Library Privacy Checklist for Students in K-12 Schools

This checklist is intended to help libraries of all capacities take practical steps to implement the principles that are laid out in the Library Privacy Guidelines for Students in K-12 Schools

Priority 1 are actions that all libraries can take to improve privacy practices. Priority 2 and Priority 3 actions may be more difficult for libraries to implement depending on their technical expertise, available resources, and organizational structure.

Priority 1 Actions

  1. Create internal library procedures to protect student privacy based on:
    1. School policies related to privacy and confidentiality of student data, especially student circulation records and the use of library resources in all formats.
    2. Federal laws such as the Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Act (COPPA), and state privacy laws regarding library records.
    3. ALA policy statements and resources. 
    4. Resources provided by national education and state library associations.
  2. Collect the minimum amount of information necessary about students to manage their use of library resources.
  3. Configure circulation software to delete students’ borrowing history and retain only necessary records.
  4. Ensure any paper with personally identifiable information is stored securely and shredded at the end of its use.  
  5. Train library staff and volunteers to respect students’ privacy and the confidentiality of their library records.

Priority 2 Actions

  1. Educate administrators, faculty, and support staff about students’ library privacy and the confidentiality of student data using a variety of communication methods such as in-service training, newsletters, email, etc.
    1. Initiate conversations with the principal, teachers, students, and parents about the need for an official library privacy policy.
  2. Add privacy-related resources to the library collection including items related to personal privacy, minors’ privacy rights, and privacy as a national and international issue.
    1.  Create a privacy information section on the school library web page or a privacy-themed pathfinder with student- and faculty-focused privacy resources.
  3. Integrate online privacy into library instruction and programming. For example:
    1. Introduce students to online privacy information such as secure passwords and web tracking during library orientations and other brief presentations.
    2. Celebrate Choose Privacy Week and other privacy-related observances (Data Privacy Day, Teen Tech Week, etc.) with the school community.
    3. Create privacy-related displays and set up videos in the library to educate parents and caregivers during parent-teacher conferences and other evening school and community events.
    4. Offer presentations to parents and caregivers about students’ privacy online and other privacy-related topics (e.g. phishing, passwords, basic cybersecurity).
  4. Advocate within the school or district for protecting students’ privacy rights in learning management systems, internet filtering software, or other technologies that enable educators to monitor student reading and research habits. Assessment should not  include monitoring how students use specific library materials and online resources as part of free inquiry and research.
  5. Volunteer to serve on the school’s data governance committee. If one does not exist, advocate for its creation.

Priority 3 Actions

  1. Work with other stakeholders in the school or district to create an official library privacy policy in regards to student circulation records and the use of library resources.
    1. The privacy policy should be approved by the school’s governing body.
    2. Post the policy in the library and on the library’s section of the school website.
    3. Promote the library’s privacy policy within the school community.
  2. Work through school lines of authority to write or adapt a K-12 privacy curriculum and have it formally approved and taught. Collaboratively teach privacy units with teachers using well developed, age-appropriate privacy curricula.
  3. Work with school officials to incorporate privacy protections into RFP’s and resulting contracts. Discuss privacy concerns with digital resource and technology vendors when negotiating contracts.
  4. Ensure that all online transactions between client applications and server applications are encrypted.
  5. Ensure that storage of personally identifiable student information is housed using encrypted storage.

Approved January 21, 2017 by the Intellectual Freedom Committee; revised January 14, 2021.