Open Letter to the UO Community
January 29, 2015
Subject: Records Release Incident
As the new dean of libraries, I feel honored to have joined the University of Oregon six months ago, and to have begun my work with some of the most dedicated and creative librarians, library workers, faculty, staff members, and students that I have ever known. With pride in our collective accomplishments, I can point to many outstanding library programs, services, and resources that we provide. Today, however, I am compelled to write about the “Records Release Incident” that has recently occurred and generated much discussion in the campus community.
For almost two decades, I have served as a librarian and library administrator in large, public universities. Like many of my colleagues in the Libraries, I have dedicated my life and career to helping faculty, students, and community members obtain the outstanding library services and resources they need to succeed and transform their lives. Since 1996, I have been an active member of the American Library Association (ALA). I have been and continue to be a passionate advocate for open and transparent government, equal access to information, and the protection of individuals’ privacy rights, which I believe are universal human rights.
It is my opinion that this Records Release Incident is much more related to the UO Libraries’ records management role than to its library/archival role. The Libraries handles a significant portion of the university’s records management infrastructure, including records from units like the Office of the President. Some of the records we handle are non-permanent and are retained for a limited period, defined by the university’s Records Retention Schedule. Other records are permanent and are placed in the University Archives after transfer from the originating offices and appropriate processing by the Libraries. The Oregon Public Records Law defines categories of non-exempt records (e.g., subject to disclosure) and exempt records (not subject to disclosure). Both non-permanent and permanent records may fall into either category.
When exempt records or federally protected data are released to unauthorized users and/or unauthorized use is made of that data, we are bound by our legal and ethical obligations to disclose the breach, not only by notifying data stewards at the institutional level, but also by notifying all those individuals whose privacy and confidentiality may have been compromised. The university has an obligation to try to secure the return of the data as well.
On a daily basis, we in the Libraries adhere to our professional codes of ethics, including those of the American Library Association and the Society of American Archivists. These codes inform our philosophies and practices about openness and transparency, and our protection of patron privacy and confidentiality. However, as fellow librarians at the American Library Association’s Office of Intellectual Freedom have affirmed, it is within the ethical rights of library and archive administrators to conduct internal investigations in cooperation with their parent institutions, if they suspect that a data breach has occurred or if they have reason to believe that library users have not complied with institutional policies, library policies, or state or federal law in their use of library services and resources. In the event that a data breach occurs or if a violation is suspected, the UO Libraries maintains its commitment to keep any internal investigation as confidential as possible, especially when personnel matters are also involved.
I believe in openness and transparency as many in the university community do. However, as professional archivists and records managers, we must balance openness and transparency with an equally valid commitment to protect individuals’ privacy and confidentiality, not to mention the many complexities that arise from legal considerations. At all times, we must not lose sight of our professional, ethical responsibilities to be good stewards of these records and to treat their contents with the proper care in order to protect the privacy of individuals who interact with the university.
In closing, I know that my library colleagues and I look forward to strengthening our library policies; we have obtained an expression of support from the senate’s University Library Committee to help us complete a policy review over the next few months.
In my brief tenure as Dean of Libraries, I have been impressed with the skills, dedication, and professionalism of the UO Libraries’ staff and faculty. I am confident that we all will work together to learn from this incident and further improve the Libraries’ ability to serve its diverse users. My library colleagues and I remain dedicated to carrying out our mission with integrity and passionate commitment. We hope that you will continue to support the Libraries, and that you will continue to afford us the honor of supporting you in all of your teaching, learning, and research endeavors.
Adriene Lim, Ph.D., MLIS
Dean of Libraries
Philip H. Knight Chair