Loading...
HomeMy WebLinkAboutAgenda Packet - LB - 2019.07.16CITY O p ipQRATED , City of Burlingame Meeting Agenda - Final Library Board of Trustees BURLINGAME CITY HALL 501 PRIMROSE ROAD BURLINGAME, CA 94010 Tuesday, July 16, 2019 5:30 PM Library Conference Room 1. CALL TO ORDER 2. ROLL CALL a. Swearing in of new Trustees Danielle Garcia and Elisabeth Ostrow 3. APPROVAL OF MINUTES a. Approval of the Library Board of Trustee Minutes for June 18, 2019 Attachments: Minutes 4. FROM THE FLOOR (PUBLIC COMMENTS) Members of the public may speak about any item not on the agenda. Members of the public wishing to suggest an item for a future Council agenda may do so during this public comment period. The Ralph M. Brown Act (the State local agency open meeting law) prohibits the City Council from acting on any matter that is not on the agenda. a. Patron Comment on Drag Queen Story Hour Attachments: Comment Card b. Patron Comment on Head Over Heels Event Attachments: Comment 5. CORRESPONDENCE AND INFORMATION a. June 2019 Statistics Attachments: June Circulation and Study Room Usage June Circulation and Study Room Usuage Trailing 12 Months June Programs 6. REPORTS a. City Librarian's Report Attachments: Report City of Burlingame Page 1 Printed on 711212019 Library Board of Trustees Meeting Agenda - Final July 16, 2019 b. Speaker's Series C. Trustee Account Balance and Detailed SDendina Report Attachments: Report d. Monthly Topic - Adult Services (Adult Programs) Attachments: Monthly Topics 7. UNFINISHED BUSINESS a. Special Topics for Remaining Trustee Meetings Revised Attachments: Santa Cruz Public Library Grand Jury Report 8. NEW BUSINESS a. Kanopy Statistics - Tommy McMahon Attachments: KanopV Statistics b. Nomination and Election of President and Secretary to The Board of Trustees from August 2019 through August 2020 9. ANNOUNCEMENTS 10. ACTION ITEMS 11. ADJOURNMENT Any writings or documents provided to a majority of the Library Board of Trustees regarding any item on this agenda will be made available for public inspection at the Reference Desk of the Burlingame Public Library, 480 Primrose Road, Burlingame, California. City of Burlingame Page 2 Printed on 711212019 Burlingame Library Board of Trustees Minutes June 16, 2019 Roll Call Trustees Present: Kerbey Altmann, Andy Blanco, Mike Nagler, Randi Murray Trustee Absent: Lisa Rosenthal Staff Present: Sidney Poland, Recorder Brad McCulley, City Librarian New Trustee: Elisabeth Ostrow II. Library Board of Trustees Minutes The Trustees unanimously approved the minutes of the May 15, 2019 Trustee Board meeting with the correction of Jeff McFadden's name. M/S/C (Murray/Altmann) III. From the Floor (Public Comments) There were not any representatives from the public who attended the Trustee meeting. IV. Statistics Highlights for adult programs were a Zine Fest for the first Friday Art Series, Historical Society Event on the Burlingame Post Office and Citizens Environmental Council program on Designing Your Own Native Plant Landscape. Total attendance was 228. Children's most popular event was Superheroes and Comic Books, a three-part program consisting of a Superhero Dance Party, Free Comic Book Day and Making Comics Workshop. Attendance for all 3 events was 313. V. Reports A. City Librarian's Report - Highlights • Acknowledging Gay Pride month in June the second annual Drag Queen Night will be held June 19th. Children's Drag Queen Story Time featuring books, music and dancing will be held June 29th. • Installation of LED lights continues with an ongoing adjustment of amount of lighting necessary for specific locations in the library. • Easton has closed once this year when the temperature reached 86 degrees internally. Closing threshold is 83 degrees. • Ebsco is replacing Gale suite of online educational resources. PLS directors voted to make this change. In addition, all PLS libraries are moving to Zino eMagines. Our library will discontinue Flipster. B. Foundation Report John Ward will host a garden tour at his home on June 30th to support Call Primrose and the Burlingame Library Foundation. C. Speaker's Series The first musical program, Jazz in the Ballroom, hosted by the Foundation was enjoyed by all who attended. Trustee Murray noted that making sponsorships available for purchase contributed to the financial success of the event. Dates of the 3 remaining Speaker Series events for 2019 - 2020 are as follows: • Lucy Kalanithi - Author Talk - September 1 Stn • Susan Orlean - Author Talk - November 3ra • Kim Sajet - National Portrait Gallery Director - January 26tn D. Trustee Account - The Trustees reviewed the expenditures for the month of April 2019. A question arose regarding the expenditure for Edelweiss. Brad will check with Jeannine regarding this issue. E. Monthly Topic - Strategic Plan Brad gave a review of the Strategic Plan citing the specific goals and the progress made by staff. Goal D: Listen to our community & share our stories was singled out as an example of a goal that reaches beyond number statistics. The purpose of the goal is to find a way to capture the outcome of the program such as what did attendees learn or take away from the presentation that was a new concept. VI. Unfinished Business Brad sent a letter to Manuel Santamaria of the Silicon Valley Foundation requesting funds for (1) new window shades for the entire building at a cost of $37,463.31 and (2) new donor wall face plates and signage for the building at a cost of $3,232.22. The Trustees approved the cost for both of these items at the May Trustee meeting VII. New Business A. Parking in the Fall • The City is closing the two parking lots on the south side of Howard to build underground parking and housing in September of 2019. 200 parking spaces will be lost. • The City Council has planned to use the upper level parking area behind the library for valet parking. • Library staff will not be able to park in any metered parking stalls in Lot A or A 3. • Library staff will retain the 16 spaces in what is known as the library parking lot which is not metered. • Brad noted that hopefully there will be alternatives for staff parking B. Review "Special Topics" for Remaining 2019 Trustee Meetings Trustee Murray requested that "Special Topics" include a separate session for adult programing. Brad will revise the schedule. C. Request for Payment of Freight Invoice for State Delivery The Trustees unanimously passed a motion to fund the YRC shipping invoice in the amount of $327.00. M/S/C (Murray/Kerbey) VIII. Action Items Brad will hand out copies of the New Commissioners Handbook to the Trustees at the July Meeting. IX. Adjournment The Meeting was adjourned at 7:00pm. M/S/C (Kerbey/Murray). The next meeting of the Library Board of Trustees will be held on July 18, 2019 in the Upper Level Meeting Room at 5:30pm. Respectfully Submitted Brad McCulley City Librarian City of Burlingame COMMENTS Please share your ideas with us! TP" V`oi flame Emall/P Library Card # Mon 7/1, 10:15 AM I have been meaning to drop you a line to say how much the Head Over Heels event was so great. I was not able to fill out the survey and just wanted to give you some quick feedback. Everyone involved was so talented. My neighbor and I especially enjoyed the Q&A after the performances. We also enjoyed the MC, I believe his name is Manuel. He is very comfortable in front of a microphone and audience! Thanks to everyone for all they did to make that evening special! Have a good summer. Kind Regards, Constance Quirk Burlingame, CA BPL Circulation and Study Room Usage June 2019 - including Auto -Renewals & App Renewals 1.800 -Main Circ Easton Circ -E-media Circ -Study Room Usage -Tech Lab Usage E-media 5,406 1.600 1.400 1.200 Easton 8,045 Main 61,112 1.000 Study Rooms 351 / Tech Lab 207 0.800 0.600 June June June June June June 2014 2015 2016 2017 2018 2019 BPL Circulation and Study Room Usage - Trailing 12 Months June 2019 - including Auto -Renewals & App Renewals -Main Circ Easton Circ E-media Circ -Study Room Usage -Tech Lab Usage 1.300 E-media Tech Lab 1.200 / Main 1.100 Easton 1.000 Study Rooms (in minutes, not sessions) 0.900 Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun 2018 2018 2018 2018 2018 2018 2018 2019 2019 2019 2019 2019 2019 Library Programs June 2019 Adult Programs 25 617 programs patrons Children's, Teen, and Easton Programs 196 6,586 programs patrons Highlights Speaker Series — Freddy Cole Jazz Concert 250 patrons Head Over High Heels 2 77 (Drag program for adults) patrons Repair Cafe 76 patrons Summer Reading Kick-offs: total of Main 325 patrons 475 Easton 150 patrons patrons Drag Queen Storytime 137 patrons Space Yoga Storytime 54 patrons City Librarian Report to Board of Trustees 16 July 2019 BURL NOAMI Personnel Updates: Comings and Goings o Welcome Volunteer Coordinator David Whitman — coming to us by way of San Mateo Public and ACT Theater in SF. David is also Passport Intake certified. o Two retirees have been hired temporarily to assist us with projects — Amy Gettle (key safe organization) and Jan Eustis (book -talks for seniors). Recruitments o The Library is looking for an hourly custodian working one day a week as an alternate for our current custodial staff. Preferably a local resident with a very flexible schedule. o Circulation will be recruiting for more Library Aides and Assistants General Updates: o Monthly Topic — Adult Svcs programming and Kanopy o Strategic Plan 2019/2020 — N/A o Passport Intake update — staff are planning a "Passport Fair" on the Library front porch — drop in photos, forms reviewed etc... with many staff in place to make it fast. o Policy — • Library Security Camera policy -- pending • Community Board Posting policy -- pending o Training — • All -Staff meeting June 20' went well — good communication was the theme and we had a good discussion about the parking issue in the Fall. These will be held quarterly. • Professional Development Day will be held Oct 14t1i in lieu of Columbus Day (with permission of Unions) o Significant Upcoming Events — • Summer Reading "Family Fun Nights" are in full swing and popular as ever. • Head Over High Heels 2 & Pride Month Drag Queen Storytime — both events were well attended successes as part of Gay Pride Month (see attached comments) • Librarian Jason Yap has started his Foundation grant funded Computer classes for Seniors, full classes and very well received. o Facilities update — 0 Staff are looking into new alternatives for "step stools" in stacks as they present an ADA issue for those in wheelchairs. o Foundation report — • John Ward Garden Tour fundraiser June 30 was a success raising approximately $2400 and many new adherents. o PLS/PLP — PLP has recently dealt with some public pushback for its use of the Gale/Cengage software "Analytics on Demand" including a Santa Cruz County Grand Jury investigation and report. LIBRARY TRUSTEES ACCOUNT DETAIL FISCAL 2018-2019 5/31/2019 Account No Name 7/ 1 / I8 Balance 5320 Copier Fund $ 12,145.15 $ 5330 General Donations $ 1,388,42 $ 5340 Duncan Collections $ 50,522.54 5350 Education and Appreciation $ 2,413,82 YTD YTD Revenue Expenses 2,469.05 $ 2,117.30 $ 200.00 $ 1,683.92 $ 2,881.78 $ 5360 Farrel (Julia) Book Fund $ 9,056.78 $ 280.81 5390 WiElert (Wayne) Fund $ 5,777,47 $ 5,777.47 Total $ 81,304.18 $ 2,949.86 $ 12,460,47 CITY OF BURLINGAME OTHER LOCAL GRANTS & DONATIONS FISCAL YEAR 2018-19 AS OF MAY 2019 5/31/2019 Transfer Balance Expense Detail (850.00) $ 11,646.90 $2117.30 Copier Lease and Expenses $ 1,588.42 $ 48,838.62 $1183.92 Sound for Speaker Series- Gavin Jones $500.00 Edelweiss Collection Development 850.00 $ 382.04 $200.00 Volunteer $5 Starucks gift cards $1831.78 Sixto's Brunch for Staff Appreciation $850.00 Cafe coupons for Staff $ 9,337.59 $ - $4986.39 Shades for Reading Room $516.08 Gavin Jones Sound $275.00 Roto Rooter for Cafe $ 71,793.57 Updated: 6/12/2019 05/31/19 - Balance YTD- YTD- Balance DEPT REV# EHP# DESCRIPTION 7/1/2018 Revenues Expenditures 5/31/2019 LIBRARY 39525 69525 Library Trustee Account 81,304.18 $ 2,949.86 12,460.47 71,793.57 Monthly Focus Topics September Web/Social Media/Marketing October Adult Svcs — eResources & collection development November Strategic Plan December Teen January SVCF Investment Update February Strategic Plan March Children April Technical Services May Strategic Plan June Web/Social Media/Marketing July Adult Svcs Programming August Strategic Plan W rXA Vfe OF -15 S9� l It Patron Privacy at Santa Cruz Public Libraries Trust and Transparency in the Age of Data Analytics Summary Libraries are one of the most trusted institutions in our country. People place librarians in the same class as doctors, nurses, firefighters, and teachers. — Erin Berman, Library Privacy Advocate The quotation from Berman reflects the importance of libraries as sanctuaries of intellectual freedom. In the Digital Age, however, the role of libraries is evolving. In an attempt to satisfy perceived patron demand, some libraries, including Santa Cruz Public Libraries (SCPL), have started using data analytics tools similar to those used by businesses to market products to consumers. Using these tools in libraries is a potential threat to patron privacy and trust. This report examines SCPL's use of third -party data analytics in relation to current California law pertaining to confidential patron data; industry best practices for patron privacy; current SCPL privacy policy and staff concerns regarding privacy, transparency, and patron consent; and the perceived usefulness of these analytical tools. The Grand Jury has concluded that SCPL management did not recognize the importance of • informing patrons how SCPL uses their personal data; • giving patrons the opportunity to consent to use of their personal data; • explaining patron data use in proposed privacy policy and online documents; • adopting best practices outlined by the American Library Association; • carefully evaluating risks versus rewards when using data analytics; • staying abreast of state laws concerning library use of patron data; and • resolving the disagreements among staff regarding the use of data analytics and its implications for patron privacy. Published June 24, 2019 Page 1 of 24 Background Although Santa Cruz County library services began in 1916, the current structure of the Santa Cruz Public Libraries (SCPL; the Library) system, created in 1996, consists of a network of ten neighborhood library branches distributed county wide, a web -based digital library, a bookmobile, and community -based programs. Last year, SCPL expenditures were about $12M ($7.6M in salaries and $4.2M in operating costs). SCPL employs about 90 full-time equivalents and serves roughly 135,000 registered patrons. All SCPL employees are City of Santa Cruz employees. The Watsonville library system is not part of SCPL and is not a subject of this Grand Jury investigation. SCPL is governed by the Library Joint Powers Authority (JPA), the agreement for which was last amended in 2015. The JPA board is currently composed of the County Administrative Officer and the city managers from Capitola, Santa Cruz, and Scotts Valley. Among other responsibilities, this board chooses the Library director and votes on approval for budget and library policies. SCPL is also guided by the Library Advisory Commission (LAC). The LAC represents the community by providing advice and feedback to the JPA board and the Library director. The LAC reviews programs and services and makes necessary recommendations as they pertain to the provision of these programs and services. The LAC consists of seven members: • Three residents of unincorporated Santa Cruz County appointed by the County Board of Supervisors. • Two Santa Cruz city residents appointed by the Santa Cruz City Council. • One Capitola resident appointed by the Capitola City Council. • One Scotts Valley resident appointed by the Scotts Valley City Council. In early 2019 the LAC recently agreed to participate in the review of library policies, including privacy policies."' As prescribed by Measure S, approved by voters in 2016, SCPL is in the midst of a massive infrastructure upgrade, which will dramatically affect all of the branches in the system. SCPL's "Strategic Plan 2017-2021: Premise and Process," published on the SCPL website, stresses the importance of finding better ways to connect with patrons. This planning document quotes former Santa Cruz Museum of Art and History Director Nina Simon's book, The Art of Relevance: The most powerful way to gain access to a new community is not by creating programming or marketing campaigns you think might fit their interests. Instead it starts with networking.... Listen to their interests and concerns. The more you understand what matters to them and what experiences they seek, the better you can assess whether and how you can connect with them. [emphasis added] Published June 24, 2019 Page 2 of 24 Using this premise of community relevance, in 2016 SCPL initiated conversations with individuals, small groups, and organizations to explore new potential directions for the Library. However, the concluding paragraphs of the SCPL's "Premise and Process" document describe the proposed use of a data analytics tool called Gale Analytics on Demand (AoD) that "allows the Libraries to have access to detailed analysis of SCPL household level data to better understand communities' and patrons' needs." There is a disconnect within the SCPL's "Premise and Process" document. The document suggests that the best way to understand patrons' interests and concerns is to ask patrons directly. Contrarily, the document advocates obtaining patron information by using a data analytics tool, which does not involve any direct interaction with patrons. There is also a conflict between how SCPL protects patron privacy and how SCPL uses patron data to "better understand communities' and patrons' needs." The Grand Jury found that SCPL did not adequately research protection of patron information when using data analytics tools. The Grand Jury also found that SCPL did not inform patrons what additional information about them was gathered and retained in the library's computer system, nor were they allowed a choice about whether they consented to SCPL gathering this information. Scope and Methodology The Grand Jury interviewed staff and management of SCPL, as well as representatives of the JPA board and the LAC. The Grand Jury also interviewed representatives of external library organizations with expertise in patron privacy and data analytics. Grand Jury members attended JPA board and LAC meetings. The Grand Jury sought legal advice in understanding specific State laws governing library mandates and requirements for handling confidential patron information. The Grand Jury reviewed the SCPL public website, budget and planning documents, internal documents and reports, operational procedures, and contracts with third parties. The Grand Jury reviewed documents from external organizations including the American Library Association (ALA), Pacific Library Partnership (PLP), Califa Group (a state-wide purchasing consortium supporting regional consortia like PLP), and the State Library Board. The Grand Jury compared and contrasted the online privacy policies of selected American libraries and conducted additional internet research concerning data analytics and library patron privacy. Published June 24, 2019 Page 3 of 24 Investigation What is Gale Analytics on Demand? Gale Analytics on Demand (AoD) is a service provided by Cengage Learning since 2014 that allows libraries to conduct socio-economic analysis of the communities they serve.0 AoD includes a suite of analytical tools for • evaluating and visualizing patron demographics, branch activity, and collection usage; • planning marketing campaigns; and • targeting voting patrons ahead of elections that could benefit the library.[$] These tools are powered by Mosaic, Experian's proprietary system of 71 socio-economic profiles ("lifestyle segments") for categorizing households in the community.L [!OIL'-] Appendix A illustrates the Mosaic system and includes a description of "Silver Sophisticates" (C-13), a well -represented lifestyle segment in Santa Cruz. To use AoD, the library exports patron information —such as physical address, date of last checkout, and number of books checked out —from its internal database to the AoD cloud service. AoD blends and augments this patron information with the Experian Mosaic profile and U.S. census data for each household. AoD then delivers the resulting aggregate data file and illustrated summary reports to the library for further analysis. The library uses this information to plan programs and services. As a result, the library holds significantly more household -level data in its computer system than patrons originally provided. A Timeline of AoD Use at SCPL SCPL first considered using AoD in late 2015, under a previous Library director. Library staff voiced concerns about patron privacy at that time. In early 2016, SCPL obtained free access to AoD through its membership in PLP, a regional library consortium in the San Francisco and Monterey Bay areas.I12-1 SCPL started AoD training with the goals of gaining insights into patron demographics and assisting in library strategic planning. In 2017 SCPL released a strategic planning document that briefly mentioned that AoD would provide "access to detailed analysis of SCPL household level data to better understand communities' and patrons' needs.""" In 2017 and 2018, SCPL staff members experimented with the program to assist in marketing and library planning work.I141 In late 2018 or early 2019 SCPL suspended its use of AoD. Staff concerns about the use of AoD triggered a series of steps to review and update the Library's privacy policies and practices. After a succession of proposed drafts dating back to November 2018, the JPA approved an update to SCPL's privacy policy on June 6, 2019.E Published June 24, 2019 Page 4 of 24 Issues Raised by the Library's Use of Data Analytics Disclosing Use of Patron Data The Grand Jury found that the undated "Information We Keep About You" document on the SCPL website�LIJ is inaccurate and incomplete. It does not describe the data returned to the Library by AoD. This tool aggregates more than 300 data factors at the household level —information not provided to the Library by the patron. These factors include household income, education levels, number and age of children, number of years at residence, spending habits, and web browsing behavior.'—'1 As discussed above, the tool then assigns one of 71 "lifestyle segments" to the household, which infer patron behaviors and interests based on socio-economic status and other factors. National standards classify these data as personally identifiable information (PII).�'$1 Less significant are inconsistencies between "Information We Keep About You" and the information actually gathered during the library card application process. Contrary to what is published on the website, the application process does not require a patron's Social Security number or the expiration date of the patron's driver license, but it does require home library branch and mobile phone carrier. Furthermore, the "Information We Keep About You" document doesn't accurately reflect the fact that SCPL retains patrons' borrowing data in the form of total number of checkouts and date of last checkout; AoD uses these two data points in addition to patron address as inputs for its data analysis process. In the April 15, 2019 meeting of the LAC, SCPL staff disclosed the use of AoD. However, the topic was not agendized, did not appear in the minutes, and the discussion did not address how the use of data analytics might impact revision of the library privacy policy. After disclosing use of AoD, Library staff informed LAC that SCPL had stopped using the tool. However, there was no discussion about how privacy concerns introduced by the use of data analytics tools could be resolved —or if they had been resolved, whether the Library would consider resuming use of AoD.2-21 23 [24l Gaining Consent from Patrons As the Library began to acquire a wide array of information on each of its patrons, and as data privacy issues appeared more frequently as headlines in the news, some of the staff were increasingly concerned that the patrons were unable to consent to this gathering and examination of additional patron information.1251 Staff made suggestions to develop a comprehensive system to clarify for patrons what data is collected by SCPL, and to allow patrons to "opt out" if they so choose. To date, these suggestions have not been implemented. 261 As will be examined in more depth in the next section of the report, California laws and regulations are silent on the need for libraries to obtain patron consent when engaging third parties. However, European Union General Data Protection Regulations (GDPR)L2L7j and California Consumer Privacy Act (CCPR),[Z-IJ which apply to businesses, could also provide guidance for libraries as they develop patron disclosure and consent policies Published June 24, 2019 Page 5 of 24 and practices. These legislative efforts provide key insights that would allow patrons to stay in control of their data, which is the key element of many of these new privacy initiatives. Management at the Library has not yet acted on staff suggestions to build a consent system for patrons. Such a system would clearly advise patrons about the data collected and how it is used, and would solicit patron consent as appropriate. The SCPL privacy policy update approved on June 6, 2019, includes the following section on the topic of choice and consent: SCPL will only collect personal information for the administration of library services. Administrative services includes creation of hold records, fine billing and collection, marketing of library programs/services and creation of organizational statistics such as SCPL circulation, website visits and WI-Fi use. Patrons may choose to provide additional data such as preserving their circulation records to maintain personal reading lists or receive reading suggestions. If a patron voluntarily chooses to provide additional information, this information will be considered confidential. SCPL will not sell, license or disclose personal information to any third party without patron consent, unless SCPL is compelled to do so bylaw.L�OJ Even with these changes, many questions remain. In the context of this investigation, two questions are especially important: Does "marketing of library programs/services" include data analytics that targets specific patron groups? If so, is patron consent required? These and related questions need to be answered before a comprehensive consent policy can be developed and used by both Library staff and its patrons to make informed choices. A consent system is useful if the library performs some action the patron might not otherwise know about. For instance, if the library gathers information about patrons from third parties to inform library planning efforts, patrons should be allowed to opt -in or opt -out of that data collection and use. In such situations, the library should explain that personal data is part of the system, how the data will be processed, and how it will be used, in clear and concise terms. An overly detailed and technical presentation can lead to patrons simply clicking through to complete the choice; an oversimplified presentation can result in patrons not actually understanding the potential consequences of participating. The privacy policy of the San Jose Public Library is a good example of how to handle this delicate balance, in the way that it addresses patron consentJ311 Understanding California Law Regarding Confidential Patron Information The Grand Jury initiated its investigation amid concern that SCPL may have violated State law by uploading patron data to the AoD cloud. As explained below, recent changes to the California Government Code should put this concern to rest. Published June 24, 2019 Page 6 of 24 The California Public Records Act, or CPRA, requires public disclosure of governmental records upon request, with certain exceptions (California Government Code, sections 6250 through 6276.48). One set of exceptions, related to the confidential records of public library patrons, is covered by Section 6267, last amended in 2011-2012 by Senate Bill No. 445 (SB 445). SB 445 defines "patron use records" (in this context, equivalent to "personally identifiable information") and clarifies the responsibilities of "private actors" (third -party vendors) employed by public libraries (Appendix B). The bill analysis of SB 445 by the Senate Judiciary Committee includes the rationale for amending Section 6267: Due to the public's increased use of electronic library resources, libraries are increasingly utilizing third parties to store and maintain electronic library records. This bill would clarify that written or electronic patron use records, as defined, stored or maintained by public libraries or third parties on behalf of public libraries should not be publicly disclosed, with certain exceptions.[ [emphasis added] The State Senate Judiciary Committee recognized that, in the current electronic environment, California public libraries and their third -party vendors share responsibility for protecting confidential patron records. However, the law as amended by SB 445 does not state whether libraries are legally responsible for the actions of third parties that they employ. Absent guidance from the law, California libraries can turn to best practices in the library community to guide them in their interactions with third -party vendors. These best practices will be discussed below. Another issue that the law does not address directly is the responsibility for managing and safeguarding confidential information that a library might acquire from a third party; an example is the Experian Mosaic profiles included in the aggregate data files that AoD returns to the library. This is an area where patron privacy law has not caught up with advances in technology. This review of California law is relevant to SCPL in several respects. When SCPL began using AoD in 2016, the Library's privacy policy, "Confidentiality of Library Records, (revised November 2010) referenced an obsolete version of Section 6267. As noted earlier, this may have contributed to concerns that the Library's use of AoD violated State law. However, the Grand Jury has concluded that the use of AoD is permitted under the 2011-2012 version of the law, provided that the third -party vendor is working in service of the library. If SCPL had been aware of the 2011-2012 changes to the law, staff and management would have also understood what constitutes "patron use records" and how libraries and third -party vendors share responsibility in protecting patron privacy. For example, AoD requires the entry of a patron's physical address; however, the law specifically includes "address" in the definition of "patron use records," requiring the Library and third parties working on its behalf to keep this information confidential. This knowledge is essential to the Library's policies and practices regarding patron privacy, patron consent, and third -party contracts. Published June 24, 2019 Page 7 of 24 Understanding the Terms of Use for AoD The Pacific Library Partnership (PLP), a consortium of 42 libraries, holds a contract with Cengage Learning allowing PLP to provide AoD to its member libraries, including SCPL. Because the contract was executed by the consortium, the member libraries using this analytical tool would not have seen the contract unless PLP shared it or individual libraries requested it. In the case of SCPL, our interviews have confirmed that the Library leadership did not obtain the actual contract until April 2019 and until then could not have been aware of the presence or absence of language protecting the interests of the Library and the privacy of its patrons) 41 Instead, the Library relied on PLP to conduct due diligence in its negotiation of the contract. When the Grand Jury requested "any licenses, agreements, or contracts for AoD," SCPL provided a link to Gale Cengage Terms of Use for all of their web -based services and related apps.LLIJ The Grand Jury was unable to determine how or why SCPL came to believe these terms applied specifically to AoD. The Grand Jury has obtained the contract between PLP and Cengage Learning3 l and concluded that it fails to explain several key points in clear and simple language, and does not address the following areas: • The confidentiality clause in the contract does not clearly state whether PLP member libraries should have access to contract's terms and conditions. • The contract does not clearly state that the PLP, its member libraries, and Cengage Learning share responsibility for understanding and applying State laws pertaining to the protection of confidential patron information. • The contract does not acknowledge that PLP member libraries retain ownership of the information they provide to the service. • The contract does not clarify ownership and sharing of the aggregate data products produced by the service. • The contract does not explain the responsibilities of Cengage Learning in the event of a data breach. • The contract does not explain how PLP or its member libraries can terminate the agreement with the assurance that all data has been removed from the system. • The contract does not provide for the removal of individual patron records, should any patrons choose to opt out. Adopting Industry Best Practices and Standards The American Library Association (ALA) is recognized as the authoritative source of best practices and standards for the library community in the United States. The Library Bill of Righ&!-'J and Intellectual Freedom ManualL1 L�19J are general resources that are continually updated. Another document, ALA "Privacy Tool Kit," provides detailed guidance on implementing policies to protect patron privacy. The recommended practices include designating a privacy officer with authority to administer privacy policies, review privacy clauses in contracts with third -party vendors, and conduct privacy auditsJ4o1 Published June 24, 2019 Page 8 of 24 ALA recommends that contracts with third -party vendors contain language that explicitly protects the interests of the library and the privacy of its patrons. In "Privacy: An Interpretation of the Library Bill of Rights," ALA explains in more detail: Libraries should not share personally identifiable user information with third parties or with vendors that provide resources and library services unless the library has obtained the permission of the user or has entered into a legal agreement with the vendor. Such agreements should stipulate that the library retains control of the information, that the information is confidential, and that it may not be used or shared except with the permission of the libraryJLJ [emphasis added] A case study from the Seattle Public Library (SPL) provides even more specific guidance on contract language. SPL attaches an addendum to the "boilerplate" contracts typically provided by third -party vendors, with language to protect confidential patron information and indemnify the library against willful violations or negligence by the third party (Appendix C).M The ALA "Privacy Tool Kit" recommends that library privacy policies emphasize choice and consent, typically by allowing patrons to opt -in or opt -out of library services that use their personal dataJL11 ALA considers patron consent to be especially important in the case of emerging technologies: It is important for libraries not to take the attitude that patrons no longer care about privacy.... Patrons may not possess the discursive language or technology terms to articulate their complaint, however, it doesn't mean that they do not care about data harvesting, data mining and sharing of their personal information behind the scenes with third parties. The lack of transparency in consent, data sharing and terms of service changes is a barrier to patron -centered service.�441 ALA policies provide little specific guidance about the use of data analytics tools. However, the following excerpt from the "Privacy Tool Kit" indicates that "big data" tools should be used with caution: It's too easy to make incorrect correlations when personally identifiable information sits side by side with other data. Unless a patron opts -in, reading records should never be correlated with patron conduct, database usage, meeting room signups, etc. Libraries should also be aware of what information may be publicly visible. Data may exchange many hands with third parties, using libraries as conduits, allowing more opportunity for privacy breaches and data mining. As stewards of patron privacy, libraries should steer away from the practice of creating aggregate data without legitimate purposes.1451 Published June 24, 2019 Page 9 of 24 In order to better understand best practices of library use of data analytics, the Grand Jury consulted the writings of an expert in the field. In her article entitled "Big Brother is Watching You: The Ethical Role of Libraries and Big Data," library privacy advocate Erin Berman describes the enticements for libraries to use data analytics: These [data analytics] companies are telling libraries that our patrons are demanding personalized services, that we are facing a future of irrelevance. Luckily for us, their products have all the answers. By tracking patron behavior we can give them the experience they have come to expect from this new digital world. Libraries can segment out our patrons, sending targeted marketing based on their behaviors, customizing our services based on what they read and what programs they attend. We will finally be able to use real data to tell our stakeholders why we are of value, so they won't withdraw our funding. This messaging is a classic anxiety stick, followed by a marketing carrot. Berman summarizes her concerns as follows: Do not jump into big data without being intentional, transparent, and having a comprehensive understanding of how the products work. Utilizing different datasets to drive decision making and analyze the work done in libraries is extremely important, but it must be done with careful attention paid towards protecting our patrons' privacy. The Library and Information Technology Association (LITA, a division of ALA) offers a number of practical stepsL1 that can be taken by libraries to improve patron privacy in the area of digital content. In particular, LITA reviews practices designed to assist in the prevention of, and response to, a possible data breach. Effectiveness of Gale Analytics on Demand in Library Planning SCPL staff relied on vendor information to conclude that AoD could be an effective tool for library planningJL11 The purported benefits of using AoD included the following: • Justifying a grant request that would help a library better serve its community • Supporting funding requests • Deciding where to open a branch • Understanding where nonpatrons are located so that the library is more likely to reach them • Communicating more effectively with patrons • Making community -oriented collection and program decisions The ALA "Privacy Tool Kit" casts doubt on the effectiveness of data analytics because "it's too easy to make incorrect correlations when personally identifiable information sits side by side with other data.""" Recently, SCPL staff demonstrated the real-time use of AoD to the Grand Jury.L�lj Members cross-checked information they knew to be correct with data returned by AoD, and found that the AoD data was incorrect. Published June 24, 2019 Page 10 of 24 The demonstration gave rise to many questions, particularly regarding underserved populations, such as the poor and homeless. AoD generated reports that indicated there is no Experian data on approximately 30% of the total patron population. These are individuals with no credit cards or credit history. There is no evidence that the AoD analysis compensates for this skewing of data. Homeless individuals frequently give the Homeless Service Center at 115 Coral St. as their address. The individuals who follow this practice all have the same physical address. A similar situation occurs with P.O. box holders, jail inmates, and children who receive library cards at school. The Grand Jury found it difficult to come up with a scenario where treating these clusters of unrelated individuals as households would produce meaningful data. On one occasion, SCPL staff used AoD to generate a report that showed the number of years patrons had lived at their current residence. The goal of this effort was to market a neighborhood history program to long-term residents of a neighborhood. But staff did not investigate the accuracy of the assumption that long-term residents are more likely to be interested than newcomers in the history of their neighborhoods. SCPL staff stated that this use of AoD did not yield the desired resultsJ12-1 Alternatively, staff might ask patrons directly about their interest in library programs. Explorations like those described above trigger the gathering and aggregation of patron data. These actions pose a risk to patron data, regardless of whether the data produced leads to successful planning exercises or marketing campaigns for the Library. Library Staff Concerns About the Use of Data Analytics Grand jury interviews indicated that Library staff have had ongoing concerns about several aspects of using AoD and data analytics in general: inconsistencies with Library's privacy policy; failure to inform patrons and gain their consent; and legal and ethical issues concerning confidential patron information shared with third parties. As early as 2015, SCPL staff voiced concerns that AoD use constituted a possible violation of patron privacy!L11 These concerns were brought to the attention of three successive Library directors but have not been resolved. SCPL typically responded to these concerns by referring staff to the vendor. In June 2018, for example, the vendor answered a SCPL inquiry as follows: • Gale does not personally handle the library data. There is no need for someone outside the library to manually review, handle, or receive files, like there is with other services. All data is submitted to the tool directly by the library. In other words, there is no data being "exchanged with third parties, " as the statement from ALA cautions against. • When the tool generates reports, the library can delete the report at their discretion. There is nothing maintained by us or a 3rd party. • The only information AOD requires to function, is an address. We do not require a name or any other identifiable information that is not public record.LI Published June 24, 2019 Page 11 of 24 The Grand Jury and some of the SCPL staff disagree with this assessment and believe that Gale Cengage is a third party that receives and augments patron personal information. AoD proponents among the staff accepted and relied on the above explanation of patron data use without performing an independent investigation into whether these statements were accurate. SCPL management also acknowledged that some risk associated with AoD use might be necessary to remain competitive in the marketplace.L1 SCPL staff also expressed concerns that patrons were not informed or given a choice regarding AoD use of patron data. Some questioned whether the Library should be run like a commercial venture vying for patron market share.121J The Grand Jury concluded that these differences of opinion were not adequately addressed within the Library, and the lack of resolution contributed to difficulties in developing and implementing a relevant and timely privacy policy and practice. Conclusion SCPL faces many complex challenges in the years ahead.These include rebuilding infrastructure, accommodating potential budget and staffing shortfalls, and satisfying rapidly changing patron needs and expectations. Despite the stresses of these circumstances, and differing visions for the Library, SCPL staff uniformly demonstrated professionalism, dedication, passion for their institution, and unflagging service to patrons. Public libraries like SCPL are sanctuaries of intellectual freedom. In response to the Digital Age, however, the role of libraries is evolving. People can now use internet search engines to get information, rather than visiting the library or calling a reference librarian. To stay relevant yet true to one of their core missions, serving the underserved, libraries have begun placing more emphasis on services such as computer training and access to electronic media, educational programs and community meetings, and referrals for at -risk patrons to social and government programs. In an attempt to satisfy perceived patron demand, some libraries, including SCPL, have also started using data analytics tools similar to those used by businesses to market products to consumers. Using these tools in libraries is a potential threat to patron privacy and trust. This report has examined SCPL's use of third -party data analytics in relation to current California law pertaining to confidential patron data; industry best practices for patron privacy; current SCPL privacy policy and staff concerns regarding privacy, transparency, and patron consent; and the perceived usefulness of these analytical tools. The Grand Jury has concluded that SCPL management did not recognize the importance of • informing patrons how SCPL uses their personal data; • giving patrons the opportunity to consent to use of their personal data; Published June 24, 2019 Page 12 of 24 • explaining patron data use in proposed privacy policy and online documents; • adopting best practices outlined by the ALA; • carefully evaluating risks versus rewards when using AoD; • staying abreast of state laws concerning library use of patron data; and • resolving the disagreements among staff regarding the use of AoD and its implications for patron privacy. Findings F1. The use of Gale Analytics on Demand by Santa Cruz Public Libraries was inconsistent with the Library's long-standing policy on Confidentiality of Library Records (policy 303, adopted February 2006; revised November 2010) and companion document, "Information We Keep About You." F2. The use of Gale Analytics on Demand, or any other data analytics tool, by Santa Cruz Public Libraries is not clearly addressed in the Library's newly revised policy, Confidentiality of Library Records & Patron Data Privacy Policy (policy 303, adopted June 6, 2019). F3. Santa Cruz Public Libraries did not adequately inform its patrons about the Library's use of Gale Analytics on Demand or obtain their consent for this use. F4. Santa Cruz Public Libraries used Gale Analytics on Demand without adequately considering the patron privacy aspects of current California law. F5. Santa Cruz Public Libraries used Gale Analytics on Demand without examining the contract for this service, thus raising potential liability issues related to data ownership, data breaches, and patron privacy. F6. The contract is unclear and does not contain language that protects the interests of the Pacific Library Partnership, its member libraries, and their patrons. F7. The use of Gale Analytics on Demand by Santa Cruz Public Libraries is inconsistent with best practices in the library community regarding patron privacy. F8. Santa Cruz Public Libraries used Gale Analytics on Demand without adequately evaluating the effectiveness of the tool. F9. The use of Gale Analytics on Demand by Santa Cruz Public Libraries has created disagreement among Library staff concerning the traditional responsibility of libraries to protect patron privacy, the validity of data analytics as a planning tool, and potential security vulnerabilities of the system. Recommendations R1. Santa Cruz Public Libraries (SCPL), in coordination with the Library Advisory Commission (LAC) and Library Joint Powers Authority (JPA) board, should revisit the Library's revised privacy policy (adopted June 6, 2019) to specifically address the use of data analytics and other tools utilizing patron information. (F1—F4, F7) R2. SCPL should implement a system for obtaining and managing patron consent for data analytics and other tools that use patron information. (F3) Published June 24, 2019 Page 13 of 24 R3. SCPL management and staff, in coordination with LAC and the JPA board, should stay abreast of changes to state law, especially as it concerns patron privacy and evolving technology, and update Library policies and practices in response to such changes. (F4) R4. SCPL should review the contracts for all third -party digital services used by the Library, including those provided by library consortia. (F5, F6) R5. SCPL should adopt guidelines and practices suggested by the American Library Association with regard to patron privacy and data analytics services. (F7) R6. SCPL should designate a data privacy officer and give this officer full authority and responsibility to implement and enforce the privacy policy, and to periodically report to the SCPL director, JPA board, LAC, and the public. (F7) R7. SCPL should perform a meaningful evaluation of any tool that uses patron information to determine if the benefits outweigh the risks to patron privacy. (F8) R8. SCPL should offer workshops for patrons to explain how the Library uses patron information and to explore related privacy issues. (F3, F4) Required Responses Respondent Findings Recommendations Respond Within/ Respond By Director, Santa Cruz F1—F9 R1—R8 90 Days Public Libraries September 23, 2019 Library Joint Powers F1—F5, F7 R1, R3, R6 90 Days Authority Board September 23, 2019 Requested Responses Respondent Findings Recommendations Respond Within/ Respond By Library Advisory F1—F4, F7 R1, R3, R5 90 Days Commission September 23, 2019 Abbreviations and Acronyms • ALA: American Library Association • AoD: Gale Analytics on Demand • JPA: Joint Powers Authority • LAC: Library Advisory Commission • PIL Personally Identifiable Information • PLP: Pacific Library Partnership • SCPL: Santa Cruz Public Libraries Published June 24, 2019 Page 14 of 24 Sources Notes 1. Erin Berman. May 2, 2018. "Big Brother is Watching You: The Ethical Role of Libraries and Big Data." Accessed June 17, 2019. https://chooseprivacyeveryday.org/the-ethical-role-of-libraries-and-big-data/ 2. "About the Library," Santa Cruz Public Libraries. Accessed June 17, 2019. https://www.santacruzpl.org/aboutscpl/ [see links to "Library Boards," "Planning Documents," and "Governance & Funding"] 3. Grand Jury interviews and documents received. 4. Santa Cruz Public Libraries. January 2017. "Santa Cruz Public Libraries Strategic Plan 2017-2021: Premise and Process." Accessed June 17, 2019. https://www.santacruzpl.org/files/library_administration/documents/PremiseandProc essStrategicPlan.pdf 5. Santa Cruz Public Libraries. January 2017. "Santa Cruz Public Libraries Strategic Plan 2017-2021: Premise and Process." Accessed June 17, 2019. https://www.santacruzpl.org/files/library_administration/documents/PremiseandProc essStrategicPlan.pdf 6. Santa Cruz Public Libraries. January 2017. "Santa Cruz Public Libraries Strategic Plan 2017-2021: Premise and Process." Accessed June 17, 2019. https://www.santacruzpl.org/files/library_administration/documents/PremiseandProc essStrategicPlan.pdf 7. Matt Enis, "Gale Releases Analytics on Demand, a Demographic GIS for Libraries," Library Journal, April 10, 2014. Accessed June 17, 2019. https://www.Iibrary-Oourna1.com/?detaiIStory=gale-releases-analytics-on-demand-a-de mographic-gis-for-libraries 8. Gale, A Cengage Company. 2019. "Gale Analytics: Data -Driven Decision Making." Accessed June 17, 2019. https://www.gale.com/databases/gale-analytics 9. Experian Information Solutions, Inc. December 2018. "Mosaic USA: Your Customer Segmentation Solution for Consistent Cross -Channel Marketing." Accessed June 17, 2019. https://www.experian.com/assets/marketing-services/product-sheets/mosaic-usa.pdf 10. Experian is one of the three major consumer credit reporting companies in the United States. 11. Gale, A Cengage Company. December 18, 2015. "Opportunity with Patron Profiles as Told by Users —Gale Analytics on Demand" [video]. Accessed June 17, 2019. https://www.youtube.com/watch?v=DOogU 1 dvuTk&list=PLaWzTROskkl PzPMeA7x3 knE-HkRNvfGaL&index=2 [See 3:30 mark for remarks by David Ziembiec, Gale Western Region District Manager, Analytic Solutions.] 12. Grand Jury interviews. Published June 24, 2019 Page 15 of 24 13. Santa Cruz Public Libraries. January 2017. "Santa Cruz Public Libraries Strategic Plan 2017-2021: Premise and Process." Accessed June 17, 2019. https://www.santacruzpl.org/files/library_administration/documents/PremiseandProc essStrategicPlan.pdf 14. Grand Jury interviews. 15. Staff concerns were documented in Grand Jury interviews and documents received. The long-standing SCPL privacy policy, "Confidentiality of Library Records" [policy 303, adopted February 2006, revised November 2010], has been superseded by "Confidentiality of Library Records & Patron Data Privacy Policy" [policy 303, adopted June 6, 2019]. The JPA board approved the revised policy at its June 6, 2019 meeting, which was attended by a member of the Grand Jury (see meeting agenda, pages P57—P63: https://www.santacruzpl.org/files/library boards/documents/LJPA/LJPA_2019-06-06 _agenda_e5KpLUO.pdf) The revised policy is now posted on the SCPL website: https://www.santacruzpl.org/files/docs/policies/303_confidentiality-library-records.pdf 16. Santa Cruz Public Libraries. "Information We Keep About You." Accessed June 17, 2019. https://www.santacruzpl.org/files/policies/documents/related_Information_We_Keep _about_You.pdf 17. Experian Information Solutions, Inc. December 2018. "Mosaic USA: Your Customer Segmentation Solution for Consistent Cross -Channel Marketing." Accessed June 17, 2019. https-//www.experian.com/assets/marketing-services/product-sheets/mosaic-usa.pdf 18. Erika McCallister, Tim Grance, and Karen Scarfone, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII): Recommendations of the National Institute of Standards and Technology (National Institute of Standards and Technology Special Publication 800-122, April 2010). Accessed June 17, 2019. https://nvlpubs.nist.e ov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf 19. Becky Yoose, "Balancing Privacy and Strategic Planning Needs: A Case Study in De -Identification of Patron Data," Journal of Intellectual Freedom and Privacy 2, no. 1 (2017). Accessed June 17, 2019. https://journals.ala.org/index.php/m/mifp/article/view/6250/8392 In the Background section of her article, Yoose summarizes the National Institute of Standards and Technology (NIST) definition of PII, which has two parts: PII-1 is information that can directly identify an individual; PII-2 is information about activities that can be linked back to the individual. 20. Santa Cruz Public Libraries. April 10, 2018. "Borrower Information Form." Accessed June 17, 2019. https://www.santacruzpl.org/media/pdf/borrow-reg-form-eng.pdf 21. Grand Jury interviews and documents received. 22. Santa Cruz Public Libraries. "Library Advisory Commission, Regular Meeting, Monday, April 15, 2019" [agenda]. Accessed June 17, 2019. https://www.santacruzpl.org/files/library_boards/documents/LAC/LAC_2019-04-15_a genda_fineZE2R.pdf Published June 24, 2019 Page 16 of 24 23. Santa Cruz Public Libraries. "Library Advisory Commission, Regular Meeting Minutes, Monday, April 15, 2019." Accessed June 17, 2019. https://www.santacruzpl.org/files/library board s/documents/LAC/LAC_2019-04-15_ minutes.pdf 24. Santa Cruz Public Libraries. "Library Advisory Commission, Regular Meeting, Monday, April 15, 2019" [audio recording]. Accessed June 17, 2019. https://www.santacruzpl.org/files/library board s/documents/LAC/LAC_2019-04-15_a udio.mp3 [See 34:00, 48:00, 49:00, 50:00, and 55:00 marks.] 25. Grand Jury interviews and documents received. 26. Grand Jury interviews. 27. European Commission. "2018 Reform of EU Data Protection Rules." Accessed June 17, 2019. https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-prote ction/2018-reform-eu-data-protection-rules_en 28. "Assembly Bill 375: Privacy: Personal Information: Businesses (2017-2018)" [text], California Legislative Information. Accessed June 17, 2019. https://Ieainfo.leaislature.ca.aov/faces/billTextClient.xhtml?bill_id=201720180AB375 29. Grand Jury interviews and review of SCPL website. https://www.santacruzpl.ora 30. Santa Cruz Public Libraries. "Santa Cruz City/County Libraries, Joint Powers Authority Board, Regular Meeting, Thursday, June 6, 2019" [agenda, page P581. Accessed June 17, 2019. https://www.santacruzpl.org/files/li bra ry_ board s/documents/LJ PA/LJ PA_2019-06-06 _agenda_e5KpLUO.pdf 31. San Jose Public Library. "Our Privacy Policy." Accessed June 17, 2019. https://www.sj pl.org/privacy/our-privacy-poliQy 32. "Senate Bill 445: California Public Records Act: Library Records (2011-2012)" [bill analysis], California Legislative Information. Accessed June 17, 2019. http://Ieainfo.leaislature.ca.gov/faces/billAnalysisClient.xhtml?bill_id=201120120SB4 45 33. Santa Cruz Public Libraries. 2010. "Confidentiality of Library Records" [policy 303, adopted February 2006, revised November 2010]. This long-standing policy has been superseded by "Confidentiality of Library Records & Patron Data Privacy Policy" [policy 303, adopted June 6, 2019], which is now posted on the SCPL website: https://www.santacruzpl.org/files/docs/policies/303_confidentiality-library-records.pdf 34. Grand Jury interviews. 35. Cengage. January 2019. "Gale Cengage Terms of Use." Accessed June 17, 2019. https://www.cengage.com/legal/terms-gale 36. Document received by the Grand Jury: "Subscription and Hosting Services Agreement" [Cengage Learning]. 37. American Library Association. January 29, 2019. "Library Bill of Rights." Accessed June 17, 2019. http://www.ala.org/advocacy/intfreedom/librarybiLlI Published June 24, 2019 Page 17 of 24 38. "Intellectual Freedom Manual, Ninth Edition," American Library Association Store. Accessed June 17, 2019. https://www.alastore.ala.org/content/intellectual-freedom-manual-ninth-edition 39. Helen Adams, "Updating the Intellectual Freedom Manual," Knowledge Quest, April 2, 2018. Accessed June 17, 2019. https://knowledgequest.aasl.org/updating-the-intellectual-freedom-manual/ 40. American Library Association. "Privacy Tool Kit." Accessed June 17, 2019. http://www.ala.org/advocacy//privacy/toolkit 41. American Library Association. July 1, 2014. "Privacy: An Interpretation of the Library Bill of Rights." Accessed June 17, 2019. http://www.aIa.org/advocacy/intfreedom/librarybiII/interpretations/privacy 42. Becky Yoose, "Balancing Privacy and Strategic Planning Needs: A Case Study in De -Identification of Patron Data," Journal of Intellectual Freedom and Privacy 2, no. 1 (2017), Appendix. Accessed June 17, 2019. https://journals.ala.org/index.php/ i�fp/article/view/6250/8392 43. American Library Association. "Developing or Revising a Library Privacy Policy" [Privacy Tool Kit 4 of 9]. Accessed June 17, 2019. http://www.ala.org/advocacy//privacy/toolkit/policy 44. American Library Association. "Developing or Revising a Library Privacy Policy" [Privacy Tool Kit 4 of 9]. Accessed June 17, 2019. http://www.ala.org/advocacy//privacy/toolkit/policy 45. American Library Association. "Developing or Revising a Library Privacy Policy" [Privacy Tool Kit 4 of 9]. Accessed June 17, 2019. http://www.ala.org/advocacy/privacy/toolkit/policy 46. Erin Berman. May 2, 2018. "Big Brother is Watching You: The Ethical Role of Libraries and Big Data." Accessed June 17, 2019. https://chooseprivacyeveryday.org/the-ethical-role-of-libraries-and-big-data/ 47. Erin Berman. May 2, 2018. "Big Brother is Watching You: The Ethical Role of Libraries and Big Data." Accessed June 17, 2019. https://chooseprivacyeveryday.org/the-ethical-role-of-libraries-and-big-data/ 48. Library and Information Technology Association. "Library Privacy Checklist 3: E-Book Lending and Digital Content Vendors." Accessed June 17, 2019. http://www.ala.org/lita/advocacy//privacy/library-privacy-checklists/e-book-lending-an d-digital-content-vendors 49. Grand Jury interviews and documents received. 50. American Library Association. "Developing or Revising a Library Privacy Policy" [Privacy Tool Kit 4 of 9]. Accessed June 17, 2019. http://www.ala.org/advocacy//privacy/toolkit/policy 51. Grand Jury interviews. 52. Grand Jury interviews. 53. Documents received by the Grand Jury. Published June 24, 2019 Page 18 of 24 54. Documents received by the Grand Jury. 55. Grand Jury interviews and documents received. 56. Grand Jury interviews. 57. Experian Information Solutions, Inc. December 2018. "Mosaic USA: Your Customer Segmentation Solution for Consistent Cross -Channel Marketing." Accessed June 17, 2019. https://www.experian.com/assets/marketing-services/product-sheets/mosaic-usa.pdf 58. "Mosaic USA: Segmentation," Experian, Accessed June 17, 2019. https://www.segmentationportal.com/us 59. "Senate Bill 445: California Public Records Act: Library Records (2011-2012)" [text], California Legislative Information. Accessed June 17, 2019. http://Ieginfo.legislature.ca.gov/faces/biIINavClient.xhtml?bill_id=201120120SB445 60. Becky Yoose, "Balancing Privacy and Strategic Planning Needs: A Case Study in De -Identification of Patron Data," Journal of Intellectual Freedom and Privacy 2, no. 1 (2017), Appendix. Accessed June 17, 2019. https://Oournals.ala.ora/index. php//jifp/article/view/6250/8392 Site Visits • Joint Powers Authority meetings (various locations): 12/6/18; 1/10/19; 2/7/19; 3/7/19; 5/2/19; 6/6/19 • Library Advisory Commission meetings (various locations): 11/19/18; 2/11/19; 4/15/19; 5/20/19 • SCPL CyberSecurity Class (Aptos branch library): 10/30/18 • Felton Library Open House 3/16/19 Websites • American Library Association: http://www.ala.org • Pacific Library Partnership: http://pllpinfo.org/ • Santa Cruz Public Libraries: https://www.santacruzpl.org/ Published June 24, 2019 Page 19 of 24 Appendix A Experian Mosaic Groups and Segments with Nationwide Percentages[LIJ Mosaic USA group and type structure 6 1 Experian Marketing Services Published June 24, 2019 Page 20 of 24 Experian Mosaic Groups and Segments with Nationwide Percentages (cont.) Mosaic° USA { 7 Published June 24, 2019 Page 21 of 24 Description of Experian Mosaic Silver Sophisticates SegmentL1 Silver Sophisticates are a mix of older and retired couples and singles living in suburban comfort. All but a small percentage of households are empty nests. Members of Silver Sophisticates live in upscale neighborhoods located near big cities and are highly educated. Typically, there is at least one retiree in the household, and those who are still in the workforce have well -paying technical and professional service jobs. They can afford to buy older, stylish homes worth upwards of half a million dollars. With the luxury of both time and money, these households pursue leisure -intensive lifestyles. They like to dine out, go to plays and concerts and shop for decorative antiques. They travel often, both on cruises and flights abroad to experience other cultures. These are fitness -minded households whose members typically belong to health clubs where they can be found walking, using cardio machines and pedaling stationary bicycles. Relaxation at home typically involves a book or Kindle. Silver Sophisticates describe themselves as brand loyal in the marketplace. They like to buy clothes and housewares in high -end stores as well as through catalogs and online. Acknowledging their technological anxiety, they rarely buy trendy consumer electronics. They do, however, like to buy premium cars, typically new imported models. Self -described "smart greens'; they also look for products that are made or packaged using recycled materials. This is a segment where traditional media still reigns supreme. Silver Sophisticates are into news; they are avid newspaper readers and tune in to radio newscasts. They subscribe to specialty magazines that cover cooking or cars. They have an above -average interest in TV and are particularly fond of news broadcasts, history programs, movies and political commentary. The internet is their first place they turn for practical activities like travel planning, researching stocks and doing medical research. Just don't ask them to send a tweet, update their status or play a video game. Unlike other older segments, Silver Sophisticates are relatively liberal in their views, although they have a fairly equal split in support for the Republican, Democrat and Independent parties. Silver Sophisticates support environmental causes, equal rights for women and other progressive social issues. They are also active in the community and see themselves as members of the global village. They worry about international issues and volunteer for community groups. They also donate to a variety of charities involved with health, social services, education, politics, the environment, the arts and public broadcasting. Silver Sophisticates can afford to be philanthropic. These folks have amassed large nest eggs from diversified portfolios. They have high rates for owning retirement accounts like IRAs and Keoghs. They carry a number of credit cards, in part to take advantage of the rewards programs. After all, they never know when they might come across the perfect offer for a cool restaurant or a hot ticket to a Broadway show. Published June 24, 2019 Page 22 of 24 Appendix B California Government Code, Section 6267, as Amended by SB 445 (2011-2012) 6267. All patron use records of any library which is in whole or in part supported by public funds shall remain confidential and shall not be disclosed by a public agency, or private actor that maintains or stores patron use records on behalf of a public agency, to any person, local agency, or state agency except as follows. - (a) By a person acting within the scope of his or her duties within the administration of the library. (b) By a person authorized, in writing, by the individual to whom the records pertain, to inspect the records. (c) By order of the appropriate superior court. As used in this section, the term "patron use records" includes the following: (1) Any written or electronic record, that is used to identify the patron, including, but not limited to, a patron's name, address, telephone number, or e-mail address, that a library patron provides in order to become eligible to borrow or use books and other materials. (2) Any written record or electronic transaction that identifies a patron's borrowing information or use of library information resources, including, but not limited to, database search records, borrowing records, class records, and any other personally identifiable uses of library resources information requests, or inquiries. This section shall not apply to statistical reports of patron use nor to records of fines collected by the library. [emphasis added to indicate changes from SB 445] Published June 24, 2019 Page 23 of 24 Appendix C Sample Contract Addendum from the Seattle Public Library (SPL) A provider of services to SPL will not reveal or disclose any data or records, either physical or electronic, which are designated as confidential by the Library or which pertain to SPL patrons when such data or records could be used in any manner to identify a Library patron or any references or materials that a specific Library patron accesses. A provider of services to SPL must treat all the designated or individually identifiable SPL records as confidential and protected. Encryption of such data while in motion or at rest, and restricting access to confidential data, are typical methods of data protection. No SPL records or data shall be released by the provider to any third party without the prior written consent of the SPL. In the event that the provider violates this addendum, then said provider agrees to indemnify, defend and hold harmless SPL and its employees from and against any losses, costs, expenses, liabilities (including attorney's fees), penalties and sanctions arising out of or relating to such violation. This addendum does not limit the provider's liability as specifically established under law. The Parties hereto agree that this amendment modifies, changes, amends and has precedence over any contradictory language in the contract between the Parties. [emphasis added] Published June 24, 2019 Page 24 of 24 BPL Kanopy Stats Month Plays Cost per play Kanopy Kids $5/month for unlimited plays Monthly Invoice January 2019 81 $2 $162 February 2019 124 $2 $248 March 2019 76 $2 $152 April 2019 132 $2 $264 May 2019 167 $2 5 ($25 total) $359 June 2019 159 $2 3 ($15 total) $313 BPL Kanopy Stats