The Privacy Perils of Contact Tracing in Libraries

By Becky Yoose and Erin Berman

A public library is one of the only places where a person can walk through the door and access information anonymously. No one checks your identification when you come in and you don’t have to purchase anything to visit. This freedom – based on every person’s First Amendment right to access public libraries is what allows us to serve those in our communities who may not have access to information by any other means. Anyone, including our undocumented and unhoused members, should feel safe coming to our libraries without the fear of showing identification or reprisal. Yet, as communities struggle with the COVID-19 pandemic, libraries are faced with requests or demands to institute contact tracing, monitoring who comes into the library and restricting access to those who don’t provide their personal information.

Contact tracing is the identification of someone infected by a disease and the subsequent contacting of anyone who may have come in contact with that person. It is a highly effective tool in managing the spread of a disease and is being utilized in various forms throughout the world to slow the spread of COVID-19. As libraries begin to reopen, it is likely the conversation around contact tracing will arise. Should libraries participate in contact tracing? If so, how should they do it while protecting the privacy and access rights of users? If not, why not?

Libraries should only perform contact tracing when mandated by public health or local officials. If your library is required to perform contact tracing there are specific ways that you can go about it that minimize the risks to users.

What data should we collect?

Libraries should follow data minimization principles and only collect what is specifically required by the public health or local agency. This is likely to be full name and contact information (email and/or phone number). Do not collect additional data outside what is specifically required “just in case.” The risks to privacy and access are far greater than the chance that this data might be needed at some point in the future. 

If a person refuses to give over their PII or does not have any contact information, libraries should not deny access to library services. Procedures should be in place to provide some form of access to library services. Restricting access based on lack of contact information will disproportionately impact already marginalized groups. By having alternative methods of access ready, and staff trained on how to provide that access, your library will be better situated to handle that situation if it arises.    

How should we collect data? 

For this task, sticking to old fashioned pen and paper is your best method of collecting PII upon entry into your library. Library staff should be assigned to collect this information privately from users. Under no circumstances should the library have self-sign in sheets placed in a public space left out for other users to see who else used the library that day. Not only is this a health risk, with users sharing the same writing implement, but you run the risk of other users or law enforcement gaining access. Most states have laws that require libraries and library staff to keep users’ information and information about their library use confidential, including the use of the physical library space. 

Electronic logs are not ideal in this situation as they can be backed up and archived beyond a set retention period, they can be easily copied and shared, and cannot be easily deleted. A physical log will be easier to control and protect in terms of access and disclosure if staff have clear procedures to follow. 

Can’t we just scan library cards?

The short answer is, no. Having a library card is not a requirement for accessing a public library. Many libraries have policies in place that make it impossible for someone without valid identification and proof of address to obtain a library card. Once again, a contact tracing setup where a user’s library card is scanned will deny access to those without permanent addresses or identification. In addition, scanning a library card will link a user’s decision to enter the library building to their library record. This information can be requested by court orders and turned over to law enforcement agencies.

What can we do with the data? 

Some libraries may be tempted to use the information from contact tracing to gain insight into who is coming into the library. This level of demographic information on users could be seen as a data goldmine. However, libraries need to hold true to the privacy value of purpose limitation. When collecting PII for contact tracing, users should be told how their data is being used and for what purpose. Since the purpose of collecting the data is for contact tracing the data should not be used for anything else. Data collected can only be shared with the agency that has requested it and the library must demand a warrant before sharing it with any other third-parties.

How do we retain the data?

Physical logs should be stored in a secure drawer or cabinet in a locked office when not in use. Logs should be shred as soon as permitted by local officials. Limit the number of staff who have access to the logs and ensure they have proper training in the collection, storage, and retention of the records.

Libraries should remain focused on their mission to provide equitable and confidential access to information resources and services. Collection and sharing of information about library users for purposes other than the delivery of library resources, services, and programming — such as information collected for contact tracing — is inconsistent with that mission and may violate laws protecting user privacy if done without the full and informed consent of the library user. In all cases, access to, and delivery of, library resources and services should not be conditioned on the user’s consent to the collection and use of their information for contact tracing or other purposes unrelated to library service.




Becky Yoose

Becky Yoose is the founder of and Library Data Privacy Consultant for LDH Consulting Services, a consultancy that guides libraries and vendors in protecting patron data without sacrificing operational data needs. For over a decade, Becky has wrangled library data in its various forms in academic and public libraries. Becky received her MA-LIS from University of Wisconsin – Madison in 2008, and has been a Certified Information Privacy Professional/United States (CIPP/US) with the International Association of Privacy Professionals since 2018. You can find her online at and @yo_bj on Twitter.



Erin Berman
Erin Berman is the Chair of the American Library Association’s Intellectual Freedom Committee’s Privacy Subcommittee. She currently works as a Division Director for Alameda County Library.