November 17, 2006




This policy defines MCLINC decisions on the collection, storage, access, and use of patron/user data on MCLINC servers. Since MCLINC operates in a centralized environment (using client-server applications) this policy addresses collection, storage and use of information at MCLINC headquarters. Members of MCLINC may have different local policies for web servers located in member libraries. For local privacy policy information, the member Library Director should be contacted directly. The current list of member libraries may be found on the MCLINC web site at


MCLINC is subject to the confidentiality and privacy provisions of state and federal laws, specifically:






24 P.S. 4428  


[P.S.]  4428.  Library circulation records


Records related to the circulation of library materials which contain the names or other personally identifying details regarding the users of the State Library or any local library which is established or maintained under any law of the Commonwealth or the library of any university, college or educational institution chartered by the Commonwealth or the library of any public school or branch reading room, deposit station or agency operated in connection therewith, shall be confidential and shall not be made available to anyone except by a court order in a criminal proceeding.



In addition, state and local policies may be superceded by the provisions of the USA Patriot Act.





Filter Software


No information about user visits to web sites monitored by this server will be retained or archived beyond seven days. All data older that 7 days is automatically purged from the system. Access to the filter server's monitoring program is restricted to MCLINC staff only and requires the Administrator-level privileges. (November 15, 2002)


Polaris Application and SQL Server


Physical access to the Polaris Application is restricted to MCLINC staff or Polaris Library Systems staff only and requires Administrator-level privileges. The SQL Server database contains all patron and item records, as well as the current status of transactions in the library database. Information stored does include personally identifiable information supplied by borrowers. Examples of personally identifiable information include borrower names, addresses, social security numbers, driver license numbers, etc. The library database is stored in a Microsoft SQL 2000 database. Access to the data by library staff is managed by client connections from the local libraries. Library staff does not have access to the raw data found in the SQL tables. The entire database is backed up on a nightly basis, 7 days per week. A One Week tape set is rotated. Data from the same day of the prior week is overwritten one week later. Therefore at any given time, MCLINC has no record of transactions occurring earlier than 7 days, unless a special condition applies which requires the system to retain borrower data, e.g. unexpired loan period, unfilled reserve requests, overdue items which remain linked to borrower names and barcodes, or personal reading histories requested by patrons to be retained. Physical access to the Polaris SQL server is restricted to MCLINC staff or Polaris Library Systems staff only and requires Administrator-level privileges.


Polaris Web Server


User logging is enabled in Internet Information Services, therefore typical use logs are found on the Polaris Web Server, but no third party software has been purchased to monitor or interpret the data collected. Information stored includes source IP, date/time of visit, server and target page, browser and operating system of user (but no personally identifiable information). Log files are currently archived for one month. Physical access to the Polaris Web server is restricted to MCLINC staff or Polaris Library Systems staff only and requires the Administrator-level privileges.







In the event of requests by law enforcement agents for MCLINC records, MCLINC has established the following chain of authority for responding to the request(s). Response to requests will depend on the supporting documents presented by the law enforcement officer.








MCLINC staff does not release any information without legal documentation to support the request.


MCLINC staff will comply as soon as possible. If the System Administrator is unavailable, a response will be provided on the next business day. Upon notice, MCLINC will preserve any data which would otherwise have been automatically destroyed as of the subpoena date.

Search Warrant

MCLINC staff will comply immediately and provide the information requested. MCLINC will request that compliance does not include the removal of Mission-Critical hardware, as that will cripple the network andresult in the cessation of library service to the public.

Chain of Command


1.      All inquiries shall begin with the System Administrator of MCLINC. Inquiries received by member libraries shall be referred to MCLINC unless specifically local to the library, and not the overall system.


2.      If the System Administrator is away from the office and the request is for immediate action, MCLINC staff shall make an attempt to contact the System Administrator. If the System Administrator cannot be reached, the President of the Board shall be contacted by MCLINC support staff and will advise staff on the appropriate response.


3.      If the request does not require immediate action, and the MCLINC System Administrator will return to the office within one business day, MCLINC support staff will defer any action until his/her return.


4.      MCLINC shall immediately notify the President of the Board when an inquiry is received.


5.      The President shall notify the Board of the inquiry and any action taken in response.


Chain Of Custody


In the event of requests by law enforcement agents for MCLINC records, MCLINC has established the following chain of authority for supplying physical evidence.


1.      All transfers of physical evidence (electronic records) into the hands of law enforcement authorities shall be managed by the MCLINC System Administrator.


2.      The law enforcement agent will supply a receipt or inventory of any records or equipment collected from MCLINC.


3.      A copy of the electronic records shall represent physical evidence wherever possible. Copies may include backup media, screen shots or reports from the system software.


4.      Copies do not include the original database of records or hardware upon which the records reside. Removing the original records and/or hardware will present a hardship, by preventing MCLINC from conducting library service for an extended period of time.


5.      Original records and/or equipment will be provided only if no other means of records transfer is possible, and only if accompanied by a duly authorized warrant.


Questions about any of the information contained in this policy may be addressed to:

Maryam Phillips, System Administrator for MCLINC, or 610-238-0580.


Revised: February 20, 2004

Revised: November 17, 2006