Lengthy Privacy Policy Discussions Leads to No Changes at Library

For nearly an hour, the Board of Trustees debated Monday evening the merits of its current privacy policy and a possible violation of state policy in recent weeks.

The issue arose following the June meeting and has played out on the editorial pages of the Dedham Times for three weeks now. 

Gary Roberts, a Dedham resident, posted on mydedham.org that a Facebook user, who commented on the Dedham Library Innovation Team's page, was not a library patron.

Roberts said he made the inference following "deep searching" of the Internet and looking at the person's Facebook friends list. 

"I did not ask anybody," Roberts said. "It is an inference. This entire whole mess has been built on implications and inferences."

Patrons, library staffers and trustees spoke of concern that a patron's personal information was leaked.

Trustees had set out to shore up the library's privacy policy for its staff to follow.

"I think the staff knows the policy," trustee Brad Bauer said.

Trustee Michael Chalifoux said he contacted the Minuteman Library Network (MLN), who said they would take up the matter at their July meeting, and decide whether a violation took place.

"The violation was to release the information," Chalifoux said. "If a person says a person doesn't have a library card is a violation. Whether or not it happened is the next step."

Punishment for a violation could be a ban from using the state's database, library officials said.

"It's their database. They set the rules," Chalifoux said.

Trustees debated with staffers and patrons in rare back-and-forth discussions how the library should ban the release of a patron's information.

Chalifoux argued that someone who even visits the library has the right to keep that information private, but he backed off when pressed on whether another person could inquire about a friend who was attending a library event.

Bauer said that the DPL violates people's privacy each time a book is placed on a shelf for requests to be picked up. Each book has a paper with a patron's name on it.

Trustees couldn't agree how far to take the privacy policy, or how specific to make it. 

"I understand what the concern was before, but we could have stacks of policies that cover everything," Bauer said. 

Following 30 minutes of discussion during public comment and 30 minutes on the agenda item, the board decided to table the matter until they heard from the state on whether a system breach occurred.

"This is an academic exercise until you hear from them what the overall ruling board has to say," said library director Patricia Lambert. "They take this stuff very seriously."