NC Cardinal Support and Staff Education
  • Home
  • Submit a Request
  • Check on a Request
  • Knowledge Books
    • About NC Cardinal
    • Circulation in Evergreen
    • Cataloging in NC Cardinal
    • Administration Manual for Libraries
    • Reports in Evergreen
    • Resource Sharing
    • Student Access Initiative
    • Acquisitions in Evergreen
    • Serials in Evergreen
    • Offline Transactions
    • Evergreen Upgrades
    • Libraries Migrating into NC Cardinal
    • Summon Documentation
    • Troubleshooting in Evergreen
HelpSpot help desk software

Home → About NC Cardinal → Policies → Patron Privacy Policy

1.2. Patron Privacy Policy

Last Updated 03/24/2025


Patron Privacy

Protecting user privacy and confidentiality is one of the core values of librarianship. This Privacy Policy explains what information we collect from you and why. You agree to this policy by using any member library websites, downloading our mobile applications, or visiting any NC Cardinal Library location. While North Carolina State law requires that we treat materials you check out and information you access as confidential information, we also do so because it is in keeping with our commitment to you to protect your privacy. The confidentiality of library records is a core part of library ethics and the NC Cardinal consortium follows the Code of Ethics of the American Library Association and NC General Statutes.

North Carolina General Statutes Related to Patron Privacy

§ 125-18. Definitions.
As used in this Article, unless the context requires otherwise:
(1) "Library" means a library established by the State; a county, city, township, village, school district, or other local unit of government or authority or combination of local units of governments and authorities; community college or university; or any private library open to the public.
(2) "Library record" means a document, record, or other method of storing information retained by a library that identifies a person as having requested or obtained specific information or materials from a library. "Library record" does not include non-identifying material that may be retained for the purpose of studying or evaluating the circulation of library materials in general. (1985, c. 486, s. 2.)

§ 125-19. Confidentiality of library user records.
In keeping with the American Library Association's Policy on Confidentiality of Library Records and Policy Concerning Confidentiality of Personally Identifiable Information About Library Users, NC Cardinal libraries agree on the following:

(a) Disclosure. – A library shall not disclose any library record that identifies a person as having requested or obtained specific materials, information, or services, or as otherwise having used the library, except as provided for in subsection (b).
(b) Exceptions. – Library records may be disclosed in the following instances:

(1) When necessary for the reasonable operation of the library;
(2) Upon written consent of the user; or
(3) Pursuant to subpoena, court order, or where otherwise required by law. (1985, c. 486, s. 2.)

How NC Cardinal Collects Patron Information

1. User-Provided Information.
When registering for a new account for our library services or updating an existing library account, we may ask you to share certain information with us.
Personal Information : any information that can personally identify you, such as your name, physical address, email address, phone number, library barcode, date of birth, and other similar information.
Residency Verification : information such as driver’s license, other government-issued identification, and utility bills containing a postal address.
Library Record : contains your personal information related to your personal use of circulating and non-circulating library materials, including but not limited to computer database searches, interlibrary-loan transactions, reference queries, e-mails, faxes, requests for photocopies of library materials, title reserve requests, and the use of audio-visual materials such as films and music.
We are committed to keeping such information, outlined in all the examples above, only as long as needed in order to provide library services.

2. Information NC Cardinal libraries may automatically collect.
When you use our library services, such as our website and mobile applications, our computer servers may automatically capture and save information electronically about your usage of our library services. Examples of information that we may
collect include:

  • Your Internet Protocol (IP) address
  • Your location
  • Kind of web browser or electronic device that you use
  • Date and time of your visit
  • Pages that you viewed on our website
  • Certain searches/queries that you conducted

If you are using a library device, we may also record your library barcode, time and length of your session, and the websites that you visited.

3. Cookies.
A cookie is a small data file sent from your web browser to a web server and stored on your electronic device’s hard drive. They are generated by websites to provide users with a personalized and often simplified online experience. Most web browsers are set to accept cookies by default, though they can be disabled. Keep in mind that removing or rejecting cookies could affect the availability and functionality of our library services.

You should be aware that the information collected about you through any of the above means may be de-identified and aggregated with information collected about other users or visitors. This information helps us to administer services and analyze usage of our library services.

4. Staff Provided data.
Staff may create statistical categories for library users that contain arbitrary data that does not fit into the system’s default records. These statistical categories can be applicable to specific library systems or branches within the consortium. Some examples of statistical categories we currently use are ethnicity, gender, language, school.

How NC Cardinal Uses the Information Collected

  • We use personal information and residency verification to issue library cards. If a user chooses to provide an email address, NC Cardinal may use it to send account alerts and other communications. We use library records to assist in maintaining our collections and to verify records of users’ paid and unpaid fines.
  • We may use login credentials and library records to deliver enhanced or personalized services.
  • We use personal information, login credentials, and residency verification to provide access to e-books through our mobile applications.
  • We use personal information when collecting or processing payments and fines.
  • We use cookies to collect information about your activity, browser, and device in order to provide you library services.
  • We use user statistical categories to filter data within our reporting modules.

How NC Cardinal Safeguards the Use of Library Cards

  • To check out items or retrieve account information requires a current library card or another way to verify identity.
  • Hold items will check out only to the requestor’s card. Per library system policy, a friend or family member may pick up the hold items, if they have the requestor’s card.
  • We give hold/reserve information only to the requestor. Specific details on hold items will not be left with voice mail or other persons.
  • If someone other than the borrower returns a lost or overdue item, the person may pay the fine, but the account history will not be disclosed to them.
  • Persons may request access to all their personally identifiable information the Library collects online and maintains in its database by contacting the patron’s home library. The information may be changed or updated through the library catalog or in person at a local branch of the library.

How NC Cardinal Shares User Information

These are the ways NC Cardinal shares your information with third-parties:

1. Third-Party Library Services Providers.
We use third-party library service providers and technologies to help deliver some of our services to you. If and when you choose to use such services, we may share your information with these third parties, but only as necessary for them to provide services to NC Cardinal. We may also display links to third-party services or content. By following links, you may be providing information (including, but not limited to Personal Information) directly to a third party, to us, or to both. You acknowledge and agree that NC Cardinal is not responsible for how those third parties collect or use your information. We encourage you to review the privacy policies of every third-party website or service that you visit or use, including those third parties with whom you interact with through our library services.

2. Legal Requests.
Sometimes the law requires us to share your information, such as if we receive a valid subpoena, warrant, or court order. We may share your information if our careful review leads us to believe that the law, including state privacy law applicable to library records, requires us to do so.

How Does NC Cardinal Collect and Share Children’s Information?

The Children’s Online Privacy Protection Act (COPPA) regulates online collection of information from children under the age of 13. If you are under the age of 13, you may not be allowed to use our online services without your parent’s or guardian’s permission, especially when your personal information may be collected. Parents and guardians of children under the age of 13 may view their children’s library records. Parents and guardians of children between the ages of 13 and 17 (inclusive) may also view their children’s library records, but require their children’s consent. We may partner with third-party services to provide educational content for children. Parents and guardians should review those services’ privacy policies before permitting their children to use them. Parents and guardians may also need to sign additional consent forms for the collection of information about their children before they gain access to optional programs and services, such as our enrolled programs.

How Does NC Cardinal Protect User Information?

  • Exchanges of data between users and the system are encrypted using HTTPS through SSL. To enable encryption we purchase an SSL certificate from a certificate authority. This certificate ensures that data being sent to and from the server is going to the right IP address. Our webservers use a domain validated certificate.
  • Users’ passwords are hashed using the MD5 cryptographic hash algorithm before they are recorded into the database. These hashes can not be reversed to retrieve the original, unencrypted password.
  • Our strict system of permissions prevents library patrons or unpermitted staff from collecting patron information from the reporting module.
  • Cardinal staff do not have the ability to modify the database with our read only account, protecting user data from potentially erroneous changes. In addition to this, Mobius makes regular backups of the database to protect our data.
  • When using unprotected WiFi in public areas like hotels and coffee shops, NC Cardinal staff use a virtual private network to encrypt all incoming and outgoing information from our machines.

 

Downloads
  • pdf
    Patron Privacy.pdf

This page was: Helpful | Not Helpful

NC Cardinal is supported by the Institute of Museum and Library Services under the provisions of the federal Library Services and Technology Act (LSTA), as administered by the State Library of North Carolina, a division of the Department of Natural and Cultural Resources.