Privacy Policy
Montgomery County Library & Information Network Consortium
MCLINC's privacy policy states what personally
identifiable information is collected on our websites, workstations and
network. It explains how we use that
information, with whom we share the information, and how users can exercise control
over their personal information. This
policy is related to another policy called "Request for Records at MCLINC,"
located on our website at: http://www.mclinc.org/RequestForRecords.htm. The Request for Records policy defines personally
identifiable information collected for internal use at MCLINC, the laws with
which MCLINC must comply, and the process for legally requesting
access to those records.
What is the information being collected by MCLINC and why?
MCLINC collects no personal or private information unless
you voluntarily supply it.
A.
Websites
- MCLINC
logs inbound http traffic using standard logs.
Logfiles of http visits to the MCLINC website are retained
indefinitely as space permits. Activity
logged includes: date, time, web pages accessed and browser type and
version. The online catalog website
maintains logfiles which are retained for one month, and include date, time,
user IP address, pages accessed and browser type and version. The online catalog does not log information
retrieved while using the Public Access (patron account) portion of the
website. No personal data is collected
about the reserves you place or cancel, or books you renew online. Website logging is used by MCLINC
to make decisions about network support or expansion, and is periodically
shared with third parties who may be contracted by MCLINC to perform data
analysis. Logs are not reviewed on a
regular basis unless specific information is required.
B.
Public
Workstations - Many public workstations are offered without requiring users to
identify themselves. Some member
libraries of MCLINC monitor workstation activity, and some
libraries require sign-ups or registration for workstation use. Some member libraries do require users to
present borrower cards upon sign-up; to learn the information requested of each
user, please contact the member library directly. Website visits are monitored centrally unless expressly
prohibited by a member library. While
this monitoring provides a list of which workstation visits which URL, no
personally identifiable information can be attached to this data unless used in
combination with a sign-sheet or procedure.
Data on the central server is stored in logfiles for seven days. After the seventh day, the earliest file is
deleted automatically.
Some member libraries
require that library cards be presented in order to use public
workstations. Please be aware that
library cards do carry links to personally identifiable data, but only on the MCLINC
network. For more information about how
the member library protects your privacy in this instance, please contact the
Director of the member library where library cards are required. Remote database vendors have no access to
the personal data attached to your card number, unless explicitly contracted in
order to provide a specific library service.
In some cases, the presence of blocks in a patron record may be checked
by the remote vendor, and may prevent user access to a remote database service.
A list of member libraries
is available on the MCLINC website at http://www.mclinc.org/members.htm
We recognize the public has
a role to play in protecting privacy.
Inputting your personally identifiable information at public
workstations within MCLINC is strongly discouraged. Workstation settings vary from library to library, but MCLINC
encourages the following standards: 1)
AutoComplete (the process of setting a workstation to "remember"
frequently used terms or web addresses) is advised to be turned off; 2) the
History of web pages visited on each workstation is advised to be emptied upon
reboot, or daily. Please be advised
that history is retained and the pages you have visited may be reviewed for
periods between reboots or until the 24-hour clock has elapsed from the last
reboot.
Cookies are used by MCLINC. Cookies are small data files that are stored
on our public workstation hard drives for several reasons. Cookies on our public workstations do not
provide any data reflecting an individual library user. Workstation cookies are not collected or
stored at any other location on the MCLINC network. The library online catalog generates
"per session" or "in-memory" cookies only. These are used to facilitate retrieval and
display of data and page formatting, and are deleted when you exit the
browser. MCLINC places no
permanent cookies on your home computer.
Permanent cookies are set on
public workstations to facilitate return visits or authentication with remote databases. Examples of remote databases are those found
on the MCLINC website at http://www.mclinc.org/RemoteDatabases.htm. MCLINC recommends that member
libraries discard cookies every month unless the cookie is a permanent cookie
needed by a third party database vendor contracted by MCLINC or the member
library, however this is subject to local library practice.
Links to other websites are
provided on both the mclinc.org and online catalog (spica.mclinc.org/polaris)
website. These links are provided to
enhance your ability to connect to related information you may need. Please note that MCLINC does not endorse,
and cannot be responsible for any information found or collected on sites that
are not hosted by MCLINC. Be sure to read
the privacy policy at linked websites to learn how your personally identifiable
information will be treated.
How does MCLINC
use the personally identifiable information that is collected?
MCLINC does not rent or share any personally identifiable
information with any other party.
Information provided to MCLINC is collected by the library
automation system and stored on servers located at headquarters. Our sole purpose for collecting your
personal information is to conduct library business. For example, your personal information is used to track borrowed
materials, to contact you by phone, email, or U.S. mail to announce reserve or
overdue materials, or for other library-related business.
How long is personally identifiable information
stored at MCLINC?
MCLINC policy is to delete all expired borrower’s records
three years after the expiration date with no further activity, and three years
after the payment of all fines with no further activity. Records of all unpaid
fines and fees, or unreturned materials are kept indefinitely.
How can users change or correct personally
identifiable information?
Personally identifiable information may be changed by
requesting the change in person, or through a login to your patron account from
the online catalog. Staff members at
any MCLINC
member library have the ability to update your account. To protect your privacy, changes to personal
account information are not accepted by phone, mail or email. A user may change his or her password
online, but only if the original password is still known to the user. Users who forget their passwords must prove
their identity in person, and request that a staff member reset the password in
the online system. Patrons may then
create a new password at the login page of the online catalog.
How does MCLINC
protect your personally identifiable information?
Every effort is taken to ensure that your
information is safe from unauthorized access.
MCLINC uses a combination of physical, administrative and
electronic security measures to protect your personally identifiable
information. For example, access to MCLINC equipment at headquarters is
restricted by key to authorized personnel; patron passwords are never assigned
by phone; ; and strict network perimeter security procedures are maintained.
Where are complaints or questions about this policy
to be directed?
Complaints or questions about this privacy policy
may be directed to Maryam Phillips, System Administrator:
By email: webmaster@mclinc.org
By phone: 610-238-0580
By mail: Montgomery County Library &
Information Network Consortium
301 Fayette Street 2nd
floor
Conshohocken, PA 19428.
All communication received by the System Administrator will be forwarded to the attention of the Board of Directors for discussion and/or action at the next regularly scheduled meeting. Click here for a current list of the Board of Directors.
Adopted: November 21, 2003
Revised:
February 20, 2004
Revised: November 17, 2006