I have an instructor who asked if it would be violating copyright infringement if she shares articles from her personal Continuing Education Units (CEU) account subscription with her students as class reading assignments.
NOTE: This question arose during the scramble for online resources during the nation’s response to COVID-19. Click here for a full array of COVID-19-related questions about library operations and copyright matters impacted by pandemic response.
It might be copyright infringement, but there is another concern: it could also violate the terms of the contract (the subscription agreement) between the teacher and the CEU provider.
The problem is that not only do such subscription sites have basic, contractual terms governing the actions of all subscribers, but the individual articles may have different (less or more restrictive) terms, too.
For example, I tooled around IACET (a major CEU provider)’s website and found a wide range of copyright and licensing terms. In some places, IACET had a very strict license that bars sharing materials. In other places, I found language encouraging IACET’s leadership to adopt language promoting the sharing of articles, particularly those that reinforce IACET’s standards and values.
My best guidance must be: the teacher should evaluate their personal subscription agreement and terms for each article on a case-by-case basis. For instance, it looks like IACET has taken a variable approach, so some content might actually be free to use. Other material might be licensed for purposes of instruction—but only to the institution holding the license. Each CEU provider will differ.
Only by reviewing the teacher’s contract with the provider, and the relevant content terms, can this question be answered. And in these difficult times, calling them to ask for permission for the duration of the state of emergency might work.
Barring that, I am always very wary of any solution to educational content needs that relies on the individual instructor, rather than the institution (who, among other things, has better insurance), to take risks, so hopefully the school can assist with getting the right content, or finding a solution under copyright Section 108, 110, or 107.
With the NYS Shield Act taking effect in March 2020 what changes or precautions should libraries be thinking about to comply with the law and minimize the risk of data breaches?
There are many technical aspects to this question, and this answer will explore many of them. But first, I invite each reader to sit back, close their eyes, and envision the types of information their library takes in, maintains, or manages digitally.
Name…address…phone number…e-mail…library card number and account information. Perhaps a driver’s license, or other photo ID. Credit card information? Job applicant information, payroll, and employee data…. Donor information. Survey responses. Licensed lists. Content related to digitization. And (of course) every digital record related to a library’s core function: providing information access.
Now envision what someone with less-than-ethical intentions could do if they accessed or appropriated that digital information:
Disclose confidential library records…sell active credit card information on the dark web...use the information to design a very convincing phishing scheme….
And I bet you can easily think of more.
Scary? You bet it is. This is the type of risk-management New York’s lawmakers had in mind when they enacted the SHIELD Act, a far-reaching amendment to the state’s laws governing data security.
And as the member points out, the changes will impact your library.
So, what does this law require?
And here is where we get technical. Because the law will hit different types of institutions differently, this “Ask the Lawyer” can’t give you a word-by-word recital of the precise obligations the SHIELD Act will impose on your institution. But it can give you a plain-language DIAGNOSTIC FORM to help your board, your director, and your (internal or external) IT team a tool to start assessing your obligations.
So here, without further ado, is the ‘ASK THE LAWYER’ SHIELD ACT DIAGNOSTIC FORM. If you have a buddy to fill this in with, I suggest you invite them to help, this is not the type of exercise to do alone.
[NOTE: Any member of a library council in the State of NY is licensed to make a copy of this form for diagnostic purposes. However, THIS IS NOT INDIVIDUALIZED LEGAL ADVICE and no legal conclusion about the obligations of your institution should be made without the input of a lawyer. That said, filling this out will help that lawyer help you a lot faster.]
Does your library collect electronic versions of “personal information” as defined by SHIELD?
Here is the definition of “personal information”:
"Personal information" shall mean any information concerning a natural person which, because of name, number, personal mark, or other identifier, can be used to identify such natural person.
If your library collects “Personal information” as defined by SHIELD, it may be subject to SHIELD’s requirements.
So, if you marked “yes,” keep going!
Does your library’s network or equipment collect electronic versions of “private information” as defined by SHIELD?
Here is the type of data that, when combined with “personal information” becomes “private information” protected under SHIELD:
(1) social security number;
(2) driver's license number or non-driver identification card number;
(3) account number, credit or debit card number, in combination with any required security code, access code, [or] password or other information that would permit access to an individual's financial account;
(4) account number, credit or debit card number, if circumstances exist wherein such number could be used to access an individual's financial account without additional identifying information, security code, access code, or password; or
(5) biometric information, meaning data generated by electronic measurements of an individual's unique physical characteristics, such as a fingerprint, voice print, retina or iris image, or other unique physical
representation or digital representation of biometric data which are used to authenticate or ascertain the individual's identity; or
(ii) a user name or e-mail address in combination with a password or security question and answer that would permit access to an online account.
If your library collects “private information” as defined by SHIELD, it may be subject to SHIELD’s requirements.
So if you marked “yes,” keep going!
(NOTE: if any libraries out there are using biometric records like retina scans in place of library cards, please let me know, because that is Bladerunner-level cool).
Does the “private information” your library collects include information from residents of New York?
If your library collects “private information” relating to New Yorkers, it may be subject to SHIELD’s requirements.
So if you marked “yes,” keep going!
Is your library part of a larger institution such as a school, college, university, museum, religious institution, or hospital?
If the answer is “yes,” then STOP.
Your work on SHIELD ACT compliance should be coordinated with your full entity, who should be sensitive to not only your library’s obligations under CPLR 4509, but your institution’s obligations under SHIELD and other data security laws like FERPA and HIPAA.
Don’t go rogue!
Does your institution contract with another entity, like a library system, to maintain private information?
EXAMPLE: When a person applies for a library card, does the personal information supplied stay on the local library’s network, or does it simply flow through a terminal at the local library to a system’s network? This is a very common arrangement in NY.
If “yes” list and attach the contracts, along with the information maintained by the contractor.
This question applies to both parties.
If the answer is “yes,” gather the contract(s) governing the arrangement(s), and be ready to check the contracts for assurance of SHIELD compliance. This includes assurance of “reasonable security requirements,” and a clause governing data breach notification.
Now, aside from information maintained on another entity’s network as listed in #5 above, (library system, payroll service, credit card service provider, etc.) does your institution maintain any computer system with private information?
If yes, list the information gathered and where it is maintained:
If the answer is “no,” you only have to follow step #7, below.
If the answer is “yes,” make an appointment with your IT team, and be ready to do steps #7 through #15, too.
Contract compliance check:
If you answered “yes” to #5, above, the contracts governing that relationship would be clear about SHIELD Act compliance, including the notification procedures for data breach.
Who is the person at your institution who will do this work with your contractors?
This is a smart step because contract vendors must meet this standard:
Any person or business which maintains computerized data which includes private information which such person or business does not own shall notify the owner or licensee of the information of any breach of the security of the system immediately following discovery, if the private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.
Okay, so it looks like my institution has to comply with the SHIELD Act. What does that mean?
Any person or business which conducts business in New York state, and which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New York state whose private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.
So, does your institution have a policy for data breach notification?
Your institution may already have one! If so, it should be updated to reflect the changes in the law.
If it doesn’t have one, now is a good time to get a policy in motion.
The law lists the steps and requirements for notification. Among other things, those requirements can depend on the size and nature of the breach.
NOTE: a data breach response is something a library should respond to with a qualified IT team and, if there are concerns about liability and compliance, a lawyer and your insurance carrier.
Any person or business that owns or licenses computerized data which includes private information of a resident of New York shall develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information including, but not limited to, disposal of data.
Does your institution have a policy to implement these “reasonable security requirements?”
Your institution may already have one.
If so, it should be updated to reflect the changes in the law.
If it doesn’t have one, now is a good time to get a policy in motion!
NOTE: ***I have put the SHIELD Act’s criteria for a data security program next to three asterisks in the text following this form.
Thirdly, are you a small library and feeling panicked about your security requirements?
Don’t worry, if you’re a “small business,” the law has a provision related to your obligations.
Here is the SHIELD Act’s definition of a “small business”:
"Small business" shall mean any person or business with (i) fewer than fifty employees; (ii) less than three million dollars in gross annual revenue in each of the last three fiscal years; or (iii) less than five million dollars in year-end total assets, calculated in accordance with generally accepted accounting principles.
So (deep breath) are you a “small business?”
If the answer is “yes,” then your “reasonable security requirements” are tempered:
…if the small business's security program contains reasonable administrative, technical and physical safeguards that are appropriate for the size and complexity of the small business, the nature and scope of the small business's activities, and the sensitivity of the personal information the small business collects from or about consumers.
This analysis is why having an inventory of the private information maintained by your library (or for your library) is critical; depending on the “sensitivity” (or use) of what you maintain, your plan can adjusted for what is “appropriate.”
Just to reiterate: if you have gotten this far into the assessment diagnosis, you should probably have a “data breach” plan—even if it is just for coordinating with the entity who holds most of your data.
So: do you have a “Data Security and Data Breach Notification Policy and Procedure?”
As can be seen in the factors cited in the sections above, policy and procedures related to data security and data breach notification cannot be a cookie-cutter based simply on what other libraries do. Your policy and practices will be governed by many factors.
Are you insured for data breach and recovery?
This is a great question to ask your insurance carrier! You should also be familiar with their notice requirements in the event of a hack or breach.
Who at your institution is responsible for coordinating your data security program?
This responsibility should be confirmed in a job description and reinforced with regular training. Working with your system or other larger supporting entity may be important, too.
Who are your outside contractors assisting with emergency response in the event of data breach?
This is a good standing contract to have, and one that systems and councils might consider jointly negotiating for on behalf of members (and hopefully it is a service you never need to invoke!).
Did you ever think, when you chose a library career, you’d get to moonlight in IT?
IT and libraries: two great tastes that go great together….with enough planning.
And that’s the SHIELD Act.
How does a small not-for-profit tackle this expansion of data security laws? Like anything else: inventory your status under the law, establish a goal for compliance, develop a budget and a plan, make sure the responsibility is appropriately allocated, confirm insurance coverage alignment, use all the resources at your disposal (your system, council, insurance carrier, and board members who have lived through data breach compliance) and get it done.
In practical terms, this is also means:
The penalties for violation of the SHIELD Act are $5,000 per violation, in an action brought by the New York Attorney General (the law doesn’t create a private right to sue). Other changes to the law make it easier for the AG to learn of data breaches, and to coordinate with other law enforcement agencies trying to combat them. As we envisioned at the beginning of this article, the states for a breach are high.
But don’t worry. No matter where your diagnosis falls, remember: libraries have been operating under heightened privacy obligations since before there were computers. That mindset—awareness of an ethical duty to protect privacy--is the most important part of a program to minimize the risk of breaches.
You’ve got this.
Thanks for a great question.
***A data security program includes the following:
(A) reasonable administrative safeguards such as the following, in which the person or business:
(1) designates one or more employees to coordinate the security program;
(2) identifies reasonably foreseeable internal and external risks;
(3) assesses the sufficiency of safeguards in place to control the identified risks;
(4) trains and manages employees in the security program practices and procedures;
(5) selects service providers capable of maintaining appropriate safe-guards, and requires those safeguards by contract; and
(6) adjusts the security program in light of business changes or new circumstances; and
(B) reasonable technical safeguards such as the following, in which the person or business:
(1) assesses risks in network and software design;
(2) assesses risks in information processing, transmission and storage;
(3) detects, prevents and responds to attacks or system failures; and
(4) regularly tests and monitors the effectiveness of key controls, systems and procedures; and
(C) reasonable physical safeguards such as the following, in which the person or business:
(1) assesses risks of information storage and disposal;
(2) detects, prevents and responds to intrusions;
(3) protects against unauthorized access to or use of private information during or after the collection, transportation and destruction or disposal of the information; and
(4) disposes of private information within a reasonable amount of time after it is no longer needed for business purposes by erasing electronic media so that the information cannot be read or reconstructed.
 “We just need your bank information to refund your library fees since 1987 with interest!”
 SHIELD stands for "Stop Hacks and Improve Electronic Data Security".
 Why? Well, if you’re lucky, it’s because it will be boring. But chances are, it will be all too exciting, as you discuss the different types of data your library maintains and explore the data security obligations that come with it. And if that happens, you’ll need one person filling in the form, while the other one looks up information—and you’ll both want someone to share your sense of urgency when it’s over.
 NOTE: This is a huge change in the law, which used to only apply to businesses in New York. Now it applies to any business that collects the information of New Yorkers; a big difference and one that impacts businesses out-of-state.
 Institutions subject to HIPPAA have special provisions to ensure disclosure obligations aren’t redundant.
I have been reading the legal arguments undergirding the Controlled Digital Lending initiative (controlleddigitallending.org). The legal arguments are outlined in the white paper here: https://controlleddigitallending.org/whitepaper.
Our library has a DVD collection that has been heavily used over the years for teaching, research, and recreational use. Circulation of that collection has been restricted to members of our campus. There are fewer and fewer DVD players available on campus now and so we are facing significant sunk costs with a collection that may become unusable. Hence, I am wondering whether we could reformat DVDs that we have purchased over the years, put those physical copies in a dark archive (i.e., no longer circulating), and stream the digitized copies one user at a time to verified members of our campus (current students, staff, and faculty). Would the doctrines of 1st sale and Fair Use apply, given that there would be a one-to-one relationship between the physical copy purchased and digital copy loaned, as well as noncommercial use?
This is a great and important question, and it rests on an critical issue.
With that in mind, before you delve into this answer, I encourage readers of “Ask the Lawyer!” to check out the CDL “Statement” on www.controlleddigitallending.org/statement.
Okay. Did you check it out? Interesting, right? Now, on to the answer….
Controlled Digital Lending (“CDL” ) is an effort to assert the rights of content users—as opposed to those of content owners—in the next regime of copyright law.
As described in the CDL “Statement”:
CDL enables a library to circulate a digitized title in place of a physical one in a controlled manner. Under this approach, a library may only loan simultaneously the number of copies that it has legitimately acquired, usually through purchase or donation. For example, if a library owns three copies of a title and digitizes one copy, it may use CDL to circulate one digital copy and two print, or three digital copies, or two digital copies and one print; in all cases, it could only circulate the same number of copies that it owned before digitization.
Rallying librarians from an impressive array of institutions, CDL asserts an extension of current copyright doctrines and seeks to confirm rights critical to the world of information management.
But although it is a hybrid argument of Fair Use and the First Sale Doctrine, CDL is not the law. Rather, it is a concerted effort to influence—and perhaps become—the law.
As I see it, CDL is also a deliberate and potentially powerful answer to the established trend of content providers using contract law to impose limitations on copyright’s “First Sale” doctrine. Here are some examples of this trend:
Because of the billions of dollars in revenue such contracts protect, the entertainment, publishing, and other IP industries will fight tooth and nail to not only resist CDL, but any extension of Fair Use and the First Sale doctrine. Considering the lobbying power and commercial heft of these industries, the CDL position will need all the recruits and allies it can get. It will be a showdown fought through usage, lawmaking, and most likely, law suits.
The CDL’s organizers know this might be hazardous combat. Right in their “Statement” is the caution:
Because the following analysis is general, any library considering implementing controlled digital lending should consult a competent attorney to develop an appropriate program responsive to the specific needs of the institution and community.
This warning in the Statement is well-justified. The stakes for generating infringing copies (which is what copyright owners will argue CDL digital copies are) and distributing them (which is what copyright owners will argue CDL-using libraries are doing) can be high, with the violator liable for damages and attorney’s fees, and stuck in a courtroom battle for years.
So what would a “competent attorney” advise their client to do in this case? I don’t speak for all competent attorneys, but in a case like this, I would strongly advise an institution NOT to make “CDL” copies unless the action was part of a highly assessed, planned, and well-calculated strategic plan that considers the benefits and accepts the risks.
How does an institution do that? Any institution seriously considering CDL should form a “CDL Committee” consisting of the institution’s librarian, risk manager/insurance liaison, a representative of the institution’s academic wing (if applicable), and an administrative decision maker (an officer of the institution). The group should consult with (but not necessarily include) a lawyer.
The group would assess what use their institution could make of CDL, get advice from the lawyer about those specific uses and the risks, check their insurance coverage, assess what is being done at peer institutions, and (perhaps most important) consider how this overall issue impacts their mission. There would possibly be, at some of the bolder institutions, some acceptance of calculated risk.
If the group’s overall assessment leaned toward CDL, the committee could create a “CDL Assessment and Use Policy” to govern all its uses of CDL. This way, the decision to use CDL would be rooted in the institution’s mission, while the process would be informed by the library’s assets and users’ needs. This is critical because if the institution was ever sued for infringement, a good array of back-up material, showing a bona fide belief in Fair Use, and consistent with that of other participants’ in the CDL effort, could help them assert their position and limit financial damages.
With regard to the member’s particular scenario (trying to get more use out of an extensive collection of aging DVD’s), if I were the lawyer consulting with a committee, I would probably advise against that particular use for CDL. Unless the transmission is per section 110 of the Copyright Act, the risk of a suit for unlicensed transmission of a motion picture is just too high. But I’d also want to assess each movie on a case-by-case basis. While the combination of First Sale and Fair Use might not simply allow the restricted streaming, other solutions (a news exception, a license) might.
I am sorry I cannot give a more definitive answer, but as the CDL organizers themselves point out, CDL is on uncertain ground. The authors of the “Statement” don’t come right out and say it, but they are trying to fight fire with fire…offering a bold and critical counterpoint to the current copyright scheme through which rights owners tightly control digital dissemination of works in print.
Libraries, these days, occupy ground zero of many of society’s struggles, and the next regime of IP law is one of those. On the battlefield of intellectual property, troops are massing at the no-man’s land between digitization and the First Sale Doctrine. Led by librarians, there is an army that hopes to not only hold the First Sale line, but officially extend it to a practice that is more convenient, green, and aligned with current technology: CDL.
Does your library want to join that battle? Does it want to explore making select works available, under closely controlled circumstances, without requiring a person to pick up a hard copy? By making a deliberate, well-planned decision to have a CDL policy, your institution can answer the famous question:
“There’s a war coming…are you sure you’re on the right side?” 
 The signature list is like a “Who’s Who” of library world.
 The person at your institution who makes sure you have insurance, and transmits claims information when there is an issue…or that person’s supervisor.
 At least until a heavy hitter wins a case or two using the CDL argument.
 Wolverine to Storm in X-Men, movie (2000). I wish I had it on DVD.
Recently, a patron asked what our library does with the digital movie codes that come with some of the DVD and Blu-ray disc we purchase. We have been throwing those codes out, so he wanted to know if we could give those codes to him (he would be willing to purchase them).
I would like to know the legality of selling them to patrons to raise funds for the library. What about including them in prizes? Is it covered by the First-Sale Doctrine? What if the fine print on some read "sale or transfer prohibited?" The discs are purchased with tax-payer money, does that further complicate the situation?
When purchasing DVDs/Blu-rays at a library there are often alpha-numeric Digital Movie Codes available to receive a digital copy of the movie. These licenses seem to be tied to a single person that cannot be used or circulated in any easy way. Is there anything a library could use these licenses for, such as public viewings (as long as they are covered under the appropriate movie license) or giveaways at the library. Or are these Digital Movie Codes best to be thrown away because of the copyright restrictions surrounding digital content?
Two questions about a creative use of resources! Truly a joy to behold. Unfortunately, this is one of those questions where I have to be a killjoy.
Before I dig into why, let’s clarify: both members have asked about the “Digital Movie Codes,” or alphanumeric keys, on (or in) the packaging of certain DVD’s, Blu-rays, and 4K/UHD discs. Through a process called “redemption,” the holder of such a code can download a copy of the movie in the package.
After “redeeming” the code, the holder can download the film to their phone, tablet, or computer. The idea is that once you’ve paid for the hard copy, even if it is copyright-protected, the purchaser should be able to view the movie on the medium of their choice.
So, can these fantastic codes be used, transferred, or raffled off by a library? Because of the diversity of licensing terms, there is no one, definitive answer. But my time researching showed that a growing number of these codes are supported at the back end by a company called “Movies Anywhere.”
Digital codes originally packaged in a combination disc + code package (for example, a combination package that includes a DVD, Blu-ray, and/or 4K/UHD disc(s) and a digital code) are not authorized for redemption if sold separately. By redeeming one of these codes, you are representing that you, or a member of your family, obtained the code in an original disc + code package and the code was not purchased separately. Your representation is a condition of redemption of the code and of your obtaining a license to access a digital copy of the movie. To read all terms and conditions applicable to using your Movies Anywhere account, click here. If you agree, click the REDEEM button above.
See that clause “you…obtained the code in an original disc + code package”? THAT is what kills the joy and puts the kabosh on the clever transfers and re-uses posed by the members. Simply by redeeming the code, the person who acquired it from the library (whether by gift, purchase, or luck of the draw) would be in violation of the terms of the license…not a very patron-friendly practice (although some patrons might disagree)!
But wait, there’s more.
Wouldn’t it be nice if the library could have a DVD-viewing room where the digital content of purchased movies was watchable? That, too, is likely forbidden, since as of this writing, participation in “Movies Anywhere” is limited to “individuals.” “Companies, associations and other groups may not register for a Movies Anywhere account or use the Movies Anywhere Service,” states Section 1.a. Libraries, while not generally thought of in such terms, are “companies,” so arguably, even redeeming the codes to put the content on library-owned technology is not allowed.
Of course, when it comes to these codes, check the fine print. If they are through a service that doesn’t bar transfer (or on the flip side, doesn’t require the actual purchaser of the package to be the redeemer), you may be able to proceed as envisioned. That said, I doubt many movie companies will depart from the Movies Anywhere model. Content providers have had almost two decades since the “RIAA wars” to get this right, and they don’t want to leave any revenue on the table.
How enforceable are these license restrictions? We’ll see. The industry is suing when the terms are violated, and defendants are fighting back (see ongoing case Disney Enterprises, Inc. et al v. Redbox Automated Retails, LLC, in federal court in the Central District of California). That said, libraries are in a different place than most “companies,” when it comes to restrictions on information. If there is ever a compelling, information-access reason—or a disability accommodation reason—to use one of the codes, that should be explored.
P.S. I saw a lot of reasons why libraries can’t give away or sell these codes, but I saw nothing that stops patrons from buying the hard copy, using the code, and eventually donating the hard to the library. THAT would be within the “First Sale” doctrine. So while I know that’s the obverse of what the members envisioned, perhaps that can restore some joy to these questions.
 Of course, “redemption,” which requires an account, also means the content provider gets a view into your movie choices, viewing habits, and choice of media. But I will save a privacy rant for another day!
 Who are “legal residents” of the U.S., no less.
 The fight over digital copying of music, eventually leading to many fans swearing off Metallica.
Recently, our library has been given a collection of photographs that were previously on display in a local business location. These are photos of the customers of the business, many are children. These photos span several decades and are important to many.
We would like to digitize these photos and make them available via the internet because we believe these to be of sentimental, cultural, historical and academic value to our region and beyond.
The photos were given to our library by the business that had previously displayed them and also produced the photos. What are the issues of rights and permissions raised by making these images freely available online, especially given that many of those in the photos are children? Thanks for your help.
To answer the member’s questions, we must start with the fundamentals.
When accepting a donation of culturally significant photos, an archive should have a donor agreement or other documentation that addresses the following things:
Does the donor solely own the physical photos?
Is physical ownership being given to your institution?
Who authored the pictures? If not a company, what is their name and birthdate?
Does the donor solely own the copyrights?
Is copyright ownership being given to your institution? If not, what permission comes with the physical donation?
May the receiving institution license use by others (a “transferable license”)?
Were the copyrights registered?
Are there any reservations or conditions on this gift?
If donated as part of a will, obtain a copy of the will.
What is the value of the gift? (for tax purposes, if the donor wants to claim a deduction)
Confirming the scope of the donation, the conditions, and value of the gift creates a firm basis for future decisions, including how to address the potential risks of posting pictures of minors.
It is also helpful to get as much additional information as you can at the time of the donation:
To the best of the donor’s ability, what is the date, place, and identity of those in the pictures? What else of significance is being depicted?
What type of equipment was used to product the images?
Why were the images gathered?
Who collected the images?
Why is this collection significant; why should it be preserved and made available to the public?
Why does this collection fit into the mission of your institution?
Knowing as much as possible about the provenance and purpose of a collection makes it easier to access the protections built into the law for journalism and scholarship. And with that background, it is easier to assess the risks when the collection involves human subjects.
Those risks include:
Will this content be used by the institution in a way that violates New York’s bar on use of names and likenesses for commercial use? 
Are there any ethical considerations that bar including these images in the collection?
Is this depicting any personal health information?
Are there special sensitivities we must consider and plan for?
Will the names of those depicted be included in the metadata of the digital archive? If so, why is that necessary?
When it comes to minors (those under 18), additional risks are:
Will this reveal a minor’s youthful offender status?
Will this reveal participation in the social services system?
Does this depict an illegal act?
If the answer to any of the last eight questions is “yes,” a consultation with a lawyer, and perhaps an an image-by-image review, may be warranted. But while that may time time and resources, it may be worth it, since there still may be a way to digitize the photos and make them available via the internet…especially if they have sentimental, cultural, historical and academic value to our region and beyond.
 At an academic institution, if the images depict human subjects (of any age) consult the Institutional Review Board (“IRB”). Depending on how you design your project, it could be important.
 Here is the actual text of the law: “§ 50. Right of privacy. A person, firm or corporation that uses for advertising purposes, or for the purposes of trade, the name, portrait or picture of any living person without having first obtained the written consent of such person, or if a minor of his or her parent or guardian, is guilty of a misdemeanor.”
 Depictions of exploitation, enslavement, abuse, or images that could be considered an “illegal sex act” (as defined by §130 the penal law) for instance. From the sound of it, that is not the case here, but at “Ask the Lawyer!” we try to be thorough.
A member asked about a request for the library to provide copies of photos from yearbooks for a class reunion.
One of the reasons I enjoy doing “Ask the Lawyer,” is the diversity of questions, and the often esoteric subjects I get to research as a result. This question is a prime example.
While the liability for copying copyright-protected yearbook photos is, in theory, the same as copying any other published, commercially-generated or amateur picture, I always like to check and see if the specific circumstances in the question have some directly on-point case law. So when this question came through the pipeline, I hit Lexis-Nexis® to search for cases of “yearbook infringement.”
Well. I found:
What I didn’t find was a string of case law based on simple copying of yearbook photos for non-scholarly or non-journalistic reasons, like promoting reunions, which is the nuance posed in the member’s question. But I suspect that is because when a claim based on such an action is threatened, if it has any teeth, it is quickly settled. Insurance carriers do not like litigation.
So, when your library gets a request for a might-still-be-protected yearbook photo, does it mean the request must be denied? No. Remember, if the use is non-commercial, and the other criteria are met, libraries can make copies under Copyright Act Section 108. Further, Under Section 107, patrons can make the copies themselves, and can claim fair use. But like with all things copyright, the devil is in the details. It all depends on the basis for the request, and the amount of content used.
Where must we draw the line? Somewhere between these two examples:
Example #1: A patron has requested the library copy a yearbook pages featuring Timothy McVeigh for use in coverage related to the Oklahoma City bombing. That person could get both a 108 copy, and a copy under fair use. This is especially true if the image selected actually showed it was from the yearbook, and was included as part of an essay, book, or documentary exploring the roots and reasons for the actions of a domestic terrorist.
Example #2: A patron has requested the library make copies of the individual photos of 100 less notorious graduates to promote Starpoint High School’s Class of ’86 reunion on Classmates.com. That request would not have that same protection at Example #1. If the original photographer or their heir could show it was an infringement, they could claim damages (even if the photo’s copyright wasn’t registered), and the library could find itself without a defense.
So how does a librarian deal with this type of request? As always, help the patron get access to the information they need, but protect the library. If the request is in person, once they have been given access to the book, your job is done (don’t help them with the copy machine). If the request is remote or inter-library, and you know they plan a purely commercial use, you can’t make that copy. This might be perceived as harsh—the requester is probably just a volunteer trying to organize a simple good time! –but you can let them know that the request they made exceeds your authority.
Bear in mind, it’s 2018. If they access or check out the yearbook and take pictures with their phone without your assistance, that is not something the library can control, nor be held responsible for. The patron themselves might have liability, but your institution will not…unless your library is part of the school organizing the reunion, in which case… seek back-up!
Please note: this highly restrictive answer has nothing to do with the fact that somewhere in the Town of New Hartford, NY, there is a picture of me in a Def Leppard t-shirt with 80’s hair.
 This is not a paid commercial endorsement of Lexis. It’s just the service I use. But for the record, I have preferred it since law school, where “Lexis or Westlaw?” is the equivalent of “Coke or Pepsi?”
 Stanton v. Brunswick School Dep’t, 577 F. Supp. 1560 (January 23, 1984). She won!
 Cantor v. NYP Holdings, Inc., 51 F. Supp. 2d 309 (June 4, 1999). He lost! (Not enough original content in his work).
 Granger v. Klein, 197 F. Supp. 2d 851 (March 29, 2002). Josten’s got an early dismissal of most of the claims.
 Unless you are a member of Congress and can introduce legislation to change the Copyright Act.
We have video recordings of campus speakers that we are interested in digitizing and publishing to an online platform. They are currently on VHS and/or DVD and available in the Library to be checked-out.
The speakers include writers and poets who recite their published, copyrighted works to the college audience. Is it possible for us to post the recordings of these readings (as well as question and answer sessions) online? Most likely there was no signed license agreement when filmed.
Part of the mission of higher education institutions is to bring important, provocative, and enlightening speakers to their communities. Over the years, this results in an impressive roster of authors, artists, professionals, politicians, comedians, dignitaries, and civic leaders, having spoken on campus. Sometimes, all or part of this roster was captured on film, video, or audio recording.
The rights to those recordings—and what can be done with them in the digital age—can present a complicated situation. Each individual recording comes with a suite of considerations that can make a digitization project difficult. But in a scenario like the one posed by the member, critical points of analysis can be assessed, so a way forward is found. Here are those critical points:
Assessment Point #1: Who owns the copyright (to the recording)?
First, it is useful to establish who owns the copyright to the actual recording. Since copyright to a recording vests in the person who created the recording, not the person being recorded (unless it was a selfie), this is sometimes easy to assess. As we say in the biz: “who pushed the ‘record’ button?”
If the recording was made by an employee of the institution, and there was no contractual agreement otherwise, then the copyright to the recording is owned by the institution. If it was recorded by a student who just happened to be there, or a third-party attendee, the school doesn’t own it (which becomes an issue in the subsequent steps). Awareness of this factor is a good starting point for what lies ahead.
If your institution owns the copyrights to the recording, you can skip points #2, #3 and #4, below.
Assessment Point #2: Is this recording part of the library’s collection?
Just because the educational institution owns the physical copy doesn’t mean it is part of the library’s collection. For purposes of numbers 3 and 4, below, if your institution doesn’t own the recording, in order to convert and/or conserve it under Copyright Act Section 108 (the section giving special rights to certain libraries), the original recording must be formally cataloged and included in the library’s collection.
Assessment Point #3: Is the library in a position to convert the copy to a digital medium?
If the copy is formally a part of the library’s collection, and it is on a format considered “obsolete” under section 108 of the Copyright code (so long as the devices are no longer manufactured, VHS is, for example, is considered “obsolete”), the library may convert it to a digital format, and loan it out as provided by the §108. NOTE: this does NOT mean you can include it in an online digital collection, for anyone to access any time, but it takes you one step closer to it!
Assessment Point #4: Does the library need to conserve the copy?
If the original copy is deteriorating, it may be duplicated as set forth in Section 108. NOTE: this also does NOT mean you can include it in an online digital collection, but it makes sure than once you can, your original copy is safe, and backed up for posterity.
Assessment Point #5: Did the institution have any right to record, and/or to use the image of the person who was recorded?
This requires scouring the contracts of the institution. Most speaker contracts these days include terms controlling the right (or not) to make a recording, but, as reflected in the scenario posed by the member, in the past this was not the case. This assessment is critical, especially since at academic institutions, other departments at the institution may want to use the content to promote and celebrate the institution…but in New York, the commercial use of a person’s image, without their written consent, can carry both civil and criminal penalties.
Assessment Point #6: Are there any concerns with trademark?
The risk posed in #5 is increased if the speakers’s name and image is currently being used for purposes of a trademark (like “Maya Angelou” which is protected under Federal Trademark 86978575), or if a trademark was on display during the presentation. This means any arguably commercial use (like selling copies, putting it on the school’s website or catalog, or selling a t-shirt promoting the collection) should only be done in consultation with an attorney.
Assessment Point #7: Are there other copyright concerns?
This is the meat in the sandwich of the member’s scenario. Going through the above steps, even if an institution:
1) owns the recording;
2) includes the recording in the library’s catalog;
3) meets the 108 criteria to convert it from an obsolete format;
4) meets the 108 criteria to make preservation copies;
5) has permission to use the name and likeness of the speaker in any and all formats, for whatever reason, forever;
6) verifies there are no trademarks involved…
…if the speaker read a copyrighted work during the recording, that “performance” of a copyrighted work MIGHT be subject to its own copyright, and thus, bring with it a host of new restrictions, cramping the bounds of your digital usage.
What a pain, right?
Fortunately, there is solution. For any library at an educational institution contemplating digitizing the institution’s recorded guest speakers, if the written record doesn’t reflect clear permission to record and use the content, writing to the original speaker, or the current copyright owners, to ask for permission, may be the best solution. A sample request, with the variables notes in CAPS, is right here1:
You may recall speaking at INSTITUTION on DATE. During that performance, you read [INSERT TITLE(S)] (hereinafter, the “Works”).
Our on-campus library seeks to include a copy of that performance, recorded on FORMAT, in an online, digital collection to be called TITLE (the “Collection”). We would like to include the recording in an online Collection, so it may be accessed by the public, for purposes of enjoyment and scholarship.
To that end, we ask the following:
1. Are you the sole copyright owner of the Works? Yes No
2. If you are not the owner, do you retain the right to give permission for their reproduction, distribution, performance, and display? Yes No
If you are not the copyright holder, or do not hold the rights, please let us know who does: _____________________________________________________________
If you are the copyright holder, please consider the below requests:
3. Copyright License
May [INSTITUTION] have a non-transferable, irrevocable license to reproduce, duplicate, display, perform, and, by virtue of the recording being part of the Collection, prepare a derivative work of, the Work(s), solely as performed by you and recorded by INSTITUTION on DATE? Yes No
We would like to use your name and picture to promote the Collection. May [INSTITUTION] use your name and likeness, including but not limited to photos or images of you, the recorded sound of your voice, for the purpose of promoting the Collection in hard copy, on the institution’s website, and via any other medium existing now, or later developed? Yes No
Thank you for considering this request. I included a self-addressed, stamped envelope, in the hope of a favorable reply.
Of course, the risk of asking is that they say “no”…and that they demand you stop using the recording of the derivative work! That is why in all of this, any contracts should be assessed by an attorney, so the rights of your institution are protected, and any requests for permissions should be carefully considered prior to submitting the request.
So, the answer is (and I appreciate it took a long time to get there!): unless the recording were news coverage—which is assessed under a different array of laws—permission (given either at the time of the arrangement, or many years later) for digital duplication and distribution is required, but can be arranged well after the event.
1 NOTE: This approach is for educational institutions that were also the original recorders of the work to be digitized, who are seeking a wide degree of latitude on their use. This approach is NOT suggested for digitization efforts involving content generated by third parties at non-educational institutions. It also does not cover recordings of musical works (that would be a whole other answer!).
Our question concerns the copying of college textbook chapters for students where the required textbook is either backordered by the bookstore day one of semester or where a late enrollees’ textbook is out of stock.
One current solution involves a limited checkout of a text for the first four weeks of a semester, and only for library use for reading or photocopying. We keep a printout of the standard Copyright notice on the copier to warn against excessive copying. After four weeks, students must have access to the book on their own and textbook copies remain solely as desk copies for faculty.
However, what is advised when multiple classes do not have textbooks in stock and late enrollees are more prevalent? What does copyright permit in terms of copying textbook chapters or providing e-links to textbook chapters on LMS (Blackboard, etc.) in such cases?
It’s 2017. Digital access to academic resources having been a factor in academic life for over 20 years, it would be reasonable to think I would have clear, well-established guidance to give you.
However, as of 2016, the United States was still struggling with Fair Use, and the law doesn’t give us the bright-line rules we are hoping for. Rather, particularly with regard to textbooks and digital access, recent case law has diminished them.
Very comparable to the circumstances you described is the case Cambridge University Press v. Mark P. Becker No. 1:08-cv-01425-ODE (N.D. Ga. Mar. 31, 2016). In Cambridge, a court in Georgia, after trying to use a simpler, equally weighted Fair Use analysis, and relying on the ill-fated “10% standard” of duplication, ruled that when creating digital copies/excerpts of textbooks:
(1) the first factor, purpose and character of the use, weighs in favor of fair use because [a university] is a nonprofit educational institution;
(2) the second factor, the nature of the work, is “of comparatively little weight…particularly because the works at issue are neither fictional nor unpublished;”
(3) the third factor, the amount of work used, must be viewed through the lens of “the impact of market substitution as recognized under factor four, in determining whether the quantity and substantiality . . .of [d]efendants’ unlicensed copying was excessive;” and
(4) the fourth factor, the effect of the use on the potential market for the work, “concern[ed] not the market for Plaintiffs’ original works . . . but rather a market for licenses.”
This case shows that a when it comes to textbooks, while courts will give strong deference to educational institutions, there is no “magic formula” (like 10% of the content) they will apply to ensure Fair Use. Rather, courts will apply a nuanced analysis that changes from work to work, and from use to use—making general guidance a challenge.
With all that in mind, my answer to the inquiry is:
First, the ability of the student/patron to physically access or check out the book is a great service by your library; with the required copyright notices posted, and no attempt by the library to collude with students in making prohibited copies, you are taking good advantage of section 108’s exemptions of libraries from liability for infringement. In addition, providing access to textbooks within the structure outlined above is a great incentive for students to visit the library.
Second, your actual question—can my library use digital access to help students who were late registrants or otherwise unable to secure a physical or full digital copy?—requires application of the Fair Use factors on a work-by-work basis, which as we can see, is an increasingly intricate and fact-specific exercise. You must apply the four factors not just on a work-by-work basis, but while considering the specific purpose of a particular use.
There are also some practical tips that can help you avoid being sued for infringement.
Tip #1: To answer questions like this, I always put myself in the shoes of the potential plaintiff.
· If I were the publisher, would I view the digitized access as cutting into my potential revenues?
· Is there an easily obtainable license for the excerpt, that the library is just choosing to ignore?
· Can I, as the publisher, easily put a price on the damages?
All these factors, if the answer is “yes,” can lead to the publisher instructing their lawyer to file suit.
However, even if all of these are true, I, the publisher, would also ask…did every person who accessed the digital copy already have a copy on back-order (and not return it)? If they bought my book, and were only using the digitization as a place-holder, I, the publisher, would tell my lawyer to look elsewhere for damages…especially since when I, the publisher lose, I am responsible for the legal fees of the other party (in the Cambridge case, the publisher was told to pay the fees of the university).
Tip #2: It is unfortunate that, like the courts, I can’t give a simple formula for Fair Use. However, one way you can sometimes get a bit of “free” advice on this is to consult with your institution’s insurance carrier. It is very likely your institution is insured for copyright infringement, and that they have a list of best practices they would like to ensure you, the insured, are following. As a professional within the library, it is good to also confirm that this coverage will cover not only the institution, but you as an employee. That can help you sleep at night.
Tip #3: And finally, if ever an entity notifies you that they are suing you for infringement, notify your insurance carrier right away. Often times, they can provide counsel, and help you reach a quick, low-stress resolution.