Missouri library patrons can now rest assured that their library records for checkout of digital materials will remain private.
The Missouri State Legislature introduced two related bills aimed to update its existing privacy laws to include records for materials including ebooks, electronic documents, streaming video, music, and downloadable audiobooks, as well as the use of using Radio Frequency Identification (RFID) technology. Missouri Governor Jay Nixon approved one of the bills, which will go into effect on August 28, while rejecting the other.
Though the privacy of patrons’ library records has traditionally been sacrosanct, digital technology has transformed library services, and many states’ privacy laws have been slow to address records for digital media.
Thanks in part to the lobbying efforts of librarians across the state, Governor Nixon signed HB 1085, the Missouri House of Representatives bill expanding the purview of privacy laws concerning library records to include digital items from third-party vendors.
The existing privacy laws cover patrons’ personal information when they check out paper books. But electronic media, though accessed from the library’s gateway, is often administered by a third party.
Missouri “already had very strong protection of library records, but our main concern was that the digital age be taken into account, that digital records be included in [data privacy legislation],” said Jim Schmidt, legislative committee chair of the Missouri Library Association (MLA). Consumer protection was MLA’s main talking point when taking the issue to their State Representatives, Schmidt added.
“In order for users to access these services, vendors must authenticate them as [our library] cardholders; this gives the vendors access to our user database,” said Pam Klipsch, director of Missouri’s Jefferson County Library.
At Klipsch’s request, Missouri Rep. John McCaherty of Jefferson and St. Louis counties sponsored the bill to “to insure that any personally identifiable information about [users] and any information about the resources they accessed remained equally protected and confidential on the vendor side as on the library side of that transaction,” she said.
The bill requires third-party vendors to tell libraries and individual patrons if the vendor’s data servers experience a security breach, Klipsch explained. It also empowers patrons to take their library record privacy matters into their own hands, allowing them to request thaat the third-party vendors be investigated if the patron feels their data has been compromised. Librarians across the state will meet with third-party vendors to discuss the law’s implementation before it goes into effect in late August.
The second, rejected bill, Missouri Senate bill 523 (SB 523), concerned libraries in an indirect way. The bill would have allowed students to opt out of using RFID technology in their school identification cards, which often double as library cards.
RFID is used in items such as toll booth passes, credit cards, and animal collars, in which RFID “locator chips” can store all manner of data. When placed in student ID/library cards, RFID chips are able to store library record information. The bill was intended to protect students’ geographical locations from anyone with an RFID reader, and to prevent access to private data tied to their school IDs.
Governor Nixon vetoed SB 523 on the grounds that though the technology is not currently employed by any Missouri public schools, it has the potential to be used as a safety measure by schools. For instance, students could be located via their IDs during times of emergency or natural disaster. This also means that for now, any possible associated library records are also accessible via the chip.