Our library offers a variety of business services such as copying, scanning, emailing, and faxing, and we also have staff on hand to assist patrons with these services. We often have patrons request assistance with scanning and emailing or faxing sensitive documents including checks (with banking/routing numbers), driver’s licenses, Social Security cards, or other financial/legal documents.
I am wondering:
a) What responsibility do library staff have to inform a patron if we think they may be in the process of communicating with and sending documents to a scammer? How do we protect our patrons from scams/fraud while also respecting their privacy?
b) How liable is the library/library staff if a patron is scammed after library staff use library resources to send documents/information that played into the scam, even at the patron's request?
This question tugged at my heart, because lawyers face issues like this, too.
Maintaining confidentiality while addressing concerns that a person is being victimized creates terrible tension. The need to maintain a trusting relationship, governed by professional ethics, makes the tension all the more acute.
It is those professional ethics, however, that will carry the day.
What is the basis of a librarian's obligation of confidentiality? Confidentiality of library records is, of course, protected by state law, but it starts in item "III" in the ALA Code of Ethics:
III. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.
But this issue also related to item "I" from that Code:
I. We provide the highest level of service to all library users through appropriate and usefully organized resources; equitable service policies; equitable access; and accurate, unbiased, and courteous responses to all requests. [emphasis added]
So, here we are: iron-clad confidentiality, coupled with "unbiased" responses to all service requests. From within those ethical boundaries, the member has asked:
There are information management professionals far more qualified than I to discuss the professional nuances of these questions. But from the legal perspective, and to address the legal questions about obligations, protection, and liability, here are my answers.
What responsibility do library staff have to inform a patron if we think they may be in the process of communicating with and sending documents to a scammer?
There is no legal duty to inform a patron of this suspicion. Further, I see nothing in the ALA Codes of Ethics that makes it an ethical duty of the profession.
How do we protect our patrons from scams/fraud while also respecting their privacy?
We have reviewed that there is no legal or ethical obligation to "protect" a patron in these circumstances, and there can even be concerns related to trust, confidentiality, and perceived bias that mean a librarian should keep their suspicions to themselves.
However, neither the requirement to be confidential, nor the obligation to provide services without bias, stop a librarian from doing what they do best: sharing information. And nothing stops a library from pre-assembling a compilation of available resources the library can use to empower a patron to assess if they are being scammed.
Here is a scenario showing how such a "compilation" could be used:
PATRON: I need to print an email.
LIBRARIAN: Sure, the computer in over here. Let me know if you need instructions on how to print.
PATRON: Can you also help me find the email? It has instructions to wire money. It's from my grandson, Michael. Normally I would ask his mother to help me but this is a real emergency and I can't tell her what's happening, it would just kill her.
LIBRARIAN: I am happy to help; there, it's printing. [pauses] You know, this request reminds me of something I read/heard about. Do you want to know about it?
LIBRARIAN [searches for "bail the grandchild" scam]: Here it is. [Retrieves list of information.] And here is a resource about who to call when there is a concern about the type of thing on this website. [Hands patron list of resources]
Here is a template for this type of "list of resources":
"Trust but Verify"
A guide to checking the legitimacy of
requests and correspondence.
Compiled by the [insert name of library].
Have you been told you suddenly owe money?
□ YES □ NO
Has there been a request for account or personal information from a new or unusual source?
□ YES □ NO
Has someone told you a family member is in danger?
□ YES □ NO
Is someone pressuring you to make a quick decision about money?
□ YES □ NO
Does something about outreach to you just not feel right? Or does it seem "too good to be true"?
□ YES □ NO
These days, scammers can pretend to be from the IRS, Social Security, or even your religious organization or family.
There are resources to help you let the good guys in, while keeping the bad guys out. Here in [library location by county or municipality], the following resources can help you make the right call:
Free for anyone 55 or older, there is also:
Your banker, lawyer, or accountant will also be able to help you confirm the source of requests for wire transfers and other financial transactions.
...Or you can ask a librarian to help you find a resource suited to a particular document or situation. We can't tell you what's legit, but we can help you find the people who can.
Don't feel bad asking, even data security specialists have to "Trust, but Verify" these days!
A simple offer of information, and a plain-language resource like this can be a handy way to raise concerns without having to tell someone "You're being scammed."
At the end of the day, not all patrons will be receptive to this offer of information, and not all patrons will believe they are being scammed--even if their story matches a scam-scenario.
But no matter what the patron's reaction, by taking this approach, the librarian will have done the only thing the librarian is ethically obligated to do in this type of situation: provided unbiased services, and granted access to information, while maintaining the confidentiality of same.
How liable is the library/library staff if a patron is scammed after library staff use library resources to send documents/information that played into the scam, even at the patron's request?
If the librarian suspects that the scenario could be an illicit scam, but doesn't know this is phishing, social engineering, or another type of activity that can lead to fraud, there is no responsibility for what happens next (unless the library has adopted an internal policy stating otherwise, in which case there could be some employer-imposed consequences).
On the other hand, if the librarian somehow knows that the scenario is an illicit scam, and actively helps with the commission of what they know to be a crime, then yes, there could be liability. But once such a scam is known, not merely suspected, this becomes a whole other question.
A few more comments
Another aspect I want to address is if the librarian is concerned not that the person is being duped, but that they don't have the mental capacity to comprehend and/or remember they are being duped.
People with Alzheimer's and other conditions impacting cognitive ability may rely heavily on an established routine of visiting their local library. Further, people with that impairment still may be able to function independently for most aspects of their day. However, a librarian detecting a possible scam could be on the front line of a legitimate concern that they don't have the function to assess the situation.
There are too many permutations of this situation for me to give general guidance, except to say: if there is a concern that a person can be vulnerable to harm due to a medical condition or disability, but their condition is not so extreme that there is clearly a justification to call medical services, call an expert.
If the person is over 55, the Center for Elder Law and Justice is a great resource; they address these types of issues every day, and their hot line is there to help assess a situation and identify possible next steps. If the person is not over 55, a good resource could be the local Social Services agency.
When it comes to this issue, my overall advice is to remember that as a resource to the community, library employees are there to provide access to information and resources, not to protect people from harm. The good news is, by providing that access in a manner consistent with library ethics, library employees can help patrons protect themselves from harm. And that is how a library can help stop a person from being scammed.
Speaking from experience, I can say that not every person will take information when it is offered. There are times when the only comfort that can be taken from a situation is to know that you tried your best. But by focusing on the ethics, and the provision of information, a librarian can help a person identify a scam, and avoid legal entanglements.
I wish you strength on this one. Your patrons are very fortunate.
 And if there are any accountants, athletic trainers, or mental health counsellors who (for some reason) read an "Ask the Lawyer" column for libraries, museums, and historical societies, I bet it sounds familiar to them, as well.
 CPLR 4509
 Which is replicated in the New York Library Association Code of Ethics.
 Don't worry, we'll also address what you can do if the patron says "No, just help me scan my driver's license," and what to do if you are concerned the person doesn't have the capacity to make an informed decision.
 It is interesting to contemplate if there could be a policy for the use of information transmission equipment (phones, faxes, scanners, email, etc.) that included a provision that "Library employees who suspect a patron is falling prey to or contributing to a criminal enterprise must immediately report their concerns to the director for appropriate action under the relevant policy;" linked with a provision in a Code of Conduct "Patrons using library resources.”
 I struggled to come up with a scenario where the librarian knows the scam is on, but here goes: A librarian is a personal friend of Jeff Bezos. A patron comes in and says Jeff Bezos wants to give $50,000.00 to the patron and 5,000 other lucky people; they just need to wire Jeff $5,000. While helping to print the wire instructions, the librarian calls their friend Jeff Bezos to ask: "Hey, Jeff, are you giving fifty thousand dollars each to five thousand people?" at which point Jeff Bezos laughs and says, "No way, but can you believe some people are actually wiring me money? Now I can repaint my third yacht. Best scam ever. Hey, want to go fishing?" Now the librarian knows it's a scam; if they help in any way after that, they are arguably complicit.
A public library is looking at the possibility of taking over the running of a medical loan closet that has been previously run by a church.
The library would find a space through a partner, so it would not be on library property.
The library would be responsible for cataloging the items, tracking their circulation, and applying for grants to help with funding.
The local visiting nurses have volunteered to handle the distribution of equipment, and are willing to continue if the library takes it over from the church.
The library's director and trustees are concerned about insuring the library to protect it in the event that someone gets hurt using a piece of equipment and there is the possibility of a lawsuit. They talked to their insurance agent and the company they use would not cover this.
A discussion came up about starting a separate LLC for the medical loan closet that the library would be openly affiliated with.
Would it be possible for a public library to set up a separate LLC to do this?
Before I answer, let's talk about why a person or business might create an LLC ("limited liability company").
A primary function of an “LLC” is to do exactly what the member has proposed—to create a separate entity designed to hold the liability associated with a particular venture.
Examples of how an LLC can be used to take on liability (and keep it from flowing to its owner/s) include: ownership of rental properties, operation of restaurants, and yes, collaborative formation of charitable initiatives, like a medical closet operated in affiliation with a library.
This is because, when set up properly, an LLC allows its "members" to have an ownership stake in the company, while minimizing the risk of liability associated with the LLC adhering to other parties (like the members).
For this reason, a lot of property owners and participants in risky ventures use an LLC to contain the liability that could result from the risks of the venture. This helps with insurance, critical decision-making, and keeping unrelated assets separate from the liabilities of a venture.
Aside from this primary “separation of risk” function, the LLC model also allows creative arrangements for financial operations and tax considerations. Among many other things that relate to ownership of family businesses, and complex corporate structures, this includes allowing one or multiple 501(c)(3) not-for-profit charitable entities to form an LLC that will have a similar tax status.
So the "short answer" to the member's question is: YES.
That said, I do have a "long answer" composed of several considerations and caveats, which I hope will be helpful.
Consideration 1: Audit.
While the laws governing public libraries do not forbid--and arguably expressly allow--an education corporation like a public library to own, or partially own, the asset of an LLC, a review of various New York State Comptroller audits shows that any assets flowing between the two entities will be considered subject to all the requirements that must be followed by the library.
In other words, if the State Comptroller conducts a fiscal audit of the library (as State Comptrollers are randomly wont to do), the Comptroller will not only look at the books of the library, but also the books of the LLC—subjecting them to the same scrutiny as the library.
So, to the extent money and resources flow from the library to the LLC, the same constraints on procurement, investment, and other use of assets will be imposed on the LLC. This could bar or limit the activities of the LLC, so should be a primary consideration when it is formed.
Consideration 2: Operations
By "operations," I mean: who is helping the LLC get the work done?
In the scenario submitted by the member, it is the library who will "be responsible for cataloging the items, tracking their circulation, and applying for grants to help with funding." Meanwhile "local visiting nurses have volunteered to handle the distribution of equipment." And finally, as described by the member, the storage/pick-up (the "Closet") will be off-site (not on library property).
This means that the LLC would rent/borrow the space for the Closet, volunteer nurses would work there helping to distribute equipment, and the library would use its personnel to track the lending and equipment.
And although the member doesn't specify, let's say the library doesn't use its own circulation system for this, but instead, buys or builds a custom system—maybe even something as simple as an Excel spreadsheet.
So the library would supply the "time and talent" of its people on an ongoing basis to the LLC, perhaps tracking it as an in-kind support to the charitable venture, and also separately purchase assets that would be solely owned and used by the LLC.
This "time and talent," is where "risk and liability" for the library—even with an LLC housing the operations—truly enter the picture. Even with a separate entity designed to take the hit, when an entity supplies its own people to staff a venture, there is always some risk that the direct involvement of a third party can lead to an assertion of liability (when people sue, they often look for not only deep, but multiple pockets).
How do you solve that? It takes two things:
Consideration 3: The Operating Agreement
By law, every LLC must have an "Operating Agreement" that specifies how the "members" run the company. For small, simple LLC's, an "OA" can be a fairly short document. For complex ventures with detailed financial goals and complex management structures, an OA can be hundreds of pages.
In the case of a "Medical Loan Closet" LLC meeting the criteria in the member's scenario, the operating agreement would have to address, head-on:
Which brings us back to...
Consideration 4: Insurance
At the end of the day, this question is about two things: 1) how to do a good thing for a community; and 2) how to make sure the organizations doing that "good thing" properly manage the risks of doing it.
While much of this can be addressed via good planning, rigorous equipment maintenance, and proper paperwork, as can be seen in "Consideration 3,” and as the member clearly knows, a venture that will be so closely connected to people's physical health must have some form of insurance. The coverage should extend to every person with either a fiduciary, employment, agency, or volunteer relationship with the Closet.
While precise coverage amounts should be determined by the participating parties, my instinct is that there should be at least $1 million of coverage per incident, with no less than $3 million/year aggregate. But it will depend on many factors.
So, what to do?
Many times, there is a very solid reason to start an LLC. If the Closet described by the member was going to own real property, have its own employees, apply for grants, and in general, take care of most of its operations in-house, with the support—but not the direct service—of the members, I'd say that was the right solution for this scenario.
However, if the Closet is to be a collaborative effort that will rely on the direct services and assets of the member organization/s (in this case, services by library employees, on library time), in my experience, a tightly structured plan that properly establishes the responsibilities of the collaborating parties—and ensures there is proper insurance coverage for all involved—might be the most practical way to move forward.
This will also position the library to do the right type and amount of "volunteer vetting" and to properly confirm the conditions of (and insurance coverage for) the volunteers.
So, on a practical level, what am I saying? A library can spend thousands to set up a charitable LLC to run a Medical Loan Closet, and then about a thousand or so a year to ensure the proper administration of that LLC--or it can develop the Closet as a program of the library (either stand-alone, or in collaboration with others) and spend the money on additional risk management and insurance.
After all, we're not talking small engine repair, here. Lending things—even if it is health-related equipment—is part of any library's core mission.
At the end of the day, many factors will play into the decision to use 1) an LLC, 2) a collaboration agreement, or 3) to simply operate the Closet as a new program of the library (with some volunteer agreements for the nurses).
To get to the part where the library can make the decision, I advise developing an "Operational Plan" for the program, and getting quotes from several insurance carriers as to what the coverage would costs for your library and/or for a new entity to conduct the activities in the Operational Plan.
Since there will be a lot of detail to review, a small ad hoc committee consisting of a board member or two, the library director, any other person whose input will be helpful, and the library's attorney, can then review this information, and come up with a solution to pitch to the board.
And when that pitch is made, everyone should be confident that there is no "wrong" way to develop a new, life-saving lending initiative—so long as the way selected clearly defines everyone's responsibilities, establishes that clarity in writing, assures legal and fiscal compliance, and ensures everyone helping out is covered by insurance. With the right attention to detail, this could be an LLC—or another solution.
I wish this venture luck and stout hearts for getting it over the finish line; it sounds like a great asset to any community!
 When I write about LLC's, I really struggle with putting "an" before an acronym that begins with a consonant ("LLC"). But the rules on "indefinite articles" assure me it is proper.
 There are some questions about the operation of a collaborative 501(c)(3) LLC in New York, but they happen, and haven't been shot down yet.
 "Members" is what the New York State Limited Liability Company Law calls owners.
 I don’t mean “risky” as in “Don’t drive that Pinto!” In in this context, “risky” applies to any venture that has a risk of exposure to legal claims due to having premises, employees, contractual obligations, or providing goods/services. In that context, even my own law office (which is a type of LLC) is “risky.”
 "501(c)(3)" is a designation from the IRS that allows a library or other charitable organization to accept donations while the donor takes a deduction.
 Trust me, this WAS that short answer! Another business lawyer who reads this will find it pretty skimpy.
 The Education Law, the Not-for-Profit Corporation law, the General Municipal Law, the Public Officer's Law.
 This is NOT to say that the local library could engage in a hostile takeover of the LLC-operated laundromat next door to ensure the very loud HVAC system is turned off during children's story hour. A not-for-profit, and a public library, both have extensive rules regarding what assets and investments they can own, and how they can benefit from them. But it could be done (in my hypothetical, it could be done if either: a portion of the laundromat income was a directed donation used to purchase special collections OR if use of the machines to clean clothes while reading or using library Wi-Fi was a free service to the community tied into the library's Plan of Service. Which, by the way, would be AWESOME).
 When I want to relax, I just pop on over to the Comptroller's "library audits" page at https://www.osc.state.ny.us/local-government/audits/library, and have a jolly good read.
 My apologies if my assumption that such a project could be tracked via Excel is laughable. While I can script out workflow and compliance protocols like a pro, my database programming skills stop with a 4-column chart in "Microsoft Word."
 Remember, the assets of both a not-for-profit and a public library come with heavy restrictions. This includes the "asset" of the workforce. In this scenario, we're assuming all the right paperwork for "lending" employees to a venture is properly in place...not something to assume lightly in the Real World.
 Operating a charitable LLC is fairly simple after the start-up phase, but there are routine tasks that must be kept up with: book-keeping, audit, routine IRS and Charities Bureau filings, compliant procurement, de-accession. Consider who will be responsible for all these things.
 This consideration—about properly maintaining loaned health-related equipment—is addressed in the RAQ response to a question we got back in April 2020 about lending a Telehealth kit, which is found here: https://www.wnylrc.org/ask-the-lawyer/raqs/132.
 A great short cut on this would be to find some other medical loan closet programs in New York and ask who their carrier is. Establish your credentials and tell them why you need the information first, though...places get VERY nervous when you ask who their insurance carrier is!
 At this point, I have worked on joint ventures for educational purposes, arts purposes, community gardens, the development of apps for civic transparency, community murals, and just about every feel-good thing you can think of. I will never be rich, but I love my job.
 A word of caution: the phrase "Medical Loan Closet" is part of a name protected by a trademark, the "Wichita Medical Loan Closet" which can be seen here: http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4806:g09zye.2.1. When developing a "closet" program here in New York, take care to distinguish your brand so there is no risk of getting a cease-and-desist.
 Remember, a “collaboration agreement” is different than an LLC’s “operating agreement.” A “collaboration agreement” unites the efforts of two or more entities creating the venture, and manages risk WITHOUT creating an LLC.
 The "operational plan" will evolve once you make the decision about the entity type, but to start it is just a description that sets out how the Closet will run. If the idea is largely to use the same model used by the current operator, that is a fairly simple task, but make sure to include every role and responsibility, simply noting "TBD" is you don't yet have an answer. An inventory of equipment will be an essential component of this exercise.
 Since I have hit you with a lot of detail that could be daunting, I will add this gratuitous advice: if possible, have a meal or fun snack at your planning meetings (even if they have to be via Zoom right now). I have been working on a charitable planning committee, and by turning it into a convivial experience, we are getting through some fairly obscure stuff while staying in touch with basic human joy.
We have a patron who insists that it is their right to go barefoot into any public area. Okay, but, being a public (Association) library, aren't we still liable even if that person injures themselves on the property even if they 'say' they wouldn't sue us? Is there a law that defends their position and if so, how do we defend ourselves from litigation? Should we have them sign a waiver? Any help is greatly appreciated!
To answer this question, I had to switch things up, and pretend that one day, there I am, sitting in my office, when a barefoot person walks up to my door and asks “I want enjoy my library privileges while barefoot, and they won’t let me. Can they do that, or can you help me sue?”
If someone actually paid me for a consultation related to this conundrum, here would be my diagnostic process. For the sake of argument, let’s say that for every question I pose, the answer is, “No.”
Once I got through establishing that the answer to each question was “no,” I would then likely say: “Well, I am sorry, but whether it’s public or private property, if shoes are required by the library, I see no basis for a claim.”
Of course, the law is always evolving, but right now, simply being “a person who wants to go barefoot,” is NOT a protected category in New York State. So, whether it’s my house, McDonald’s, or the local (school, association, or public) library, the old rule “no shirt, no shoes, no service,” can still apply.
This right to impose reasonable and uniformly applied conditions for entry—like shoes, shirts, and leaving beverages at the door—is rooted in the concept of real property (ownership of land). A person or organization that owns land can impose (with varying degrees) restrictions on how others may access it. And unless connected to an established or fundamental right—like freedom of religion—those restrictions cannot be challenged via lawsuit (although for a library governed by a board, it can be challenged and changed as a matter of policy).
The concept of requiring certain attire in relation to property is common in New York’s laws, regulations, and case law. Country clubs may require a formal style of clothing, while barring cleats and spikes indoors. Children’s camps may require kids to wear shoes (with backs!). Since this answer gave me an excuse to do the research, I even learned there is a state-imposed dress code for recently legalized MMA (Mixed Martial Arts): man must be shirtless, while women must wear tops (I can’t imagine this gender-based rule will go unchallenged for very long).
Why all this commentary about the law and clothing? I’ll make it clear. Libraries—whether they are public or private—have the right to require visitors to wear shoes, to wear clothing that covers certain portions of the body, and to check their beverages at the door. This goes hand-in-hand with the right to require that people not play loud music, not be disruptive, and not import disturbing body odor beyond a certain personal zone.
It is important, however, to have a clear and uniformly enforced policy for imposing these reasonable conditions. The minute a small child is allowed to go barefoot in the library (bad idea!), an adult can try to claim that right, too. And extreme care should be taken to not adopt policies that can impact protected classes of people (barring head coverings, for instance), unless a lawyer has been consulted in the drafting of the policy, and staff are well-trained on the nuances of enforcement.
So, to bring it back to the member’s question: there is no need for a liability waiver, if your library simply wants to insist that people wear shoes. On the flip(-flop) side, if a library wants to explore a “barefoot-positive” policy, more than a waiver would be needed to address the risks: a board would have to explore all the risks caused to those not wearing shoes in a place with heavy books, carts, lots of foot traffic, and many tables and chairs. That risk assessment would consider not only the likelihood of injury, but workplace safety rules, insurance carrier requirements, and the interaction of such a policy with other institution-specific practices (particularly, how often they clean the floor).
Again, this all comes down to the requirements and needs of a particular library, on a particular piece of property, governed by a particular set of rules. I want to stress: such factors are variable. The “National Yoga Library,” or a library based around a culture where shoes are left at the door, would have a different perspective on this issue, perhaps insisting on a no-shoe policy (there are some places where it’s shoes that are considered dangerous and unsanitary, which makes sense, when you think what they walk through). But for most libraries in New York, where for six months of the year our floors are coated in slush and salt, and furniture design presents many a hazard for unshod feet, “shoes, please” is likely the policy of choice. And it’s okay to insist on it.
Thanks for a great question!
 We have a storefront office on a busy city street, so this is actually a possibility. There’s never a dull moment on the West Side of Buffalo.
 NOTE: Before I let this person into my law firm, I would insist they put on some shoes, or I’d meet them outside. This is because, while I may have liberal ideas about intellectual property and how to run a business, I am a fuddy-duddy about certain conventions (like civility, yielding to pedestrians, and covered feet). Someone once called me an “innovative curmudgeon;” I took that as high praise.
 NOTE: I would likely not take this consultation. I work with so many libraries, it would probably be a conflict of interest.
 I can’t fathom what type of restraining or protective order would require a person to not wear shoes, but in my business, I’ve learned to “never say never.”
 If you ever want to kill the mood at a party, ask me about the many laws that govern land use: zoning, permitting, environmental law, historic preservation, urban planning, construction, building code, municipal law, landlord-tenant, real property procedure, restricted giving…. Yep, land use law can destroy a festive mood in ten minutes or less.
 19 NYCRR § 212.5 “Proper attire of contestants”
 If this concept sounds foreign to you, and you work in a library, my impression is that you are in a happy minority.
 I do a lot of yoga. No matter what studio I am at, if I forget to leave my shoes at the door, I get a very quick “what you are doing is not cool with the universe” reminder to take them off. In the yoga studio, bare feet are the rule, which is why most yoga places have a high budget (or offer work-trade) for floor cleaning.