RAQs: Recently Asked Questions

Topic: E-resource license language - 05/17/2021
If a signed license says that authorized users for remote access include "current students, f...
Posted: Monday, May 17, 2021 Permalink

MEMBER QUESTION

If a signed license says that authorized users for remote access include "current students, faculty, and staff only" or "active faculty, students, and staff only" or even "bona fide current faculty, staff, and students only" can we conclude that terminated faculty would not be legally allowed to have remote access after their termination? (Walk-ins are a separate matter; here we are looking at remote access). Some licenses allow "affiliates" and some even say that it's up to the institution to determine who gets credentials to allow remote access, but we have more than 20 licenses that state in one way or another "current faculty" only. I would take that to mean that former faculty, regardless if the institution allows them to keep their credentials for a year after termination, would NOT be legally allowed to continue to access those resources.

Am I right?

WNYLRC ATTORNEY'S RESPONSE

To give readers a bit of context about my answer to this: between 2006 and 2017, I was an in-house attorney at a university.  During that time, I hobnobbed with a lot of other higher education attorneys; first, because the hobnobbing helped keep us current in our practice, and second, because attorneys--like murders of crows or parliaments of rooks--are social creatures, who just need to talk about the law.

One of the many higher education/law topics that could turn a flock of lawyers into a full-fledged symposium was the issue of what is meant by the term "faculty."[1]

Are adjuncts "faculty"?[2]  Are grad student instructors "faculty"?  If a full-time staff member teaches a course or two, are they "faculty?"

Complicating the issue is that the definition of "faculty" will vary from institution to institution, based on union agreements and accreditor criteria--to say nothing of state law and regulations.

And finally, a wrinkle can be created when a "faculty" member leaves regular employment with a college or university, but assumes a new (and often under-defined) status, such as:

  • Retired faculty (whose retirement is governed by contract or policy)
  • Retired faculty with honorary title "Emeritus" (a title which may or may not convey benefits)
  • Terminated but "consulting" faculty who have a formal continuing affiliation with the institution (by contract or policy)
  • Terminated but "proximate" faculty who don't have a formal continuing affiliation with the institution, but for whatever reason, may retain the trappings of their former affiliation (network access, library card, the computer they used when they were employed, etc.).

This issue of undefined status is the type of topic that will occasion lots of discussion and perhaps another round of potables at a lawyer’s kettle.[3]  Why the fuss?  Examples exactly like the one brought up in this question.  Lawyers hate it when we can't put things into minutely defined boxes to process through a legal formula (after all, the order we impose by doing so is the entire reason for our professional existence).[4]

Here are some examples of what "disorder" a clause like those in the question is meant, by the content provider, to avoid:

  • The licensed content access flowing to any person with privileges at the institution's library (since many institutions allow community members to get cards);
  • The licensed content access flowing to a large body of people affiliated with the institution, such as alumni or boosters;
  • The content access flowing to groups or people with only a loose association with the institution (for instance, sometimes student clubs are open to community members); and
  • Any other way the institution could allow access that could deprive the licensor of revenue.

Of course, just what is barred, and how "former faculty" access could violate it, is highly fact-specific.  So let's take a look at the member's specific question:

...we have more than 20 licenses that state in one way or another "current faculty" only.  I would take that to mean that former faculty, regardless if the institution allows them to keep their credentials for a year after termination, would NOT be legally allowed to continue to access those resources.  Am I right?


Yes, you're right: if a faculty member is terminated and has no ongoing affiliation as a faculty member (even a tenuous affiliation, such as an honorary appointment or "emeritus" designation, which could give some slim justification), then there is no basis to claim they are "current faculty."

In my experience talking with aeries of higher ed attorneys, the most common way this type of concern is raised is when a faculty member is terminated, and asks to take their institutionally-issued laptop computer with them (often because it is the sole computer they have)--continuing access to servers and databases that would otherwise be cut off.  Many places want to do the nice thing and say "yes," but there's a catch: the institutionally-issued computer usually has proprietary software and access that is only available to (you guessed it) current employees.  (In addition, if the faculty member was teaching, it might house a lot of content protected by FERPA.  So, this question of ongoing access to content only licensed for use by current employees is often the tip of a big compliance iceberg.)[5]

But at this point, I have passed from answering the question (remember?  The answer was "Yes!") and moved onto the practical considerations.   Practical considerations, of course, are where many of the devilish details reside, but having answered the question, we'll leave it there for now.

Hopefully, this answer from within the conclave of the higher education law has provided some assistance and clarity.  I wish the member well; raising this type of contract compliance concern, which can cut across departments at a college or university, is rarely easy, but it's the right thing to do for an institution.

Thanks for a good question.

 



[1] Other hot topics that guaranteed a searing debate included: how to negotiate contracts with musical acts, how to build support for meeting accreditation requirements into institutional policy, and the ups and downs of enforcing campus parking policies. 

[2] Yes, and damn important faculty, too.

[3] Yes, I had fun looking up the proper titles for flocks of birds. https://www.thespruce.com/flock-names-of-groups-of-birds-386827

[4] That, and to provide endless fodder for television dramas, based on our glamorous lifestyle and impeccable fashion sense.

[5] If the problem is caused by retention of a computer post-termination, the best way to address it is through a policy that manages this type of situation up-front. For such a policy, there are really only two options: wipe the licensed content and all institutional information from the computer before the former faculty member is allowed to keep it, OR make it clear that institutional computers cannot be transferred after termination (neither of these solutions, of course, is likely within the authority of the institution's library staff to implement.  Having a good working relationship with a head academic officer, and/or HR, can allow you to flag this issue to people in a position to do something about it.).

Tags: Academic Libraries, Digital Access, E-Books and Audiobooks, Licensing

Topic: Request to remove scanned yearbook pages - 11/04/2020
I received a request from a former student of [a local high school] in which her name appears on a...
Posted: Wednesday, November 4, 2020 Permalink

MEMBER QUESTION

I received a request from a former student of [a local high school] in which her name appears on a yearbook page citing student activities. As the page is part of a whole PDF of the entire yearbook, "removing her name" would require taking down the entire yearbook.

If the library that scanned and uploaded the yearbook to the internet received permission from the high school to do so (the yearbook is tagged as In Copyright) does the student have a reasonable request?

 

WNYLRC ATTORNEY'S RESPONSE

At "Ask the Lawyer," we have tackled "yearbook questions" before: in 2018[1] we addressed patron requests to copy physical yearbooks in a library's collection, and in January of 2020[2] we addressed using scanned yearbook images to illustrate a commemorative calendar. [3]

But I have been waiting for this question for quite some time, and I am sure this scenario has a familiar sound to many readers.

"Yearbook scanning"—the creation of digital versions of yearbooks previously available only in hard copy—has been happening for quite a while now.  However formal or informal such efforts might be, the end result (if made accessible) is a searchable, highly accessible collection of images of people in their formative years[4], who for whatever reason, might see the increased access to their former images as problematic.

Although we don't know the motivation of the person asking the member to remove their name from a digitized yearbook, this scenario shows the apex of this concern: a request to be removed.

At this "apex," a person can make a simple, single request to be removed.  Or, they can be persistent about it--making multiple requests, calls, letters, etc.[5]  Or, if they are available, they can make legal arguments.

I can think of several "legal" arguments a person could bring forward to remove their name from a yearbook in the manner described by the member:

  • They are a victim of domestic violence trying to elude an abuser.
  • They are a victim of stalking trying to elude their stalker.
  • They have specific safety concerns based on the general public's easier access to the content.
  • They have legally changed their name and identity for personal reasons.
  • They have informally changed their name and identity for personal reasons.
  • They feel the use of their image is commercial (not likely if the poster is a not-for-profit library that isn't charging for the content).
  • The content is defamatory.[6]
  • The content is the result of a crime.
  • They have been the victim of identity theft and are attempting to optimize their privacy.[7]

Of course, asking for the "legal reason" a person is requesting removal from a digital, online yearbook puts the library in the uncomfortable position of having to evaluate the validity of the answer.  Let' not go there just yet; instead, let's take a closer look at the member's question:

If the library that scanned and uploaded the yearbook to the internet received permission from the high school to do so (the yearbook is tagged as In Copyright)[8] does the student have a reasonable request? [emphasis added]

The member has used a very, very important phrase to frame this question: "a reasonable request."

"Reasonable requests"—that is to say, requests that might not have slam-dunk legal footing, but still might be a good reason for removal—cannot be analyzed in a vacuum.  In this context, to determine if a request is "reasonable," it must be assessed against the backdrop of the hosting institution's mission, the purpose of the digital collection, and the values and ethics governing both.

That is why for libraries, archives, museums, and historical societies digitizing old yearbooks and other content that can impact living, breathing people, I advise every institution adopt a policy that 1) confirms that the goal of a digitization project aligns with the mission of the institution; 2) confirms how the content will be accessed (will it be added to the catalog to be checked out as an e-book, or be openly accessible as an online archive? etc.[9]; 3) confirms the ethics applicable to the project; and 4) creates an ethics-informed process for raising, evaluating, and acting on any concerns about the content.

For readers out there working in established archives, this ethical framework for selecting, preserving, and enabling access to archival content is already built into your institution's DNA.  However, for many libraries or smaller institutions that are now able to create online collections of easily accessed content through scanning, either to hold on their own servers, or to contribute to a larger initiative--with access unmediated by a library card or on-site access--it may be an area ripe for development. 

For those institutions just arriving at this phase, here is a short sample policy to govern the creation of digital content intended for open access:

 

ABC Library Policy on Institutionally-Generated Digital Unmediated Content[10]

 

 

Policy

Although not the primary mission of the Library, from time to time, the ABC Library will create digital versions of content with the intention that such content be made available to the general public via the internet without the mediation of membership in the library or being on the library's premises.  This content can be derived from items in the library's collection, or be generated from material borrowed by the library from another institution as part of a digitization project. 

 

For purposes of this policy, such content is called "Institutionally-Generated Digital Unmediated Content" or for short, " Unmediated Content". 

 

The purpose of this policy is to ensure the ABC Library's creation of such Unmediated Content, whether considered part of a collection or later included in an archive, is consistent with the Library's mission, values and ethics.

 

Mission

The ABC library's mission is to [INSERT].  The ABC Library's creation of Institutionally-Generated Digital Unmediated Content is consistent with this mission because [INSERT].

 

Code of Ethics

The ABC Library recognizes that due to the broad, direct access it can provide, the impact of Institutionally-Generated Digital Unmediated Content can be different from the impact of library collection content accessed by borrowing on-site access at the library.  Therefore, the Code of Ethics governing the ABC Library's creation of such Unmediated Content is the [NAME's] Code of Ethics.

 

Procedures

Any concerns related to the ABC Library's creation of Institutionally-Generated Digital Unmediated Content shall be evaluated per the above-listed Code of Ethics. 

 

Institutionally-Generated Digital Unmediated Content projects with content that depicts (possibly) still-living people, minors, and sensitive subject matter shall be evaluated per the Code of Ethics prior to the creation of the Unmediated Content.

 

To ensure adherence with these Procedures, ABC Library shall ensure an "Ethics Statement" accompanies all Institutionally-Generated Digital Unmediated Content created by the ABC Library.

 

Ethics Statement

To ensure awareness and consistent application of the Library's mission and Code of Ethics at all phases of the creation and access to such Unmediated Content, all such content shall be accessible with the statement:

 

"This content is governed by the [INSERT] Code of Ethics.  Concerns that any content violates the right of any living person, or that Code of Ethics, should be directed to [NAME] at [CONTACT INFO]."

 

Responsibility

The board of trustees maintains this policy and evaluates and revises it as necessary. 

 

[INSERT POSITION] is responsible for oversight of this policy and procedure.

 

All employees and volunteers working on digitization projects must follow this policy and procedure.

 

Now, with those essential considerations backing us up, here are my thoughts on the member's questions:

A request for removal or redaction of digitized content should be evaluated against the mission and values of the library that created the digital content, the purpose of the digitization project, and the ethics governing the project.

In this case, if the person requested removal without giving a reason aligned with ethics of the library and/or the project, the request should be denied.  On the flip side, if the reason for the request does align with the relevant ethics, it should be redacted or removed.

Here's an easy example of this playing out in the real world:

Every "Code of Ethics" I have seen governing libraries and archives requires that the institution follow the law.  Therefore, if there is a legal reason for removal, it should be done.

Here's a less easy example of this playing out in the real world:

If the request is more vague, like "I just don't want people to be able to find out information about me,"[11] your institution needs to look at the values and ethics it has adopted.  Does personal autonomy and concern for the privacy of living people get a high priority?  If the answer is "yes", there should be a process for redaction or removal.  If the answer is "no," with more priority placed on the integrity of the material, unless there is a legal reason compelling removal, the answer should be, "Sorry, our role is to preserve and make accessible this record in its original form" (or other language regarding integrity of the records, taken from your library’s Code of Ethics).

Personally, although I don't think my yearbooks have anything to hide, I like the option of being able to remove myself from the record until I am dead.[12]  But in saying that, I am expressing a value, not a legal right, and value judgments are harder than legal conclusions.  That is why requests not rooted in solid legal reasons benefit from: a) the library having a strong, consistent guide, like a Code of Ethics; b) applying that guide consistently; and c) ensuring the library has the technical ability[13] to implement your institution's decisions, which are all critical.

Thank you for bearing with me on this answer, I know it is intricate, and perhaps more than you signed on for!  The steps I lay out in this answer are meant to be practical, easy to implement, and designed to help your library document that it is doing its best to balance preservation and access to documents with consideration of privacy and ethics.  That is no simple balancing act, but since requests like the one sent to the member are only likely to increase, it is a good thing to be ready to do.

 



[3] The reply to the 2020 question, after walking the reader through a suggested analysis of the content, states: "This analysis was done because yearbook projects bring up issues of not only copyright risk, but privacy and social issues."

[4] For libraries considering creating a formal archive of digitized yearbooks, this "Ask the Lawyer" answer regarding creating digital archives that include images of children discusses the interplay of legal and ethical issues.  Of course, a yearbook presumes a certain level of both awareness and willing participation, which not all images of minors do.

[5] It pains lawyers to hear this, but not every problem is solved by threatening to sue.  Letter campaigns, online petitions, public shaming, reaching out to people in power...these are non-litigious routes to get relief from problems, too.

[6] I don't just mean that the content makes them look bad, I mean it genuinely meets the criteria for defamation in New York, which is very precise.

[7] One thing the information in old yearbooks can do is help with social engineering of scams to defraud and/or commit identity theft.  "Hi, it's me, Angela, from your high school volleyball team!  Remember, with the red hair?  Yeah, it's me! Hey, can you cash a check for me...?Yes, this is exactly how it happens.

[8] Just to confirm: this question has nothing to do with copyright (sounds like the library got the right permission to move ahead with digitization), and has everything to do with the "right to privacy," laws barring use of identity-based content, and ethics.

[9] The difference here is critical!  A yearbook that is digitized and available only as an e-book to be checked out by a patron is very different from an open collection that is available to access and search without borrowing privileges.  This is one reason why archivists have different codes of ethics than librarians.

[10] You will note I do not call this content "archival" content.  As every library council member out there knows, libraries are not archives (although they might have some archives).  That said, in this case, the creation of the digital content is likely to end up in an archive—or a collection that functions like one—and the ethical considerations align almost exactly.  For that reason, the Code of Ethics of a body like the Society of American Archivists might be a good go-to for your policy.  It wouldn't hurt to have a professional archivist on board as a consultant for help evaluating concerns, too.

[11] Remember the person faking being on the volleyball team.  This is not an outlandish concern.

[12] I am already ahead on this.  Having a hatred of head shots, I boycotted my senior picture, a decision that only makes me happier as the years go by.

[13] As the member points out, "removal" in this instance poses a challenge.  In this case, it would be good to explore if "redaction" through an addition of a black bar to the PDF, with an appropriate footnote citing the Statement of Ethics, is possible.

Tags: Copyright, COVID-19, Digital Access, Digitization and Copyright, Yearbooks

Topic: Fair Use in Uncertain Times - 7/17/2020
In the spring, it was clear academic libraries providing digital resources were in a state of emer...
Posted: Friday, July 17, 2020 Permalink

MEMBER QUESTION

In the spring, it was clear academic libraries providing digital resources were in a state of emergency and fair use restrictions were loosened.

This fall, we are asked to plan for face to face learning, but we may be asked to turn on a dime and provide digital resources overnight if a student or faculty member in a course is unable to attend class.

We are hearing mixed messages from other institutions. What is our situation today, emergency or status quo?

Thank you

WNYLRC ATTORNEY'S RESPONSE

Before I answer this question, I do have to emphasize: as I wrote here, fair use was not modified during the height of the initial pandemic closures.  Further, there is no case law or regulatory guidance indicating things will be any different if we have to return to the level of lockdown experienced this Spring. 

There is no "emergency use" exception to copyright law--even under fair use.  That said, this is an excellent question that captures the experience of working in higher education right now, and I do have a few helpful things to offer in response.

Higher education libraries trying to support another immediate conversion from in-person to online learning should consider doing the following:

1.  Work with their academic and IT colleagues to optimize their institution's rights under the TEACH Act, which under the right conditions, allows the digital transmission of copyright-protected material.

"Optimizing," in this case, means presenting otherwise inaccessible materials in class, so the TEACH Act's[1] exception infringement can be fully used, while making the most of the medium.  For example, if a history class would typically read a chapter of a book before class, then meet in person to discuss the chapter, perhaps now a part of the online class could consist of the faculty member or students reading the chapter aloud,[2] and the class using an asynchronous message board to discuss it.

This method requires faculty to be flexible, but it is one way to ensure access for all, when all else fails.

 

2.  Unite with other institutions to re-negotiate the terms of digital licenses from academic publishers.

I cannot stress this one enough.  Academic libraries must unite, must negotiate hard, and must threaten to boycott any publisher that refuses to offer a reasonable price for students to access content online.  This was critical before COVID, and it is even more critical now.[3]

 

3.  Much easier, and even cooler than #2: plan to collaborate with students' local libraries to ensure students can take full advantage of Copyright Section 108's support of access via inter-library loan.

What?

That's right.  Let's say I am a college student from Littleplace, NY.   Suddenly, it's October and I have to vacate my dorm room at ABC College, due to a local surge in COVID-19.  To be ready for the rest of my (now online) classes, I need 12 articles, a textbook that costs $500 (that I was previously sharing with two friends), and a course pak I forgot in my dorm.

So long as I have access to the list of materials, I can head over to the Littleplace Library (or call them) and work to find the materials I need.  Using its rights under Section 108 of the Copyright Code, the Littleplace Library can get me a copy of the articles...possibly even in collaboration with the ABC library, or another academic institution with the right subscription.

In my observation, this is a very under-discussed option.  Remember, your students have a right to work with their local library to get copies under a combination of 108 and (on the part of the student) fair use.  The key is having the course materials listed in such a way, that the local college or public library can easily (and quickly) help them.

This, by the way, is one of the many reasons it is critical to keep open every single one of our small and mid-size libraries in small towns and villages across the country.[4]

 

4.  Use your institution's compliance with NY's Textbook Access Act.

This is another "if you have time" one. 

In New York, all higher education institutions and publishers must follow this law[5]:

Textbooks shall be sold in the same manner as ordered by such faculty member or entity in charge of selecting textbooks for courses. In the event such product is unavailable as ordered, the bookstore, faculty, and relevant publisher shall work together to provide the best possible substitute that most closely matches the requested item or items, and the publisher shall make available the price of such substitute or substitutes readily available.

This clause has always been applied to combat predatory pricing for course materials, but lends itself to the current situation, too.  If the instructor was given a discount digital copy, the students should be able to buy one, too.

 

5.  Take some time to examine the latest ruling on academic e-reserves and fair use, so you feel comfortable making the call when you can post things on e-reserve without permission.[6]  Fair use has not been "loosened," but it still has lots of room.  The full document has been updated to "Ask the Lawyer" as "Becker Ruling 2020."  It's boring,[7] but very instructive.

My best wishes for a supported and supportive prep for the Fall semester.



[1]The full requirements of this law can be found at: https://www.law.cornell.edu/uscode/text/17/110

[2] This would also allow presentation through adaptive technology, for those who need it per ADA.

[3] I understand if you are too busy coming up with an "August Staffing Plan" and trying to figure out where to get 10 gallons of hand sanitizer to organize the revolution.  But this really is important.

[4] As if I have to sell most of you on the importance of funding libraries.

[6] Always use your institution's fair use form to record your conclusion.

[7] The helpful stuff starts on page 6.

Tags: COVID-19, Digital Access, E-Books and Audiobooks, Emergency Response, Academic Libraries

Topic: Using article from personal CEU subscription - 4/13/2020
I have an instructor who asked if it would be violating copyright infringement if she shares artic...
Posted: Monday, April 13, 2020 Permalink

MEMBER QUESTION

I have an instructor who asked if it would be violating copyright infringement if she shares articles from her personal Continuing Education Units (CEU) account subscription with her students as class reading assignments.

WNYLRC ATTORNEY'S RESPONSE

NOTE: This question arose during the scramble for online resources during the nation’s response to COVID-19.  Click here for a full array of COVID-19-related questions about library operations and copyright matters impacted by pandemic response.

It might be copyright infringement, but there is another concern: it could also violate the terms of the contract (the subscription agreement) between the teacher and the CEU provider.

The problem is that not only do such subscription sites have basic, contractual terms governing the actions of all subscribers, but the individual articles may have different (less or more restrictive) terms, too.

For example, I tooled around IACET (a major CEU provider)’s website and found a wide range of copyright and licensing terms.  In some places, IACET had a very strict license that bars sharing materials.  In other places, I found language encouraging IACET’s leadership to adopt language promoting the sharing of articles, particularly those that reinforce IACET’s standards and values.

My best guidance must be: the teacher should evaluate their personal subscription agreement and terms for each article on a case-by-case basis.  For instance, it looks like IACET has taken a variable approach, so some content might actually be free to use.  Other material might be licensed for purposes of instruction—but only to the institution holding the license.  Each CEU provider will differ.

Only by reviewing the teacher’s contract with the provider, and the relevant content terms, can this question be answered.  And in these difficult times, calling them to ask for permission for the duration of the state of emergency might work.

Barring that, I am always very wary of any solution to educational content needs that relies on the individual instructor, rather than the institution (who, among other things, has better insurance), to take risks, so hopefully the school can assist with getting the right content, or finding a solution under copyright Section 108,[1] 110,[2] or 107.[3]

 

 



[1] Exceptions to infringement for libraries.

[2] Exceptions to infringment for educators.

[3] Fair use.

Tags: Copyright, COVID-19, Digital Access, Emergency Response

Topic: NYS Shield Act and Libraries - 12/5/2019
With the NYS Shield Act taking effect in March 2020 what changes or precautions should l...
Posted: Thursday, December 5, 2019 Permalink

MEMBER QUESTION

With the NYS Shield Act taking effect in March 2020 what changes or precautions should libraries be thinking about to comply with the law and minimize the risk of data breaches?

WNYLRC ATTORNEY'S RESPONSE

There are many technical aspects to this question, and this answer will explore many of them.  But first, I invite each reader to sit back, close their eyes, and envision the types of information their library takes in, maintains, or manages digitally.

Name…address…phone number…e-mail…library card number and account information.  Perhaps a driver’s license, or other photo ID.  Credit card information? Job applicant information, payroll, and employee data….  Donor information.  Survey responses.  Licensed lists.  Content related to digitization.   And (of course) every digital record related to a library’s core function: providing information access.

Now envision what someone with less-than-ethical intentions could do if they accessed or appropriated that digital information:

Disclose confidential library records…sell active credit card information on the dark web...use the information to design a very convincing phishing[1] scheme….

And I bet you can easily think of more. 

Scary?  You bet it is.  This is the type of risk-management New York’s lawmakers had in mind when they enacted the SHIELD Act[2], a far-reaching amendment to the state’s laws governing data security.

And as the member points out, the changes will impact your library.

So, what does this law require?

A lot. 

And here is where we get technical.  Because the law will hit different types of institutions differently, this “Ask the Lawyer” can’t give you a word-by-word recital of the precise obligations the SHIELD Act will impose on your institution.   But it can give you a plain-language DIAGNOSTIC FORM to help your board, your director, and your (internal or external) IT team a tool to start assessing your obligations.

So here, without further ado, is the ‘ASK THE LAWYER’ SHIELD ACT DIAGNOSTIC FORM.  If you have a buddy to fill this in with, I suggest you invite them to help, this is not the type of exercise to do alone.[3]

 

 

Diagnostic question

 

[NOTE: Any member of a library council in the State of NY is licensed to make a copy of this form for diagnostic purposes. However, THIS IS NOT INDIVIDUALIZED LEGAL ADVICE and no legal conclusion about the obligations of your institution should be made without the input of a lawyer.   That said, filling this out will help that lawyer help you a lot faster.]

Your Answer

 

Significance

 

1.

 

Does your library collect electronic versions of “personal information” as defined by SHIELD?

 

Here is the definition of “personal information”:

"Personal information" shall mean any information concerning a natural person which, because of name, number, personal mark, or other identifier, can be used to identify such natural person.

 

 

 

 

If your library collects “Personal information” as defined by SHIELD, it may be subject to SHIELD’s requirements. 

 

So, if you marked “yes,” keep going!

 

 

 

2.

 

Does your library’s network or equipment collect electronic versions of “private information” as defined by SHIELD?

 

Here is the type of data that, when combined with “personal information” becomes “private information” protected under SHIELD:

(1) social security number;

(2) driver's license number or non-driver identification card number;

(3) account number, credit or debit card number, in combination with any required security code, access code, [or] password or other information that would permit access to an individual's financial account;

(4) account number, credit or debit card number, if circumstances exist wherein such number could be used to access an individual's financial account without additional identifying information, security code, access code, or password; or

(5) biometric information, meaning data generated by electronic measurements of an individual's unique physical characteristics, such as a fingerprint, voice print, retina or iris image, or other unique physical

representation or digital representation of biometric data which are used to authenticate or ascertain the individual's identity; or

(ii) a user name or e-mail address in combination with a password or security question and answer that would permit access to an online account.

 

 

 

If your library collects “private information” as defined by SHIELD, it may be subject to SHIELD’s requirements. 

 

So if you marked “yes,” keep going!

 

 

 

 

 

 

 

 

 

 

 

(NOTE: if any libraries out there are using biometric records like retina scans in place of library cards, please let me know, because that is Bladerunner-level cool).

 

 

3.

 

Does the “private information” your library collects include information from residents of New York?[4]

 

 

 

If your library collects “private information” relating to New Yorkers, it may be subject to SHIELD’s requirements. 

 

So if you marked “yes,” keep going!

 

 

4.

 

Is your library part of a larger institution such as a school, college, university, museum, religious institution, or hospital?

 

 

 

If the answer is “yes,” then STOP.

 

Your work on SHIELD ACT compliance should be coordinated with your full entity, who should be sensitive to not only your library’s obligations under CPLR 4509, but your institution’s obligations under SHIELD and other data security laws like FERPA and HIPAA.[5]

 

Don’t go rogue!

 

 

5.

 

Does your institution contract with another entity, like a library system, to maintain private information? 

 

EXAMPLE: When a person applies for a library card, does the personal information supplied stay on the local library’s network, or does it simply flow through a terminal at the local library to a system’s network? This is a very common arrangement in NY.

 

 

If “yes” list and attach the contracts, along with the information maintained by the contractor.

 

This question applies to both parties.

 

If the answer is “yes,” gather the contract(s) governing the arrangement(s), and be ready to check the contracts for assurance of SHIELD compliance. This includes assurance of “reasonable security requirements,” and a clause governing data breach notification.

 

 

6.

 

Now, aside from information maintained on another entity’s network as listed in #5 above, (library system, payroll service, credit card service provider, etc.) does your institution maintain any computer system with private information?

 

 

 

 

 

 

If yes, list the information gathered and where it is maintained:

 

 

 

 

 

If the answer is “no,” you only have to follow step #7, below.

 

If the answer is “yes,” make an appointment with your IT team, and be ready to do steps #7 through #15, too.

 

7.

 

Contract compliance check:

 

If you answered “yes” to #5, above, the contracts governing that relationship would be clear about SHIELD Act compliance, including the notification procedures for data breach.

 

 

Who is the person at your institution who will do this work with your contractors?

 

 

 

This is a smart step because contract vendors must meet this standard:

Any person or business which maintains computerized data which includes private information which such person or business does not own shall notify the owner or licensee of the information of any breach of the security of the system immediately following discovery, if the private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.

 

 

8.

 

Okay, so it looks like my institution has to comply with the SHIELD Act.  What does that mean?

 

Well, firstly:

Any person or business which conducts business in New York state, and which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New York state whose private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.

 

So, does your institution have a policy for data breach notification?

 

 

 

Your institution may already have one! If so, it should be updated to reflect the changes in the law. 

 

If it doesn’t have one, now is a good time to get a policy in motion.

 

The law lists the steps and requirements for notification.  Among other things, those requirements  can depend on the size and nature of the breach.

 

NOTE: a data breach response is something a library should respond to with a qualified IT team and, if there are concerns about liability and compliance, a lawyer and your insurance carrier.

 

 

 

9.

 

Secondly:

 Any person or business that owns or licenses computerized data which includes private information of a resident of New York shall develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information including, but not limited to, disposal of data.

 

Does your institution have a policy to implement these “reasonable security requirements?”

 

 

 

Your institution may already have one. 

 

If so, it should be updated to reflect the changes in the law. 

 

If it doesn’t have one, now is a good time to get a policy in motion!

 

NOTE:  ***I have put the SHIELD Act’s criteria for a data security program next to three asterisks in the text following this form.

 

 

10.

 

Thirdly, are you a small library and feeling panicked about your security requirements?

 

Don’t worry, if you’re a “small business,” the law has a provision related to your obligations.

 

Here is the SHIELD Act’s definition of a “small business”:

"Small business" shall mean any person or business with (i) fewer than fifty employees; (ii) less than three million dollars in gross annual revenue in each of the last three fiscal years; or (iii) less than five million dollars in year-end total assets, calculated in accordance with generally accepted accounting principles.

 

So (deep breath) are you a “small business?”

 

 

If the answer is “yes,” then your “reasonable security requirements” are tempered:

…if the small business's security program contains reasonable administrative, technical and physical safeguards that are appropriate for the size and complexity of the small business, the nature and scope of the small business's activities, and the sensitivity of the personal information the small business collects from or about consumers.

 

This analysis is why having an inventory of the private information maintained by your library (or for your library) is critical; depending on the “sensitivity” (or use) of what you maintain, your plan can adjusted for what is “appropriate.”

 

 

11.

 

Just to reiterate: if you have gotten this far into the assessment diagnosis, you should probably have a “data breach” plan—even if it is just for coordinating with the entity who holds most of your data.

 

So: do you have a “Data Security and Data Breach Notification Policy and Procedure?”

 

 

 

 

As can be seen in the factors cited in the sections above, policy and procedures related to data security and data breach notification cannot be a cookie-cutter based simply on what other libraries do.  Your policy and practices will be governed by many factors.

 

 

12.

 

Are you insured for data breach and recovery?

 

 

This is a great question to ask your insurance carrier!  You should also be familiar with their notice requirements in the event of a hack or breach.

 

 

13.

 

Who at your institution is responsible for coordinating your data security program?

 

 

 

This responsibility should be confirmed in a job description and reinforced with regular training.  Working with your system or other larger supporting entity may be important, too.

 

 

14.

 

Who are your outside contractors assisting with emergency response in the event of data breach?

 

 

 

This is a good standing contract to have, and one that systems and councils might consider jointly negotiating for on behalf of members (and hopefully it is a service you never need to invoke!).

 

 

 

 

15.

 

Did you ever think, when you chose a library career, you’d get to moonlight in IT?

 

 

 

IT and libraries: two great tastes that go great together….with enough planning.

 

 

And that’s the SHIELD Act.[6]

How does a small not-for-profit tackle this expansion of data security laws?  Like anything else: inventory your status under the law, establish a goal for compliance, develop a budget and a plan, make sure the responsibility is appropriately allocated, confirm insurance coverage alignment, use all the resources at your disposal (your system, council, insurance carrier, and board members who have lived through data breach compliance) and get it done. 

In practical terms, this is also means:

  • If your library makes a practice of getting a copy of every member’s photo ID, and stores it on an Excel spreadsheet on an unsecured computer, now is a great time to stop doing that.
  • If your library maintains a list of users, credit card numbers, CCV numbers and expiration dates on your network, now is a great time for a network security assessment.
  • If your library uses an outside IT contractor, now is a great time to review their contract and make sure it provides assurance that services will be SHIELD Act-compliant.
  • If you have no idea if your institution’s insurance covers data breach (and recovery), now is a great time to ask your agent, broker, or carrier.  They might even have some resources to help you with SHIELD Act compliance.

The penalties for violation of the SHIELD Act are $5,000 per violation, in an action brought by the New York Attorney General (the law doesn’t create a private right to sue).  Other changes to the law make it easier for the AG to learn of data breaches, and to coordinate with other law enforcement agencies trying to combat them.  As we envisioned at the beginning of this article, the states for a breach are high.

But don’t worry.  No matter where your diagnosis falls, remember: libraries have been operating under heightened privacy obligations since before there were computers.  That mindset—awareness of an ethical duty to protect privacy--is the most important part of a program to minimize the risk of breaches. 

You’ve got this.

Thanks for a great question.

 

***A data security program includes the following:

 (A) reasonable administrative safeguards such as the following, in which the person or business:

(1) designates one or more employees to coordinate the security program;

(2) identifies reasonably foreseeable internal and external risks;

(3) assesses the sufficiency of safeguards in place to control the identified risks;

(4) trains and manages employees in the security program practices and procedures;

(5) selects service providers capable of maintaining appropriate safe-guards, and requires those safeguards by contract; and

(6) adjusts the security program in light of business changes or new circumstances; and

 

(B) reasonable technical safeguards such as the following, in which the person or business:

(1) assesses risks in network and software design;

(2) assesses risks in information processing, transmission and storage;

(3) detects, prevents and responds to attacks or system failures; and

(4) regularly tests and monitors the effectiveness of key controls, systems and procedures; and

 

(C) reasonable physical safeguards such as the following, in which the person or business:

(1) assesses risks of information storage and disposal;

(2) detects, prevents and responds to intrusions;

(3) protects against unauthorized access to or use of private information during or after the collection, transportation and destruction or disposal of the information; and

(4) disposes of private information within a reasonable amount of time after it is no longer needed for business purposes by erasing electronic media so that the information cannot be read or reconstructed.

 


[1] “We just need your bank information to refund your library fees since 1987 with interest!”

[2] SHIELD stands for "Stop Hacks and Improve Electronic Data Security".

[3] Why?  Well, if you’re lucky, it’s because it will be boring.  But chances are, it will be all too exciting, as you discuss the different types of data your library maintains and explore the data security obligations that come with it.  And if that happens, you’ll need one person filling in the form, while the other one looks up information—and you’ll both want someone to share your sense of urgency when it’s over.

[4] NOTE:  This is a huge change in the law, which used to only apply to businesses in New York.  Now it applies to any business that collects the information of New Yorkers; a big difference and one that impacts businesses out-of-state.

[5] Institutions subject to HIPPAA have special provisions to ensure disclosure obligations aren’t redundant.

Tags: Data, Digital Access, , Policy, SHIELD Act, Templates

Topic: Controlled Digital Lending - 2/4/2019
I have been reading the legal arguments undergirding the Controlled Digital Lending initiative (co...
Posted: Monday, February 4, 2019 Permalink

MEMBER QUESTION

I have been reading the legal arguments undergirding the Controlled Digital Lending initiative (controlleddigitallending.org). The legal arguments are outlined in the white paper here: https://controlleddigitallending.org/whitepaper.

Our library has a DVD collection that has been heavily used over the years for teaching, research, and recreational use. Circulation of that collection has been restricted to members of our campus. There are fewer and fewer DVD players available on campus now and so we are facing significant sunk costs with a collection that may become unusable. Hence, I am wondering whether we could reformat DVDs that we have purchased over the years, put those physical copies in a dark archive (i.e., no longer circulating), and stream the digitized copies one user at a time to verified members of our campus (current students, staff, and faculty). Would the doctrines of 1st sale and Fair Use apply, given that there would be a one-to-one relationship between the physical copy purchased and digital copy loaned, as well as noncommercial use?

WNYLRC ATTORNEY'S RESPONSE

This is a great and important question, and it rests on an critical issue. 

With that in mind, before you delve into this answer, I encourage readers of “Ask the Lawyer!” to check out the CDL “Statement” on www.controlleddigitallending.org/statement.

[Small break.]

Okay.  Did you check it out? Interesting, right?  Now, on to the answer….

Controlled Digital Lending (“CDL” ) is an effort to assert the rights of content users—as opposed to those of content owners—in the next regime of copyright law. 

As described in the CDL “Statement”:

CDL enables a library to circulate a digitized title in place of a physical one in a controlled manner. Under this approach, a library may only loan simultaneously the number of copies that it has legitimately acquired, usually through purchase or donation. For example, if a library owns three copies of a title and digitizes one copy, it may use CDL to circulate one digital copy and two print, or three digital copies, or two digital copies and one print; in all cases, it could only circulate the same number of copies that it owned before digitization.[1]

Rallying librarians from an impressive array of institutions[2], CDL asserts an extension of current copyright doctrines and seeks to confirm rights critical to the world of information management. 

But although it is a hybrid argument of Fair Use and the First Sale Doctrine, CDL is not the law.  Rather, it is a concerted effort to influence—and perhaps become—the law. 

As I see it, CDL is also a deliberate and potentially powerful answer to the established trend of content providers using contract law to impose limitations on copyright’s “First Sale” doctrine.  Here are some examples of this trend:

  • Terms for an “instructor’s copy” from an academic publisher barring re-sale or requiring the book be listed in the syllabus;
  • A license for a DVD’s “downloadable copies,” requiring a user to verify that the are the owner of the original hard copy; 
  • Textbooks that come with access codes for additional, but essential, digital content.

Because of the billions of dollars in revenue such contracts protect, the entertainment, publishing, and other IP industries will fight tooth and nail to not only resist CDL, but any extension of Fair Use and the First Sale doctrine.  Considering the lobbying power and commercial heft of these industries, the CDL position will need all the recruits and allies it can get.  It will be a showdown fought through usage, lawmaking, and most likely, law suits.

The CDL’s organizers know this might be hazardous combat.  Right in their “Statement” is the caution:

Because the following analysis is general, any library considering implementing controlled digital lending should consult a competent attorney to develop an appropriate program responsive to the specific needs of the institution and community.

This warning in the Statement is well-justified.  The stakes for generating infringing copies (which is what copyright owners will argue CDL digital copies are) and distributing them (which is what copyright owners will argue CDL-using libraries are doing) can be high, with the violator liable for damages and attorney’s fees, and stuck in a courtroom battle for years.

So what would a “competent attorney” advise their client to do in this case?  I don’t speak for all competent attorneys, but in a case like this, I would strongly advise an institution NOT to make “CDL” copies unless the action was part of a highly assessed, planned, and well-calculated strategic plan that considers the benefits and accepts the risks.

How does an institution do that?  Any institution seriously considering CDL should form a “CDL Committee” consisting of the institution’s librarian, risk manager/insurance liaison[3], a representative of the institution’s academic wing (if applicable), and an administrative decision maker (an officer of the institution).  The group should consult with (but not necessarily include) a lawyer. 

The group would assess what use their institution could make of CDL, get advice from the lawyer about those specific uses and the risks, check their insurance coverage, assess what is being done at peer institutions, and (perhaps most important) consider how this overall issue impacts their mission.  There would possibly be, at some of the bolder institutions, some acceptance of calculated risk.

If the group’s overall assessment leaned toward CDL, the committee could create a “CDL Assessment and Use Policy” to govern all its uses of CDL.  This way, the decision to use CDL would be rooted in the institution’s mission, while the process would be informed by the library’s assets and users’ needs.  This is critical because if the institution was ever sued for infringement, a good array of back-up material, showing a bona fide belief in Fair Use, and consistent with that of other participants’ in the CDL effort, could help them assert their position and limit financial damages.

With regard to the member’s particular scenario (trying to get more use out of an extensive collection of aging DVD’s), if I were the lawyer consulting with a committee, I would probably advise against that particular use for CDL.[4]  Unless the transmission is per section 110 of the Copyright Act, the risk of a suit for unlicensed transmission of a motion picture is just too high.  But I’d also want to assess each movie on a case-by-case basis.   While the combination of First Sale and Fair Use might not simply allow the restricted streaming, other solutions (a news exception, a license) might. 

I am sorry I cannot give a more definitive answer, but as the CDL organizers themselves point out, CDL is on uncertain ground.  The authors of the “Statement” don’t come right out and say it, but they are trying to fight fire with fire…offering a bold and critical counterpoint to the current copyright scheme through which rights owners tightly control digital dissemination of works in print. 

Libraries, these days, occupy ground zero of many of society’s struggles, and the next regime of IP law is one of those.  On the battlefield of intellectual property, troops are massing at the no-man’s land between digitization and the First Sale Doctrine.  Led by librarians, there is an army that hopes to not only hold the First Sale line, but officially extend it to a practice that is more convenient, green, and aligned with current technology: CDL. 

Does your library want to join that battle? Does it want to explore making select works available, under closely controlled circumstances, without requiring a person to pick up a hard copy?  By making a deliberate, well-planned decision to have a CDL policy, your institution can answer the famous question:

“There’s a war coming…are you sure you’re on the right side?” [5]



[1] https://controlleddigitallending.org/statement

[2] The signature list is like a “Who’s Who” of library world.

[3] The person at your institution who makes sure you have insurance, and transmits claims information when there is an issue…or that person’s supervisor.

[4] At least until a heavy hitter wins a case or two using the CDL argument.

[5] Wolverine to Storm in X-Men, movie (2000).  I wish I had it on DVD.

Tags: Copyright, Digital Access, Fair Use, First Sale Doctrine, Academic Libraries

Topic: Digital Movie Codes - 10/15/2018
Question 1 Recently, a patron asked what our library does with the digital movie codes that come...
Posted: Monday, October 15, 2018 Permalink

MEMBER QUESTION

Question 1

Recently, a patron asked what our library does with the digital movie codes that come with some of the DVD and Blu-ray disc we purchase. We have been throwing those codes out, so he wanted to know if we could give those codes to him (he would be willing to purchase them).

I would like to know the legality of selling them to patrons to raise funds for the library. What about including them in prizes? Is it covered by the First-Sale Doctrine? What if the fine print on some read "sale or transfer prohibited?" The discs are purchased with tax-payer money, does that further complicate the situation?

 

Question 2

When purchasing DVDs/Blu-rays at a library there are often alpha-numeric Digital Movie Codes available to receive a digital copy of the movie. These licenses seem to be tied to a single person that cannot be used or circulated in any easy way. Is there anything a library could use these licenses for, such as public viewings (as long as they are covered under the appropriate movie license) or giveaways at the library. Or are these Digital Movie Codes best to be thrown away because of the copyright restrictions surrounding digital content? 

WNYLRC ATTORNEY'S RESPONSE

Two questions about a creative use of resources!  Truly a joy to behold.  Unfortunately, this is one of those questions where I have to be a killjoy.

Before I dig into why, let’s clarify: both members have asked about the “Digital Movie Codes,” or alphanumeric keys, on (or in) the packaging of certain DVD’s, Blu-rays, and 4K/UHD discs.  Through a process called “redemption,” the holder of such a code can download a copy of the movie in the package. 

After “redeeming” the code, the holder can download the film to their phone, tablet, or computer.  The idea is that once you’ve paid for the hard copy, even if it is copyright-protected, the purchaser should be able to view the movie on the medium of their choice.[1]

So, can these fantastic codes be used, transferred, or raffled off by a library?  Because of the diversity of licensing terms[2], there is no one, definitive answer.  But my time researching showed that a growing number of these codes are supported at the back end by a company called “Movies Anywhere.” 

Sensing their model is vulnerable to access code re-sale, Movies Anywhere’s Terms of Use firmly state:

Digital codes originally packaged in a combination disc + code package (for example, a combination package that includes a DVD, Blu-ray, and/or 4K/UHD disc(s) and a digital code) are not authorized for redemption if sold separately. By redeeming one of these codes, you are representing that you, or a member of your family, obtained the code in an original disc + code package and the code was not purchased separately. Your representation is a condition of redemption of the code and of your obtaining a license to access a digital copy of the movie. To read all terms and conditions applicable to using your Movies Anywhere account, click here. If you agree, click the REDEEM button above.

See that clause “you…obtained the code in an original disc + code package”?  THAT is what kills the joy and puts the kabosh on the clever transfers and re-uses posed by the members.  Simply by redeeming the code, the person who acquired it from the library (whether by gift, purchase, or luck of the draw) would be in violation of the terms of the license…not a very patron-friendly practice (although some patrons might disagree)!

But wait, there’s more.

Wouldn’t it be nice if the library could have a DVD-viewing room where the digital content of purchased movies was watchable?  That, too, is likely forbidden, since as of this writing, participation in “Movies Anywhere” is limited to “individuals.”[3]  “Companies, associations and other groups may not register for a Movies Anywhere account or use the Movies Anywhere Service,”  states Section 1.a.  Libraries, while not generally thought of in such terms, are “companies,” so arguably, even redeeming the codes to put the content on library-owned technology is not allowed.

Of course, when it comes to these codes, check the fine print.  If they are through a service that doesn’t bar transfer (or on the flip side, doesn’t require the actual purchaser of the package to be the redeemer), you may be able to proceed as envisioned.  That said, I doubt many movie companies will depart from the Movies Anywhere model.  Content providers have had almost two decades since the “RIAA[4] wars” to get this right, and they don’t want to leave any revenue on the table. 

How enforceable are these license restrictions?  We’ll see.  The industry is suing when the terms are violated, and defendants are fighting back (see ongoing case Disney Enterprises, Inc. et al v. Redbox Automated Retails, LLC, in federal court in the Central District of California).  That said, libraries are in a different place than most “companies,” when it comes to restrictions on information.  If there is ever a compelling, information-access reason—or a disability accommodation reason—to use one of the codes, that should be explored. 

P.S. I saw a lot of reasons why libraries can’t give away or sell these codes, but I saw nothing that stops patrons from buying the hard copy, using the code, and eventually donating the hard to the library.  THAT would be within the “First Sale” doctrine.  So while I know that’s the obverse of what the members envisioned, perhaps that can restore some joy to these questions.

Thank you.


[1] Of course, “redemption,” which requires an account, also means the content provider gets a view into your movie choices, viewing habits, and choice of media.  But I will save a privacy rant for another day!

[2] Disney, Lionsgate, Fox…each studio has its own special formula for redeeming these codes. 

[3] Who are “legal residents” of the U.S., no less.

[4] The fight over digital copying of music, eventually leading to many fans swearing off Metallica.

 

Tags: Fair Use, Digital Access, First Sale Doctrine, Licensing

Topic: Donation of photos for digital archive - 6/8/2018
Recently, our library has been given a collection of photographs that were previously on display i...
Posted: Friday, June 8, 2018 Permalink

MEMBER QUESTION

Recently, our library has been given a collection of photographs that were previously on display in a local business location. These are photos of the customers of the business, many are children. These photos span several decades and are important to many. 

We would like to digitize these photos and make them available via the internet because we believe these to be of sentimental, cultural, historical and academic value to our region and beyond.

The photos were given to our library by the business that had previously displayed them and also produced the photos. What are the issues of rights and permissions raised by making these images freely available online, especially given that many of those in the photos are children? Thanks for your help.

WNYLRC ATTORNEY'S RESPONSE

To answer the member’s questions, we must start with the fundamentals.

When accepting a donation of culturally significant photos, an archive should have a donor agreement or other documentation that addresses the following things:

Does the donor solely own the physical photos?

Is physical ownership being given to your institution?

Who authored the pictures?  If not a company, what is their name and birthdate?

Does the donor solely own the copyrights?

Is copyright ownership being given to your institution? If not, what permission comes with the physical donation?

May the receiving institution license use by others (a “transferable license”)?

Were the copyrights registered?

Are there any reservations or conditions on this gift?

If donated as part of a will, obtain a copy of the will.

What is the value of the gift? (for tax purposes, if the donor wants to claim a deduction)

Confirming the scope of the donation, the conditions, and value of the gift creates a firm basis for future decisions, including how to address the potential risks of posting pictures of minors.

It is also helpful to get as much additional information as you can at the time of the donation:

To the best of the donor’s ability, what is the date, place, and identity of those in the pictures?  What else of significance is being depicted?

What type of equipment was used to product the images?

Why were the images gathered?

Who collected the images?

Why is this collection significant; why should it be preserved and made available to the public?

Why does this collection fit into the mission of your institution?

Knowing as much as possible about the provenance and purpose of a collection makes it easier to access the protections built into the law for journalism and scholarship.  And with that background, it is easier to assess the risks when the collection involves human subjects.[1]

Those risks include:

Will this content be used by the institution in a way that violates New York’s bar on use of names and likenesses for commercial use? [2]

Are there any ethical considerations that bar including these images in the collection?

Is this depicting any personal health information?

Are there special sensitivities we must consider and plan for?[3]

Will the names of those depicted be included in the metadata of the digital archive?  If so, why is that necessary?

When it comes to minors (those under 18), additional risks are:

Will this reveal a minor’s youthful offender status?

Will this reveal participation in the social services system?

Does this depict an illegal act?

If the answer to any of the last eight questions is “yes,” a consultation with a lawyer, and perhaps an an image-by-image review, may be warranted.  But while that may time time and resources, it may be worth it, since there still may be a way to digitize the photos and make them available via the internet…especially if they have sentimental, cultural, historical and academic value to our region and beyond.

 


[1] At an academic institution, if the images depict human subjects (of any age) consult the Institutional Review Board (“IRB”).  Depending on how you design your project, it could be important.

[2] Here is the actual text of the law: “§  50.  Right  of privacy. A person, firm or corporation that uses for advertising purposes, or for the purposes of trade, the  name,  portrait or  picture  of  any  living  person  without  having first obtained the written consent of such person, or if a minor of his or  her  parent  or guardian, is guilty of a misdemeanor.”

[3] Depictions of exploitation, enslavement, abuse, or images that could be considered an “illegal sex act” (as defined by §130 the penal law) for instance.  From the sound of it, that is not the case here, but at “Ask the Lawyer!” we try to be thorough.

Tags: Digital Access, Digitization and Copyright, Copyright, Donations, Ethics, Image Rights

Topic: Copying Yearbooks - 5/25/2018
A member asked about a request for the library to provide copies of photos from yearbooks for a cl...
Posted: Friday, May 25, 2018 Permalink

MEMBER QUESTION

A member asked about a request for the library to provide copies of photos from yearbooks for a class reunion.

WNYLRC ATTORNEY'S RESPONSE

One of the reasons I enjoy doing “Ask the Lawyer,” is the diversity of questions, and the often esoteric subjects I get to research as a result.  This question is a prime example.

While the liability for copying copyright-protected yearbook photos is, in theory, the same as copying any other published, commercially-generated or amateur picture, I always like to check and see if the specific circumstances in the question have some directly on-point case law. So when this question came through the pipeline, I hit Lexis-Nexis® to search for cases of “yearbook infringement.”[1]

Well.  I found:

  • A first amendment case involving a high school senior suing to include a statement describing a state-sanctioned execution on her yearbook page[2];
  • A copyright case involving a person who laboriously compiled yearbook photos of famous graduates from a variety of New York City high schools, only to find his work replicated by another publisher[3]; and
  • A truly horrific case involving a prank, jail time, and a photo of a person’s genitalia making it into the yearbook[4].

What I didn’t find was a string of case law based on simple copying of yearbook photos for non-scholarly or non-journalistic reasons, like promoting reunions, which is the nuance posed in the member’s question.  But I suspect that is because when a claim based on such an action is threatened, if it has any teeth, it is quickly settled.  Insurance carriers do not like litigation.

So, when your library gets a request for a might-still-be-protected yearbook photo, does it mean the request must be denied?  No.  Remember, if the use is non-commercial, and the other criteria are met, libraries can make copies under Copyright Act Section 108.  Further, Under Section 107, patrons can make the copies themselves, and can claim fair use.  But like with all things copyright, the devil is in the details.  It all depends on the basis for the request, and the amount of content used.

Where must we draw the line?  Somewhere between these two examples:

Example #1: A patron has requested the library copy a yearbook pages featuring Timothy McVeigh for use in coverage related to the Oklahoma City bombing.  That person could get both a 108 copy, and a copy under fair use.  This is especially true if the image selected actually showed it was from the yearbook, and was included as part of an essay, book, or documentary exploring the roots and reasons for the actions of a domestic terrorist. 

Example #2: A patron has requested the library make copies of the individual photos of 100 less notorious graduates to promote Starpoint High School’s Class of ’86 reunion on Classmates.com.  That request would not have that same protection at Example #1.  If the original photographer or their heir could show it was an infringement, they could claim damages (even if the photo’s copyright wasn’t registered), and the library could find itself without a defense.

So how does a librarian deal with this type of request?  As always, help the patron get access to the information they need, but protect the library.  If the request is in person, once they have been given access to the book, your job is done (don’t help them with the copy machine).  If the request is remote or inter-library, and you know they plan a purely commercial use, you can’t make that copy.  This might be perceived as harsh—the requester is probably just a volunteer trying to organize a simple good time! –but you can let them know that the request they made exceeds your authority[5]

Bear in mind, it’s 2018. If they access or check out the yearbook and take pictures with their phone without your assistance, that is not something the library can control, nor be held responsible for. The patron themselves might have liability, but your institution will not…unless your library is part of the school organizing the reunion, in which case… seek back-up!

Please note: this highly restrictive answer has nothing to do with the fact that somewhere in the Town of New Hartford, NY, there is a picture of me in a Def Leppard t-shirt with 80’s hair.

 


[1] This is not a paid commercial endorsement of Lexis.  It’s just the service I use.  But for the record, I have preferred it since law school, where “Lexis or Westlaw?” is the equivalent of “Coke or Pepsi?”

[2] Stanton v. Brunswick School Dep’t, 577 F. Supp. 1560 (January 23, 1984). She won!

[3] Cantor v. NYP Holdings, Inc., 51 F. Supp. 2d 309 (June 4, 1999).  He lost!  (Not enough original content in his work). 

[4] Granger v. Klein, 197 F. Supp. 2d 851 (March 29, 2002).  Josten’s got an early dismissal of most of the claims. 

[5] Unless you are a member of Congress and can introduce legislation to change the Copyright Act.

 

Tags: Copyright, Digital Access, Digitization and Copyright, Yearbooks, Photocopies

Topic: Digitization of Video Recordings Not In Public Domain - 11/15/2017
We have video recordings of campus speakers that we are interested in digitizing and publishing to...
Posted: Wednesday, November 15, 2017 Permalink

MEMBER QUESTION

We have video recordings of campus speakers that we are interested in digitizing and publishing to an online platform. They are currently on VHS and/or DVD and available in the Library to be checked-out. 


The speakers include writers and poets who recite their published, copyrighted works to the college audience. Is it possible for us to post the recordings of these readings (as well as question and answer sessions) online? Most likely there was no signed license agreement when filmed.

WNYLRC ATTORNEY'S RESPONSE

Part of the mission of higher education institutions is to bring important, provocative, and enlightening speakers to their communities. Over the years, this results in an impressive roster of authors, artists, professionals, politicians, comedians, dignitaries, and civic leaders, having spoken on campus. Sometimes, all or part of this roster was captured on film, video, or audio recording.

 

The rights to those recordings—and what can be done with them in the digital age—can present a complicated situation. Each individual recording comes with a suite of considerations that can make a digitization project difficult. But in a scenario like the one posed by the member, critical points of analysis can be assessed, so a way forward is found. Here are those critical points:

 

Assessment Point #1: Who owns the copyright (to the recording)?

First, it is useful to establish who owns the copyright to the actual recording. Since copyright to a recording vests in the person who created the recording, not the person being recorded (unless it was a selfie), this is sometimes easy to assess. As we say in the biz: “who pushed the ‘record’ button?”

 

If the recording was made by an employee of the institution, and there was no contractual agreement otherwise, then the copyright to the recording is owned by the institution. If it was recorded by a student who just happened to be there, or a third-party attendee, the school doesn’t own it (which becomes an issue in the subsequent steps). Awareness of this factor is a good starting point for what lies ahead.

 

If your institution owns the copyrights to the recording, you can skip points #2, #3 and #4, below.

 

Assessment Point #2: Is this recording part of the library’s collection?

Just because the educational institution owns the physical copy doesn’t mean it is part of the library’s collection. For purposes of numbers 3 and 4, below, if your institution doesn’t own the recording, in order to convert and/or conserve it under Copyright Act Section 108 (the section giving special rights to certain libraries), the original recording must be formally cataloged and included in the library’s collection.

 

Assessment Point #3: Is the library in a position to convert the copy to a digital medium?

If the copy is formally a part of the library’s collection, and it is on a format considered “obsolete” under section 108 of the Copyright code (so long as the devices are no longer manufactured, VHS is, for example, is considered “obsolete”), the library may convert it to a digital format, and loan it out as provided by the §108. NOTE: this does NOT mean you can include it in an online digital collection, for anyone to access any time, but it takes you one step closer to it!

 

Assessment Point #4: Does the library need to conserve the copy?

If the original copy is deteriorating, it may be duplicated as set forth in Section 108. NOTE: this also does NOT mean you can include it in an online digital collection, but it makes sure than once you can, your original copy is safe, and backed up for posterity.

 

Assessment Point #5: Did the institution have any right to record, and/or to use the image of the person who was recorded?

This requires scouring the contracts of the institution. Most speaker contracts these days include terms controlling the right (or not) to make a recording, but, as reflected in the scenario posed by the member, in the past this was not the case. This assessment is critical, especially since at academic institutions, other departments at the institution may want to use the content to promote and celebrate the institution…but in New York, the commercial use of a person’s image, without their written consent, can carry both civil and criminal penalties.

 

Assessment Point #6: Are there any concerns with trademark?

The risk posed in #5 is increased if the speakers’s name and image is currently being used for purposes of a trademark (like “Maya Angelou” which is protected under Federal Trademark 86978575), or if a trademark was on display during the presentation. This means any arguably commercial use (like selling copies, putting it on the school’s website or catalog, or selling a t-shirt promoting the collection) should only be done in consultation with an attorney.

 

Assessment Point #7: Are there other copyright concerns?

This is the meat in the sandwich of the member’s scenario. Going through the above steps, even if an institution:

1) owns the recording;

2) includes the recording in the library’s catalog;

3) meets the 108 criteria to convert it from an obsolete format;

4) meets the 108 criteria to make preservation copies;

5) has permission to use the name and likeness of the speaker in any and all formats, for whatever reason, forever;

6) verifies there are no trademarks involved…

 

if the speaker read a copyrighted work during the recording, that “performance” of a copyrighted work MIGHT be subject to its own copyright, and thus, bring with it a host of new restrictions, cramping the bounds of your digital usage.

 

What a pain, right?

 

Fortunately, there is solution. For any library at an educational institution contemplating digitizing the institution’s recorded guest speakers, if the written record doesn’t reflect clear permission to record and use the content, writing to the original speaker, or the current copyright owners, to ask for permission, may be the best solution. A sample request, with the variables notes in CAPS, is right here1:

 

Dear NAME:

 

You may recall speaking at INSTITUTION on DATE. During that performance, you read [INSERT TITLE(S)] (hereinafter, the “Works”).

 

Our on-campus library seeks to include a copy of that performance, recorded on FORMAT, in an online, digital collection to be called TITLE (the “Collection”). We would like to include the recording in an online Collection, so it may be accessed by the public, for purposes of enjoyment and scholarship.

 

To that end, we ask the following:

 

1. Are you the sole copyright owner of the Works? Yes No

 

2. If you are not the owner, do you retain the right to give permission for their reproduction, distribution, performance, and display? Yes No

 

If you are not the copyright holder, or do not hold the rights, please let us know who does: _____________________________________________________________

 

If you are the copyright holder, please consider the below requests:

 

3. Copyright License

May [INSTITUTION] have a non-transferable, irrevocable license to reproduce, duplicate, display, perform, and, by virtue of the recording being part of the Collection, prepare a derivative work of, the Work(s), solely as performed by you and recorded by INSTITUTION on DATE? Yes No

 

SIGNATURE:_____________________________

 

DATE:_____________________

 

 

Image Release

We would like to use your name and picture to promote the Collection. May [INSTITUTION] use your name and likeness, including but not limited to photos or images of you, the recorded sound of your voice, for the purpose of promoting the Collection in hard copy, on the institution’s website, and via any other medium existing now, or later developed? Yes No

 

 

SIGNATURE:_____________________________

 

PRINT NAME:__________________________________

 

DATE:_____________________

 

Thank you for considering this request. I included a self-addressed, stamped envelope, in the hope of a favorable reply.

 

Of course, the risk of asking is that they say “no”…and that they demand you stop using the recording of the derivative work! That is why in all of this, any contracts should be assessed by an attorney, so the rights of your institution are protected, and any requests for permissions should be carefully considered prior to submitting the request.

 

So, the answer is (and I appreciate it took a long time to get there!): unless the recording were news coverage—which is assessed under a different array of laws—permission (given either at the time of the arrangement, or many years later) for digital duplication and distribution is required, but can be arranged well after the event.

1 NOTE: This approach is for educational institutions that were also the original recorders of the work to be digitized, who are seeking a wide degree of latitude on their use. This approach is NOT suggested for digitization efforts involving content generated by third parties at non-educational institutions. It also does not cover recordings of musical works (that would be a whole other answer!).

 

Tags: Copyright, Digital Access, Digitization and Copyright, Academic Libraries, Templates

Topic: Copying of College Textbook Chapters - 5/1/2017
Our question concerns the copying of college textbook chapters for students where the required tex...
Posted: Monday, May 1, 2017 Permalink

MEMBER QUESTION

Our question concerns the copying of college textbook chapters for students where the required textbook is either backordered by the bookstore day one of semester or where a late enrollees’ textbook is out of stock. 

One current solution involves a limited checkout of a text for the first four weeks of a semester, and only for library use for reading or photocopying. We keep a printout of the standard Copyright notice on the copier to warn against excessive copying. After four weeks, students must have access to the book on their own and textbook copies remain solely as desk copies for faculty. 

However, what is advised when multiple classes do not have textbooks in stock and late enrollees are more prevalent? What does copyright permit in terms of copying textbook chapters or providing e-links to textbook chapters on LMS (Blackboard, etc.) in such cases?

WNYLRC ATTORNEY'S RESPONSE

It’s 2017.  Digital access to academic resources having been a factor in academic life for over 20 years, it would be reasonable to think I would have clear, well-established guidance to give you.

However, as of 2016, the United States was still struggling with Fair Use, and the law doesn’t give us the bright-line rules we are hoping for.   Rather, particularly with regard to textbooks and digital access, recent case law has diminished them.

Very comparable to the circumstances you described is the case Cambridge University Press v. Mark P. Becker No. 1:08-cv-01425-ODE (N.D. Ga. Mar. 31, 2016).  In Cambridge, a court in Georgia, after trying to use a simpler, equally weighted Fair Use analysis, and relying on the ill-fated “10% standard” of duplication, ruled that when creating digital copies/excerpts of textbooks:

(1) the first factor, purpose and character of the use, weighs in favor of fair use because [a university] is a nonprofit educational institution;

(2) the second factor, the nature of the work, is “of comparatively little weight…particularly because the works at issue are neither fictional nor unpublished;”

(3) the third factor, the amount of work used, must be viewed through the lens of “the impact of market substitution as recognized under factor four, in determining whether the quantity and substantiality . . .of [d]efendants’ unlicensed copying was excessive;” and

(4) the fourth factor, the effect of the use on the potential market for the work, “concern[ed] not the market for Plaintiffs’ original works . . . but rather a market for licenses.”

This case shows that a when it comes to textbooks, while courts will give strong deference to educational institutions, there is no “magic formula” (like 10% of the content) they will apply to ensure Fair Use.  Rather, courts will apply a nuanced analysis that changes from work to work, and from use to use—making general guidance a challenge.

With all that in mind, my answer to the inquiry is:

First, the ability of the student/patron to physically access or check out the book is a great service by your library; with the required copyright notices posted, and no attempt by the library to collude with students in making prohibited copies, you are taking good advantage of section 108’s exemptions of libraries from liability for infringement.  In addition, providing access to textbooks within the structure outlined above is a great incentive for students to visit the library.

Second, your actual question—can my library use digital access to help students who were late registrants or otherwise unable to secure a physical or full digital copy?—requires application of the Fair Use factors on a work-by-work basis, which as we can see, is an increasingly intricate and fact-specific exercise.   You must apply the four factors not just on a work-by-work basis, but while considering the specific purpose of a particular use.

There are also some practical tips that can help you avoid being sued for infringement.

Tip #1: To answer questions like this, I always put myself in the shoes of the potential plaintiff.

· If I were the publisher, would I view the digitized access as cutting into my potential revenues? 

· Is there an easily obtainable license for the excerpt, that the library is just choosing to ignore?

· Can I, as the publisher, easily put a price on the damages? 

All these factors, if the answer is “yes,” can lead to the publisher instructing their lawyer to file suit. 

However, even if all of these are true, I, the publisher, would also ask…did every person who accessed the digital copy already have a copy on back-order (and not return it)?   If they bought my book, and were only using the digitization as a place-holder, I, the publisher, would tell my lawyer to look elsewhere for damages…especially since when I, the publisher lose, I am responsible for the legal fees of the other party (in the Cambridge case, the publisher was told to pay the fees of the university).

Tip #2: It is unfortunate that, like the courts, I can’t give a simple formula for Fair Use.  However, one way you can sometimes get a bit of “free” advice on this is to consult with your institution’s insurance carrier.  It is very likely your institution is insured for copyright infringement, and that they have a list of best practices they would like to ensure you, the insured, are following.  As a professional within the library, it is good to also confirm that this coverage will cover not only the institution, but you as an employee.  That can help you sleep at night.

Tip #3: And finally, if ever an entity notifies you that they are suing you for infringement, notify your insurance carrier right away.  Often times, they can provide counsel, and help you reach a quick, low-stress resolution.

Tags: Copyright, Digital Access, Fair Use, Textbooks, Photocopies, Work-for-Hire, Academic Libraries

The WNYLRC's "Ask the Lawyer" service is available to members of the Western New York Library Resources Council. It is not legal representation of individual members.