacy.
Published June 24, 2019 Page 3 of 24
Investigation
What is Gale Analytics on Demand?
Gale Analytics on Demand (AoD) is a service provided by Cengage Learning since
2014 that allows libraries to conduct socio-economic analysis of the communities they
serve.0 AoD includes a suite of analytical tools for
• evaluating and visualizing patron demographics, branch activity, and collection
usage;
• planning marketing campaigns; and
• targeting voting patrons ahead of elections that could benefit the library.[$]
These tools are powered by Mosaic, Experian's proprietary system of 71
socio-economic profiles ("lifestyle segments") for categorizing households in the
community.L [!OIL'-] Appendix A illustrates the Mosaic system and includes a description
of "Silver Sophisticates" (C-13), a well -represented lifestyle segment in Santa Cruz.
To use AoD, the library exports patron information —such as physical address, date of
last checkout, and number of books checked out —from its internal database to the AoD
cloud service. AoD blends and augments this patron information with the Experian
Mosaic profile and U.S. census data for each household. AoD then delivers the resulting
aggregate data file and illustrated summary reports to the library for further analysis.
The library uses this information to plan programs and services. As a result, the library
holds significantly more household -level data in its computer system than patrons
originally provided.
A Timeline of AoD Use at SCPL
SCPL first considered using AoD in late 2015, under a previous Library director. Library
staff voiced concerns about patron privacy at that time.
In early 2016, SCPL obtained free access to AoD through its membership in PLP, a
regional library consortium in the San Francisco and Monterey Bay areas.I12-1 SCPL
started AoD training with the goals of gaining insights into patron demographics and
assisting in library strategic planning.
In 2017 SCPL released a strategic planning document that briefly mentioned that AoD
would provide "access to detailed analysis of SCPL household level data to better
understand communities' and patrons' needs."""
In 2017 and 2018, SCPL staff members experimented with the program to assist in
marketing and library planning work.I141 In late 2018 or early 2019 SCPL suspended its
use of AoD. Staff concerns about the use of AoD triggered a series of steps to review
and update the Library's privacy policies and practices. After a succession of proposed
drafts dating back to November 2018, the JPA approved an update to SCPL's privacy
policy on June 6, 2019.E
Published June 24, 2019 Page 4 of 24
Issues Raised by the Library's Use of Data Analytics
Disclosing Use of Patron Data
The Grand Jury found that the undated "Information We Keep About You" document on
the SCPL website�LIJ is inaccurate and incomplete. It does not describe the data
returned to the Library by AoD. This tool aggregates more than 300 data factors at the
household level —information not provided to the Library by the patron. These factors
include household income, education levels, number and age of children, number of
years at residence, spending habits, and web browsing behavior.'—'1 As discussed
above, the tool then assigns one of 71 "lifestyle segments" to the household, which infer
patron behaviors and interests based on socio-economic status and other factors.
National standards classify these data as personally identifiable information (PII).�'$1
Less significant are inconsistencies between "Information We Keep About You" and the
information actually gathered during the library card application process. Contrary to
what is published on the website, the application process does not require a patron's
Social Security number or the expiration date of the patron's driver license, but it does
require home library branch and mobile phone carrier.
Furthermore, the "Information We Keep About You" document doesn't accurately reflect
the fact that SCPL retains patrons' borrowing data in the form of total number of
checkouts and date of last checkout; AoD uses these two data points in addition to
patron address as inputs for its data analysis process.
In the April 15, 2019 meeting of the LAC, SCPL staff disclosed the use of AoD.
However, the topic was not agendized, did not appear in the minutes, and the
discussion did not address how the use of data analytics might impact revision of the
library privacy policy. After disclosing use of AoD, Library staff informed LAC that SCPL
had stopped using the tool. However, there was no discussion about how privacy
concerns introduced by the use of data analytics tools could be resolved —or if they had
been resolved, whether the Library would consider resuming use of AoD.2-21 23 [24l
Gaining Consent from Patrons
As the Library began to acquire a wide array of information on each of its patrons, and
as data privacy issues appeared more frequently as headlines in the news, some of the
staff were increasingly concerned that the patrons were unable to consent to this
gathering and examination of additional patron information.1251
Staff made suggestions to develop a comprehensive system to clarify for patrons what
data is collected by SCPL, and to allow patrons to "opt out" if they so choose. To date,
these suggestions have not been implemented.
261
As will be examined in more depth in the next section of the report, California laws and
regulations are silent on the need for libraries to obtain patron consent when engaging
third parties. However, European Union General Data Protection Regulations (GDPR)L2L7j
and California Consumer Privacy Act (CCPR),[Z-IJ which apply to businesses, could also
provide guidance for libraries as they develop patron disclosure and consent policies
Published June 24, 2019 Page 5 of 24
and practices. These legislative efforts provide key insights that would allow patrons to
stay in control of their data, which is the key element of many of these new privacy
initiatives.
Management at the Library has not yet acted on staff suggestions to build a consent
system for patrons. Such a system would clearly advise patrons about the data
collected and how it is used, and would solicit patron consent as appropriate.
The SCPL privacy policy update approved on June 6, 2019, includes the following
section on the topic of choice and consent:
SCPL will only collect personal information for the administration of library
services. Administrative services includes creation of hold records, fine
billing and collection, marketing of library programs/services and creation
of organizational statistics such as SCPL circulation, website visits and
WI-Fi use.
Patrons may choose to provide additional data such as preserving their
circulation records to maintain personal reading lists or receive reading
suggestions. If a patron voluntarily chooses to provide additional
information, this information will be considered confidential.
SCPL will not sell, license or disclose personal information to any third
party without patron consent, unless SCPL is compelled to do so bylaw.L�OJ
Even with these changes, many questions remain. In the context of this investigation,
two questions are especially important: Does "marketing of library programs/services"
include data analytics that targets specific patron groups? If so, is patron consent
required? These and related questions need to be answered before a comprehensive
consent policy can be developed and used by both Library staff and its patrons to make
informed choices.
A consent system is useful if the library performs some action the patron might not
otherwise know about. For instance, if the library gathers information about patrons from
third parties to inform library planning efforts, patrons should be allowed to opt -in or
opt -out of that data collection and use.
In such situations, the library should explain that personal data is part of the system,
how the data will be processed, and how it will be used, in clear and concise terms. An
overly detailed and technical presentation can lead to patrons simply clicking through to
complete the choice; an oversimplified presentation can result in patrons not actually
understanding the potential consequences of participating. The privacy policy of the San
Jose Public Library is a good example of how to handle this delicate balance, in the way
that it addresses patron consentJ311
Understanding California Law Regarding Confidential Patron Information
The Grand Jury initiated its investigation amid concern that SCPL may have violated
State law by uploading patron data to the AoD cloud. As explained below, recent
changes to the California Government Code should put this concern to rest.
Published June 24, 2019 Page 6 of 24
The California Public Records Act, or CPRA, requires public disclosure of governmental
records upon request, with certain exceptions (California Government Code, sections
6250 through 6276.48). One set of exceptions, related to the confidential records of
public library patrons, is covered by Section 6267, last amended in 2011-2012 by
Senate Bill No. 445 (SB 445). SB 445 defines "patron use records" (in this context,
equivalent to "personally identifiable information") and clarifies the responsibilities of
"private actors" (third -party vendors) employed by public libraries (Appendix B). The bill
analysis of SB 445 by the Senate Judiciary Committee includes the rationale for
amending Section 6267:
Due to the public's increased use of electronic library resources, libraries
are increasingly utilizing third parties to store and maintain electronic
library records. This bill would clarify that written or electronic patron use
records, as defined, stored or maintained by public libraries or third
parties on behalf of public libraries should not be publicly disclosed,
with certain exceptions.[ [emphasis added]
The State Senate Judiciary Committee recognized that, in the current electronic
environment, California public libraries and their third -party vendors share responsibility
for protecting confidential patron records. However, the law as amended by SB 445
does not state whether libraries are legally responsible for the actions of third parties
that they employ. Absent guidance from the law, California libraries can turn to best
practices in the library community to guide them in their interactions with third -party
vendors. These best practices will be discussed below.
Another issue that the law does not address directly is the responsibility for managing
and safeguarding confidential information that a library might acquire from a third party;
an example is the Experian Mosaic profiles included in the aggregate data files that AoD
returns to the library. This is an area where patron privacy law has not caught up with
advances in technology.
This review of California law is relevant to SCPL in several respects. When SCPL
began using AoD in 2016, the Library's privacy policy, "Confidentiality of Library
Records, (revised November 2010) referenced an obsolete version of Section 6267.
As noted earlier, this may have contributed to concerns that the Library's use of AoD
violated State law. However, the Grand Jury has concluded that the use of AoD is
permitted under the 2011-2012 version of the law, provided that the third -party vendor
is working in service of the library.
If SCPL had been aware of the 2011-2012 changes to the law, staff and management
would have also understood what constitutes "patron use records" and how libraries and
third -party vendors share responsibility in protecting patron privacy. For example, AoD
requires the entry of a patron's physical address; however, the law specifically includes
"address" in the definition of "patron use records," requiring the Library and third parties
working on its behalf to keep this information confidential. This knowledge is essential to
the Library's policies and practices regarding patron privacy, patron consent, and
third -party contracts.
Published June 24, 2019 Page 7 of 24
Understanding the Terms of Use for AoD
The Pacific Library Partnership (PLP), a consortium of 42 libraries, holds a contract with
Cengage Learning allowing PLP to provide AoD to its member libraries, including SCPL.
Because the contract was executed by the consortium, the member libraries using this
analytical tool would not have seen the contract unless PLP shared it or individual
libraries requested it. In the case of SCPL, our interviews have confirmed that the
Library leadership did not obtain the actual contract until April 2019 and until then could
not have been aware of the presence or absence of language protecting the interests of
the Library and the privacy of its patrons) 41 Instead, the Library relied on PLP to
conduct due diligence in its negotiation of the contract.
When the Grand Jury requested "any licenses, agreements, or contracts for AoD,"
SCPL provided a link to Gale Cengage Terms of Use for all of their web -based services
and related apps.LLIJ The Grand Jury was unable to determine how or why SCPL came
to believe these terms applied specifically to AoD.
The Grand Jury has obtained the contract between PLP and Cengage Learning3 l and
concluded that it fails to explain several key points in clear and simple language, and
does not address the following areas:
• The confidentiality clause in the contract does not clearly state whether PLP
member libraries should have access to contract's terms and conditions.
• The contract does not clearly state that the PLP, its member libraries, and
Cengage Learning share responsibility for understanding and applying State laws
pertaining to the protection of confidential patron information.
• The contract does not acknowledge that PLP member libraries retain ownership
of the information they provide to the service.
• The contract does not clarify ownership and sharing of the aggregate data
products produced by the service.
• The contract does not explain the responsibilities of Cengage Learning in the
event of a data breach.
• The contract does not explain how PLP or its member libraries can terminate the
agreement with the assurance that all data has been removed from the system.
• The contract does not provide for the removal of individual patron records, should
any patrons choose to opt out.
Adopting Industry Best Practices and Standards
The American Library Association (ALA) is recognized as the authoritative source of best
practices and standards for the library community in the United States. The Library Bill of
Righ&!-'J and Intellectual Freedom ManualL1 L�19J are general resources that are continually
updated. Another document, ALA "Privacy Tool Kit," provides detailed guidance on
implementing policies to protect patron privacy. The recommended practices include
designating a privacy officer with authority to administer privacy policies, review privacy
clauses in contracts with third -party vendors, and conduct privacy auditsJ4o1
Published June 24, 2019 Page 8 of 24
ALA recommends that contracts with third -party vendors contain language that explicitly
protects the interests of the library and the privacy of its patrons. In "Privacy: An Interpretation
of the Library Bill of Rights," ALA explains in more detail:
Libraries should not share personally identifiable user information with
third parties or with vendors that provide resources and library services
unless the library has obtained the permission of the user or has entered
into a legal agreement with the vendor. Such agreements should
stipulate that the library retains control of the information, that the
information is confidential, and that it may not be used or shared
except with the permission of the libraryJLJ [emphasis added]
A case study from the Seattle Public Library (SPL) provides even more specific
guidance on contract language. SPL attaches an addendum to the "boilerplate"
contracts typically provided by third -party vendors, with language to protect confidential
patron information and indemnify the library against willful violations or negligence by
the third party (Appendix C).M
The ALA "Privacy Tool Kit" recommends that library privacy policies emphasize choice
and consent, typically by allowing patrons to opt -in or opt -out of library services that use
their personal dataJL11 ALA considers patron consent to be especially important in the
case of emerging technologies:
It is important for libraries not to take the attitude that patrons no longer
care about privacy.... Patrons may not possess the discursive language
or technology terms to articulate their complaint, however, it doesn't mean
that they do not care about data harvesting, data mining and sharing of
their personal information behind the scenes with third parties. The lack of
transparency in consent, data sharing and terms of service changes is a
barrier to patron -centered service.�441
ALA policies provide little specific guidance about the use of data analytics tools.
However, the following excerpt from the "Privacy Tool Kit" indicates that "big data" tools
should be used with caution:
It's too easy to make incorrect correlations when personally identifiable
information sits side by side with other data. Unless a patron opts -in,
reading records should never be correlated with patron conduct, database
usage, meeting room signups, etc. Libraries should also be aware of what
information may be publicly visible. Data may exchange many hands with
third parties, using libraries as conduits, allowing more opportunity for
privacy breaches and data mining. As stewards of patron privacy, libraries
should steer away from the practice of creating aggregate data without
legitimate purposes.1451
Published June 24, 2019 Page 9 of 24
In order to better understand best practices of library use of data analytics, the Grand
Jury consulted the writings of an expert in the field. In her article entitled "Big Brother is
Watching You: The Ethical Role of Libraries and Big Data," library privacy advocate Erin
Berman describes the enticements for libraries to use data analytics:
These [data analytics] companies are telling libraries that our patrons are
demanding personalized services, that we are facing a future of
irrelevance. Luckily for us, their products have all the answers. By tracking
patron behavior we can give them the experience they have come to
expect from this new digital world. Libraries can segment out our patrons,
sending targeted marketing based on their behaviors, customizing our
services based on what they read and what programs they attend. We will
finally be able to use real data to tell our stakeholders why we are of
value, so they won't withdraw our funding. This messaging is a classic
anxiety stick, followed by a marketing carrot.
Berman summarizes her concerns as follows:
Do not jump into big data without being intentional, transparent, and
having a comprehensive understanding of how the products work. Utilizing
different datasets to drive decision making and analyze the work done in
libraries is extremely important, but it must be done with careful attention
paid towards protecting our patrons' privacy.
The Library and Information Technology Association (LITA, a division of ALA) offers a
number of practical stepsL1 that can be taken by libraries to improve patron privacy in
the area of digital content. In particular, LITA reviews practices designed to assist in the
prevention of, and response to, a possible data breach.
Effectiveness of Gale Analytics on Demand in Library Planning
SCPL staff relied on vendor information to conclude that AoD could be an effective tool
for library planningJL11 The purported benefits of using AoD included the following:
• Justifying a grant request that would help a library better serve its community
• Supporting funding requests
• Deciding where to open a branch
• Understanding where nonpatrons are located so that the library is more likely to
reach them
• Communicating more effectively with patrons
• Making community -oriented collection and program decisions
The ALA "Privacy Tool Kit" casts doubt on the effectiveness of data analytics because
"it's too easy to make incorrect correlations when personally identifiable information sits
side by side with other data."""
Recently, SCPL staff demonstrated the real-time use of AoD to the Grand Jury.L�lj
Members cross-checked information they knew to be correct with data returned by AoD,
and found that the AoD data was incorrect.
Published June 24, 2019 Page 10 of 24
The demonstration gave rise to many questions, particularly regarding underserved
populations, such as the poor and homeless. AoD generated reports that indicated
there is no Experian data on approximately 30% of the total patron population. These
are individuals with no credit cards or credit history. There is no evidence that the AoD
analysis compensates for this skewing of data.
Homeless individuals frequently give the Homeless Service Center at 115 Coral St. as
their address. The individuals who follow this practice all have the same physical
address. A similar situation occurs with P.O. box holders, jail inmates, and children who
receive library cards at school. The Grand Jury found it difficult to come up with a
scenario where treating these clusters of unrelated individuals as households would
produce meaningful data.
On one occasion, SCPL staff used AoD to generate a report that showed the number of
years patrons had lived at their current residence. The goal of this effort was to market a
neighborhood history program to long-term residents of a neighborhood. But staff did
not investigate the accuracy of the assumption that long-term residents are more likely
to be interested than newcomers in the history of their neighborhoods. SCPL staff
stated that this use of AoD did not yield the desired resultsJ12-1 Alternatively, staff might
ask patrons directly about their interest in library programs.
Explorations like those described above trigger the gathering and aggregation of patron
data. These actions pose a risk to patron data, regardless of whether the data produced
leads to successful planning exercises or marketing campaigns for the Library.
Library Staff Concerns About the Use of Data Analytics
Grand jury interviews indicated that Library staff have had ongoing concerns about
several aspects of using AoD and data analytics in general: inconsistencies with
Library's privacy policy; failure to inform patrons and gain their consent; and legal and
ethical issues concerning confidential patron information shared with third parties.
As early as 2015, SCPL staff voiced concerns that AoD use constituted a possible
violation of patron privacy!L11 These concerns were brought to the attention of three
successive Library directors but have not been resolved.
SCPL typically responded to these concerns by referring staff to the vendor. In June
2018, for example, the vendor answered a SCPL inquiry as follows:
• Gale does not personally handle the library data. There is no need for
someone outside the library to manually review, handle, or receive files,
like there is with other services. All data is submitted to the tool directly by
the library. In other words, there is no data being "exchanged with third
parties, " as the statement from ALA cautions against.
• When the tool generates reports, the library can delete the report at their
discretion. There is nothing maintained by us or a 3rd party.
• The only information AOD requires to function, is an address. We do not
require a name or any other identifiable information that is not public
record.LI
Published June 24, 2019 Page 11 of 24
The Grand Jury and some of the SCPL staff disagree with this assessment and believe
that Gale Cengage is a third party that receives and augments patron personal
information. AoD proponents among the staff accepted and relied on the above
explanation of patron data use without performing an independent investigation into
whether these statements were accurate. SCPL management also acknowledged that
some risk associated with AoD use might be necessary to remain competitive in the
marketplace.L1
SCPL staff also expressed concerns that patrons were not informed or given a choice
regarding AoD use of patron data. Some questioned whether the Library should be run
like a commercial venture vying for patron market share.121J
The Grand Jury concluded that these differences of opinion were not adequately
addressed within the Library, and the lack of resolution contributed to difficulties in
developing and implementing a relevant and timely privacy policy and practice.
Conclusion
SCPL faces many complex challenges in the years ahead.These include rebuilding
infrastructure, accommodating potential budget and staffing shortfalls, and satisfying
rapidly changing patron needs and expectations. Despite the stresses of these
circumstances, and differing visions for the Library, SCPL staff uniformly demonstrated
professionalism, dedication, passion for their institution, and unflagging service to
patrons.
Public libraries like SCPL are sanctuaries of intellectual freedom. In response to the
Digital Age, however, the role of libraries is evolving. People can now use internet
search engines to get information, rather than visiting the library or calling a reference
librarian. To stay relevant yet true to one of their core missions, serving the
underserved, libraries have begun placing more emphasis on services such as
computer training and access to electronic media, educational programs and community
meetings, and referrals for at -risk patrons to social and government programs.
In an attempt to satisfy perceived patron demand, some libraries, including SCPL, have
also started using data analytics tools similar to those used by businesses to market
products to consumers. Using these tools in libraries is a potential threat to patron
privacy and trust.
This report has examined SCPL's use of third -party data analytics in relation to current
California law pertaining to confidential patron data; industry best practices for patron
privacy; current SCPL privacy policy and staff concerns regarding privacy,
transparency, and patron consent; and the perceived usefulness of these analytical
tools.
The Grand Jury has concluded that SCPL management did not recognize the
importance of
• informing patrons how SCPL uses their personal data;
• giving patrons the opportunity to consent to use of their personal data;
Published June 24, 2019 Page 12 of 24
• explaining patron data use in proposed privacy policy and online documents;
• adopting best practices outlined by the ALA;
• carefully evaluating risks versus rewards when using AoD;
• staying abreast of state laws concerning library use of patron data; and
• resolving the disagreements among staff regarding the use of AoD and its
implications for patron privacy.
Findings
F1. The use of Gale Analytics on Demand by Santa Cruz Public Libraries was
inconsistent with the Library's long-standing policy on Confidentiality of Library
Records (policy 303, adopted February 2006; revised November 2010) and
companion document, "Information We Keep About You."
F2. The use of Gale Analytics on Demand, or any other data analytics tool, by Santa
Cruz Public Libraries is not clearly addressed in the Library's newly revised
policy, Confidentiality of Library Records & Patron Data Privacy Policy (policy
303, adopted June 6, 2019).
F3. Santa Cruz Public Libraries did not adequately inform its patrons about the
Library's use of Gale Analytics on Demand or obtain their consent for this use.
F4. Santa Cruz Public Libraries used Gale Analytics on Demand without adequately
considering the patron privacy aspects of current California law.
F5. Santa Cruz Public Libraries used Gale Analytics on Demand without examining
the contract for this service, thus raising potential liability issues related to data
ownership, data breaches, and patron privacy.
F6. The contract is unclear and does not contain language that protects the interests
of the Pacific Library Partnership, its member libraries, and their patrons.
F7. The use of Gale Analytics on Demand by Santa Cruz Public Libraries is
inconsistent with best practices in the library community regarding patron privacy.
F8. Santa Cruz Public Libraries used Gale Analytics on Demand without adequately
evaluating the effectiveness of the tool.
F9. The use of Gale Analytics on Demand by Santa Cruz Public Libraries has
created disagreement among Library staff concerning the traditional
responsibility of libraries to protect patron privacy, the validity of data analytics as
a planning tool, and potential security vulnerabilities of the system.
Recommendations
R1. Santa Cruz Public Libraries (SCPL), in coordination with the Library Advisory
Commission (LAC) and Library Joint Powers Authority (JPA) board, should revisit
the Library's revised privacy policy (adopted June 6, 2019) to specifically address
the use of data analytics and other tools utilizing patron information. (F1—F4, F7)
R2. SCPL should implement a system for obtaining and managing patron consent for
data analytics and other tools that use patron information. (F3)
Published June 24, 2019 Page 13 of 24
R3. SCPL management and staff, in coordination with LAC and the JPA board,
should stay abreast of changes to state law, especially as it concerns patron
privacy and evolving technology, and update Library policies and practices in
response to such changes. (F4)
R4. SCPL should review the contracts for all third -party digital services used by the
Library, including those provided by library consortia. (F5, F6)
R5. SCPL should adopt guidelines and practices suggested by the American Library
Association with regard to patron privacy and data analytics services. (F7)
R6. SCPL should designate a data privacy officer and give this officer full authority
and responsibility to implement and enforce the privacy policy, and to periodically
report to the SCPL director, JPA board, LAC, and the public. (F7)
R7. SCPL should perform a meaningful evaluation of any tool that uses patron
information to determine if the benefits outweigh the risks to patron privacy. (F8)
R8. SCPL should offer workshops for patrons to explain how the Library uses patron
information and to explore related privacy issues. (F3, F4)
Required Responses
Respondent
Findings
Recommendations
Respond Within/
Respond By
Director, Santa Cruz
F1—F9
R1—R8
90 Days
Public Libraries
September 23, 2019
Library Joint Powers
F1—F5, F7
R1, R3, R6
90 Days
Authority Board
September 23, 2019
Requested Responses
Respondent
Findings
Recommendations
Respond Within/
Respond By
Library Advisory
F1—F4, F7
R1, R3, R5
90 Days
Commission
September 23, 2019
Abbreviations and Acronyms
• ALA: American Library Association
• AoD: Gale Analytics on Demand
• JPA: Joint Powers Authority
• LAC: Library Advisory Commission
• PIL Personally Identifiable Information
• PLP: Pacific Library Partnership
• SCPL: Santa Cruz Public Libraries
Published June 24, 2019 Page 14 of 24
Sources
Notes
1. Erin Berman. May 2, 2018. "Big Brother is Watching You: The Ethical Role of
Libraries and Big Data." Accessed June 17, 2019.
https://chooseprivacyeveryday.org/the-ethical-role-of-libraries-and-big-data/
2. "About the Library," Santa Cruz Public Libraries. Accessed June 17, 2019.
https://www.santacruzpl.org/aboutscpl/ [see links to "Library Boards," "Planning
Documents," and "Governance & Funding"]
3. Grand Jury interviews and documents received.
4. Santa Cruz Public Libraries. January 2017. "Santa Cruz Public Libraries Strategic
Plan 2017-2021: Premise and Process." Accessed June 17, 2019.
https://www.santacruzpl.org/files/library_administration/documents/PremiseandProc
essStrategicPlan.pdf
5. Santa Cruz Public Libraries. January 2017. "Santa Cruz Public Libraries Strategic
Plan 2017-2021: Premise and Process." Accessed June 17, 2019.
https://www.santacruzpl.org/files/library_administration/documents/PremiseandProc
essStrategicPlan.pdf
6. Santa Cruz Public Libraries. January 2017. "Santa Cruz Public Libraries Strategic
Plan 2017-2021: Premise and Process." Accessed June 17, 2019.
https://www.santacruzpl.org/files/library_administration/documents/PremiseandProc
essStrategicPlan.pdf
7. Matt Enis, "Gale Releases Analytics on Demand, a Demographic GIS for Libraries,"
Library Journal, April 10, 2014. Accessed June 17, 2019.
https://www.Iibrary-Oourna1.com/?detaiIStory=gale-releases-analytics-on-demand-a-de
mographic-gis-for-libraries
8. Gale, A Cengage Company. 2019. "Gale Analytics: Data -Driven Decision Making."
Accessed June 17, 2019. https://www.gale.com/databases/gale-analytics
9. Experian Information Solutions, Inc. December 2018. "Mosaic USA: Your Customer
Segmentation Solution for Consistent Cross -Channel Marketing." Accessed June 17,
2019.
https://www.experian.com/assets/marketing-services/product-sheets/mosaic-usa.pdf
10. Experian is one of the three major consumer credit reporting companies in the
United States.
11. Gale, A Cengage Company. December 18, 2015. "Opportunity with Patron Profiles
as Told by Users —Gale Analytics on Demand" [video]. Accessed June 17, 2019.
https://www.youtube.com/watch?v=DOogU 1 dvuTk&list=PLaWzTROskkl PzPMeA7x3
knE-HkRNvfGaL&index=2 [See 3:30 mark for remarks by David Ziembiec, Gale
Western Region District Manager, Analytic Solutions.]
12. Grand Jury interviews.
Published June 24, 2019 Page 15 of 24
13. Santa Cruz Public Libraries. January 2017. "Santa Cruz Public Libraries Strategic
Plan 2017-2021: Premise and Process." Accessed June 17, 2019.
https://www.santacruzpl.org/files/library_administration/documents/PremiseandProc
essStrategicPlan.pdf
14. Grand Jury interviews.
15. Staff concerns were documented in Grand Jury interviews and documents received.
The long-standing SCPL privacy policy, "Confidentiality of Library Records" [policy
303, adopted February 2006, revised November 2010], has been superseded by
"Confidentiality of Library Records & Patron Data Privacy Policy" [policy 303,
adopted June 6, 2019]. The JPA board approved the revised policy at its June 6,
2019 meeting, which was attended by a member of the Grand Jury (see meeting
agenda, pages P57—P63:
https://www.santacruzpl.org/files/library boards/documents/LJPA/LJPA_2019-06-06
_agenda_e5KpLUO.pdf) The revised policy is now posted on the SCPL website:
https://www.santacruzpl.org/files/docs/policies/303_confidentiality-library-records.pdf
16. Santa Cruz Public Libraries. "Information We Keep About You." Accessed June 17,
2019.
https://www.santacruzpl.org/files/policies/documents/related_Information_We_Keep
_about_You.pdf
17. Experian Information Solutions, Inc. December 2018. "Mosaic USA: Your Customer
Segmentation Solution for Consistent Cross -Channel Marketing." Accessed June 17,
2019.
https-//www.experian.com/assets/marketing-services/product-sheets/mosaic-usa.pdf
18. Erika McCallister, Tim Grance, and Karen Scarfone, Guide to Protecting the
Confidentiality of Personally Identifiable Information (PII): Recommendations of the
National Institute of Standards and Technology (National Institute of Standards and
Technology Special Publication 800-122, April 2010). Accessed June 17, 2019.
https://nvlpubs.nist.e ov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf
19. Becky Yoose, "Balancing Privacy and Strategic Planning Needs: A Case Study in
De -Identification of Patron Data," Journal of Intellectual Freedom and Privacy 2, no.
1 (2017). Accessed June 17, 2019.
https://journals.ala.org/index.php/m/mifp/article/view/6250/8392 In the Background
section of her article, Yoose summarizes the National Institute of Standards and
Technology (NIST) definition of PII, which has two parts: PII-1 is information that can
directly identify an individual; PII-2 is information about activities that can be linked
back to the individual.
20. Santa Cruz Public Libraries. April 10, 2018. "Borrower Information Form." Accessed
June 17, 2019. https://www.santacruzpl.org/media/pdf/borrow-reg-form-eng.pdf
21. Grand Jury interviews and documents received.
22. Santa Cruz Public Libraries. "Library Advisory Commission, Regular Meeting,
Monday, April 15, 2019" [agenda]. Accessed June 17, 2019.
https://www.santacruzpl.org/files/library_boards/documents/LAC/LAC_2019-04-15_a
genda_fineZE2R.pdf
Published June 24, 2019 Page 16 of 24
23. Santa Cruz Public Libraries. "Library Advisory Commission, Regular Meeting
Minutes, Monday, April 15, 2019." Accessed June 17, 2019.
https://www.santacruzpl.org/files/library board s/documents/LAC/LAC_2019-04-15_
minutes.pdf
24. Santa Cruz Public Libraries. "Library Advisory Commission, Regular Meeting,
Monday, April 15, 2019" [audio recording]. Accessed June 17, 2019.
https://www.santacruzpl.org/files/library board s/documents/LAC/LAC_2019-04-15_a
udio.mp3 [See 34:00, 48:00, 49:00, 50:00, and 55:00 marks.]
25. Grand Jury interviews and documents received.
26. Grand Jury interviews.
27. European Commission. "2018 Reform of EU Data Protection Rules." Accessed June
17, 2019.
https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-prote
ction/2018-reform-eu-data-protection-rules_en
28. "Assembly Bill 375: Privacy: Personal Information: Businesses (2017-2018)" [text],
California Legislative Information. Accessed June 17, 2019.
https://Ieainfo.leaislature.ca.aov/faces/billTextClient.xhtml?bill_id=201720180AB375
29. Grand Jury interviews and review of SCPL website. https://www.santacruzpl.ora
30. Santa Cruz Public Libraries. "Santa Cruz City/County Libraries, Joint Powers
Authority Board, Regular Meeting, Thursday, June 6, 2019" [agenda, page P581.
Accessed June 17, 2019.
https://www.santacruzpl.org/files/li bra ry_ board s/documents/LJ PA/LJ PA_2019-06-06
_agenda_e5KpLUO.pdf
31. San Jose Public Library. "Our Privacy Policy." Accessed June 17, 2019.
https://www.sj pl.org/privacy/our-privacy-poliQy
32. "Senate Bill 445: California Public Records Act: Library Records (2011-2012)" [bill
analysis], California Legislative Information. Accessed June 17, 2019.
http://Ieainfo.leaislature.ca.gov/faces/billAnalysisClient.xhtml?bill_id=201120120SB4
45
33. Santa Cruz Public Libraries. 2010. "Confidentiality of Library Records" [policy 303,
adopted February 2006, revised November 2010]. This long-standing policy has
been superseded by "Confidentiality of Library Records & Patron Data Privacy
Policy" [policy 303, adopted June 6, 2019], which is now posted on the SCPL
website:
https://www.santacruzpl.org/files/docs/policies/303_confidentiality-library-records.pdf
34. Grand Jury interviews.
35. Cengage. January 2019. "Gale Cengage Terms of Use." Accessed June 17, 2019.
https://www.cengage.com/legal/terms-gale
36. Document received by the Grand Jury: "Subscription and Hosting Services
Agreement" [Cengage Learning].
37. American Library Association. January 29, 2019. "Library Bill of Rights." Accessed
June 17, 2019. http://www.ala.org/advocacy/intfreedom/librarybiLlI
Published June 24, 2019 Page 17 of 24
38. "Intellectual Freedom Manual, Ninth Edition," American Library Association Store.
Accessed June 17, 2019.
https://www.alastore.ala.org/content/intellectual-freedom-manual-ninth-edition
39. Helen Adams, "Updating the Intellectual Freedom Manual," Knowledge Quest, April
2, 2018. Accessed June 17, 2019.
https://knowledgequest.aasl.org/updating-the-intellectual-freedom-manual/
40. American Library Association. "Privacy Tool Kit." Accessed June 17, 2019.
http://www.ala.org/advocacy//privacy/toolkit
41. American Library Association. July 1, 2014. "Privacy: An Interpretation of the Library
Bill of Rights." Accessed June 17, 2019.
http://www.aIa.org/advocacy/intfreedom/librarybiII/interpretations/privacy
42. Becky Yoose, "Balancing Privacy and Strategic Planning Needs: A Case Study in
De -Identification of Patron Data," Journal of Intellectual Freedom and Privacy 2, no.
1 (2017), Appendix. Accessed June 17, 2019.
https://journals.ala.org/index.php/ i�fp/article/view/6250/8392
43. American Library Association. "Developing or Revising a Library Privacy Policy"
[Privacy Tool Kit 4 of 9]. Accessed June 17, 2019.
http://www.ala.org/advocacy//privacy/toolkit/policy
44. American Library Association. "Developing or Revising a Library Privacy Policy"
[Privacy Tool Kit 4 of 9]. Accessed June 17, 2019.
http://www.ala.org/advocacy//privacy/toolkit/policy
45. American Library Association. "Developing or Revising a Library Privacy Policy"
[Privacy Tool Kit 4 of 9]. Accessed June 17, 2019.
http://www.ala.org/advocacy/privacy/toolkit/policy
46. Erin Berman. May 2, 2018. "Big Brother is Watching You: The Ethical Role of
Libraries and Big Data." Accessed June 17, 2019.
https://chooseprivacyeveryday.org/the-ethical-role-of-libraries-and-big-data/
47. Erin Berman. May 2, 2018. "Big Brother is Watching You: The Ethical Role of
Libraries and Big Data." Accessed June 17, 2019.
https://chooseprivacyeveryday.org/the-ethical-role-of-libraries-and-big-data/
48. Library and Information Technology Association. "Library Privacy Checklist 3:
E-Book Lending and Digital Content Vendors." Accessed June 17, 2019.
http://www.ala.org/lita/advocacy//privacy/library-privacy-checklists/e-book-lending-an
d-digital-content-vendors
49. Grand Jury interviews and documents received.
50. American Library Association. "Developing or Revising a Library Privacy Policy"
[Privacy Tool Kit 4 of 9]. Accessed June 17, 2019.
http://www.ala.org/advocacy//privacy/toolkit/policy
51. Grand Jury interviews.
52. Grand Jury interviews.
53. Documents received by the Grand Jury.
Published June 24, 2019 Page 18 of 24
54. Documents received by the Grand Jury.
55. Grand Jury interviews and documents received.
56. Grand Jury interviews.
57. Experian Information Solutions, Inc. December 2018. "Mosaic USA: Your Customer
Segmentation Solution for Consistent Cross -Channel Marketing." Accessed June 17,
2019.
https://www.experian.com/assets/marketing-services/product-sheets/mosaic-usa.pdf
58. "Mosaic USA: Segmentation," Experian, Accessed June 17, 2019.
https://www.segmentationportal.com/us
59. "Senate Bill 445: California Public Records Act: Library Records (2011-2012)" [text],
California Legislative Information. Accessed June 17, 2019.
http://Ieginfo.legislature.ca.gov/faces/biIINavClient.xhtml?bill_id=201120120SB445
60. Becky Yoose, "Balancing Privacy and Strategic Planning Needs: A Case Study in
De -Identification of Patron Data," Journal of Intellectual Freedom and Privacy 2, no.
1 (2017), Appendix. Accessed June 17, 2019.
https://Oournals.ala.ora/index. php//jifp/article/view/6250/8392
Site Visits
• Joint Powers Authority meetings (various locations): 12/6/18; 1/10/19; 2/7/19;
3/7/19; 5/2/19; 6/6/19
• Library Advisory Commission meetings (various locations): 11/19/18; 2/11/19;
4/15/19; 5/20/19
• SCPL CyberSecurity Class (Aptos branch library): 10/30/18
• Felton Library Open House 3/16/19
Websites
• American Library Association: http://www.ala.org
• Pacific Library Partnership: http://pllpinfo.org/
• Santa Cruz Public Libraries: https://www.santacruzpl.org/
Published June 24, 2019 Page 19 of 24
Appendix A
Experian Mosaic Groups and Segments with Nationwide Percentages[LIJ
Mosaic USA group and type structure
6 1 Experian Marketing Services
Published June 24, 2019 Page 20 of 24
Experian Mosaic Groups and Segments with Nationwide Percentages (cont.)
Mosaic° USA { 7
Published June 24, 2019 Page 21 of 24
Description of Experian Mosaic Silver Sophisticates SegmentL1
Silver Sophisticates are a mix of older and retired couples and singles living in suburban
comfort. All but a small percentage of households are empty nests. Members of Silver
Sophisticates live in upscale neighborhoods located near big cities and are highly
educated. Typically, there is at least one retiree in the household, and those who are
still in the workforce have well -paying technical and professional service jobs. They can
afford to buy older, stylish homes worth upwards of half a million dollars.
With the luxury of both time and money, these households pursue leisure -intensive
lifestyles. They like to dine out, go to plays and concerts and shop for decorative
antiques. They travel often, both on cruises and flights abroad to experience other
cultures. These are fitness -minded households whose members typically belong to
health clubs where they can be found walking, using cardio machines and pedaling
stationary bicycles. Relaxation at home typically involves a book or Kindle.
Silver Sophisticates describe themselves as brand loyal in the marketplace. They like to
buy clothes and housewares in high -end stores as well as through catalogs and online.
Acknowledging their technological anxiety, they rarely buy trendy consumer electronics.
They do, however, like to buy premium cars, typically new imported models.
Self -described "smart greens'; they also look for products that are made or packaged
using recycled materials.
This is a segment where traditional media still reigns supreme. Silver Sophisticates are
into news; they are avid newspaper readers and tune in to radio newscasts. They
subscribe to specialty magazines that cover cooking or cars. They have an
above -average interest in TV and are particularly fond of news broadcasts, history
programs, movies and political commentary. The internet is their first place they turn for
practical activities like travel planning, researching stocks and doing medical research.
Just don't ask them to send a tweet, update their status or play a video game.
Unlike other older segments, Silver Sophisticates are relatively liberal in their views,
although they have a fairly equal split in support for the Republican, Democrat and
Independent parties. Silver Sophisticates support environmental causes, equal rights for
women and other progressive social issues. They are also active in the community and
see themselves as members of the global village. They worry about international issues
and volunteer for community groups. They also donate to a variety of charities involved
with health, social services, education, politics, the environment, the arts and public
broadcasting.
Silver Sophisticates can afford to be philanthropic. These folks have amassed large
nest eggs from diversified portfolios. They have high rates for owning retirement
accounts like IRAs and Keoghs. They carry a number of credit cards, in part to take
advantage of the rewards programs. After all, they never know when they might come
across the perfect offer for a cool restaurant or a hot ticket to a Broadway show.
Published June 24, 2019 Page 22 of 24
Appendix B
California Government Code, Section 6267, as Amended by SB 445 (2011-2012)
6267. All patron use records of any library which is in whole or in part
supported by public funds shall remain confidential and shall not be
disclosed by a public agency, or private actor that maintains or stores
patron use records on behalf of a public agency, to any person, local
agency, or state agency except as follows. -
(a) By a person acting within the scope of his or her duties within the
administration of the library.
(b) By a person authorized, in writing, by the individual to whom the
records pertain, to inspect the records.
(c) By order of the appropriate superior court.
As used in this section, the term "patron use records" includes the
following:
(1) Any written or electronic record, that is used to identify the
patron, including, but not limited to, a patron's name, address,
telephone number, or e-mail address, that a library patron provides
in order to become eligible to borrow or use books and other
materials.
(2) Any written record or electronic transaction that identifies a
patron's borrowing information or use of library information
resources, including, but not limited to, database search records,
borrowing records, class records, and any other personally
identifiable uses of library resources information requests, or
inquiries.
This section shall not apply to statistical reports of patron use nor to
records of fines collected by the library. [emphasis added to indicate
changes from SB 445]
Published June 24, 2019 Page 23 of 24
Appendix C
Sample Contract Addendum from the Seattle Public Library (SPL)
A provider of services to SPL will not reveal or disclose any data or
records, either physical or electronic, which are designated as confidential
by the Library or which pertain to SPL patrons when such data or records
could be used in any manner to identify a Library patron or any references
or materials that a specific Library patron accesses.
A provider of services to SPL must treat all the designated or individually
identifiable SPL records as confidential and protected. Encryption of such
data while in motion or at rest, and restricting access to confidential data,
are typical methods of data protection. No SPL records or data shall be
released by the provider to any third party without the prior written consent
of the SPL.
In the event that the provider violates this addendum, then said
provider agrees to indemnify, defend and hold harmless SPL and its
employees from and against any losses, costs, expenses, liabilities
(including attorney's fees), penalties and sanctions arising out of or
relating to such violation. This addendum does not limit the provider's
liability as specifically established under law.
The Parties hereto agree that this amendment modifies, changes,
amends and has precedence over any contradictory language in the
contract between the Parties. [emphasis added]
Published June 24, 2019 Page 24 of 24
BPL Kanopy Stats
Month
Plays
Cost per play
Kanopy Kids
$5/month for
unlimited plays
Monthly Invoice
January 2019
81
$2
$162
February 2019
124
$2
$248
March 2019
76
$2
$152
April 2019
132
$2
$264
May 2019
167
$2
5 ($25 total)
$359
June 2019
159
$2
3 ($15 total)
$313
BPL Kanopy Stats