Adopted by the Library Board of Trustees on December 9, 2021.

Statement

The Ainsworth Memorial Library’s circulation system is operated and maintained by the North Country Library System (NCLS). NCLS will investigate and provide notice of information security breaches to affected individuals and/or Federal and State agencies in accordance with applicable Federal and State requirements.

Purpose

The purpose of this policy is to outline how NCLS and Ainsworth Memorial Library will respond to incidents involving data breaches. It will identify and define steps and procedures that will be followed when those breaches occur and will address how affected individuals will be notified as required by relevant Federal and State laws.

Scope

This policy applies to all NCLS information assets or information assets under the care of the NCLS, and applies to all individuals who interact with, access, or store NCLS electronic information regardless of storage device, medium, or physical location.

Protected Information
Protected information is defined as:

  • Personal information that includes a person’s name, personal mark or other identifier, combined with one of the following;
    • Social Security Number
    • Driver’s License Number
    • Non-Driver Identification Card Number
    • Account number or credit/debit card number in combination with required security code, access code or password
    • Biometric Information
  • A username or email address in combination with a password or security question or answer that would permit access to an online account.

Protected private information does not include publicly available information which is lawfully made available to the general public.

Data Breach

A Data Breach is defined by NCLS as an incident of unauthorized access to or acquisition of, or acquisition without valid authorization of computerized data that compromises the security, confidentiality, or integrity of the protected information maintained by NCLS. 

Reporting Responsibility

All individuals affiliated with NCLS in any capacity, including but not limited to member library staff, vendors, and contractors, should report suspected or actual data breaches immediately to the IT Manager. NCLS will investigate all reports of breaches related to information maintained by NCLS.

NCLS Procedures

NCLS administration will initiate the following procedures upon notification of a suspected breach: 

  • Containment – If NCLS Technology Department determines there was a data breach, NCLS will work with the affected department(s) or location(s) to contain the breach.
  • Director Notification — The Director of NCLS will be notified when determination of an actual breach is made.
  • Assessment – Once the breach is contained and eradicated, NCLS Technology Department will assess the extent and impact of the breach and provide documentation.
  • Data preservation – All available evidence related to the breach will be preserved by NCLS Technology Department for future analysis.
  • Reporting and legal obligations —The NCLS Director will consult with legal counsel to determine specific legal obligations relating to the breached information and relevant reporting obligations.