My question is: do public libraries have any legal obligation to collect emergency contact information for children (age 17 and under) attending library programs without a parent or caregiver present/on the premises? Our library is located on the campus of a school district, and we have access to the school district's library automation system, in addition to our own, so we could easily and quickly locate contact information for the parents/caregivers of children who attend our programs in the event of a medical or other type of emergency situation. We already have an unattended minor policy as well. Our Library Board wants to make sure that we are in compliance with both Federal and New York State law on this issue. Thank you.
This question is rather like asking an astronautical engineer: When on a spacewalk, are there any safety procedures specifically related to securing my helmet as I exit the airlock?
Such a question could inspire an initial reaction like: Safety concerns? In SPACE??? Blazing comets, the safety concerns start the moment you blast off!
But upon reflecting on the actual question, the calm, composed answer might be: “To ensure integrity of the pressure garment assembly, double-check the neck-dam’s connection to the helmet’s attaching ring.”
Lawyers get this way addressing questions related to children and liability. Our first reaction is to think about everything that can go wrong. But then we calm down and focus on the specific issue at hand.
So, here is my calm, composed answer to the member’s very specific question:
There are two potential instances where a public library offering a program for unaccompanied minors might be obligated by law to collect emergency contact information.
If the program the library is hosting is a camp required by law to have a “Safety Plan,” applicable regulations arguably require that the library gather the child’s emergency medical treatment and contact information.
If the library is paying a child performer as part of an event, the law requires that the library must collect the child performer’s parent/guardian information before the performance.
Other than the above instances, while such a practice may be required by an insurance carrier, a landlord, or event sponsor, there is no state law or regulation that makes collecting emergency contact information a specific requirement of a public library.
I do have two additional considerations, though.
“Emergency contact” information provided by the parents/guardians, in a signed document drafted expressly for your library, is generally the best course of action when welcoming groups of unaccompanied minors for events not covered by your library’s usual policies.
I write this because Murphy’s Law (which is not on the bar exam, but remains a potent force in the world) will ensure the one time there is an incident at your youth program, the district’s automation system will be down.
Which brings us to the….
Libraries and educational institutions sharing automation systems must make sure that such data exchange does not violate either FERPA (which bars educational institutions from sharing certain student information), or CPLR 4509 (which bars libraries from sharing user information).
Emergency contact information maintained by a school is potentially a FERPA-protected education record. If FERPA-protected, it is illegal for any third party—such as a public library—to access it unless there is an agreement in place with certain required language AND the library’s use of the information is in the students’ “legitimate educational interests.” 
Of course, given the right circumstances, meeting these criteria is perfectly possible. In fact, such agreements can be a routine part of a school’s operations. But just like with a space helmet before leaving the airlock, its best to confirm that everything is in place before you take the next step.
Thanks for a thought-provoking question.
 I imagine aeronautical engineers swear like the rest of us, but I like to image they sound like characters Golden Age comic books.
 Thanks, NASA.gov!
 I know this question isn’t really about camps, but libraries do host them. And since the NY State Health Department’s template for a licensed camp’s “Safety Plan” includes eliciting emergency contact/treatment info, I have to include this consideration. For a breakdown of what types of camps requires licenses, visit https://www.health.ny.gov/publications/3603/
 This is a requirement of Title 12 NYCRR § 186-4.4. Since the library would also need said child performer’s license to perform, this requirement would not likely be missed! I also appreciate that this example is on the far side of what this question is actually about.
 Call your carrier to check. They may even have preferred language for your library to use when crafting registration documents.
 The definition of “education records” under FERPA (and its many exceptions) is here: https://www.ecfr.gov/cgi-bin/text-idx?rgn=div5&node=34:126.96.36.199.33#se34.1.99_13. Interestingly, a student’s name, phone number, and address—three critical components of an emergency contact form—are potentially not FERPA-protected “education records” as they may be considered “directory information” if specifically listed in a public notice from the school, as required by FERPA Section 99.37. FERPA violations can turn on these small details!
 What language is that? Under FERPA Section 99.31, an educational agency or institution may disclose such information to another party (like a library on its campus) if that party is: 1) performing a function for which the school would otherwise use employees; 2) the library directly controls the contractor’s use and maintenance of the records; and 3) the contractor is required to not further disclose the records. This formula can also be found in the link in footnote 4.
 Who says that simile can’t make a second appearance?!
Tags: FERPA, Policy, Privacy, CPLR 4509, Public Libraries