Skip to Main Content

McFarlin Library Policies Page: Patron Privacy Policy

This guide contains the McFarlin Library Patron Privacy Policy and links to the privacy policies of vendors who supply library resources.

McFarlin Library Patron Privacy Policy

Summary of Policy

The McFarlin Library at the University of Tulsa is a staunch defender of intellectual freedom, patron privacy, and responsible use of patron data. McFarlin Library complies with minimum legal requirements to protect information about the resources and library use of patrons, but strives to protect patron information further, aiming to meet American Library Association, industry standards, and European Union General Data Protection Regulation (GDPR) standards for all patrons. McFarlin Library will not release information about your library utilization except to authorized parties and will take additional steps to protect your data from internal and external usage. 

Your Right to Privacy

Privacy is essential to intellectual freedom, free speech, and academic discourse. "Privacy" is broadly defined as the right to be left alone, or freedom from interference or intrusion. In a library setting, this translates to privacy to utilize the library to research topics of your choosing without fear of your research topics, resources utilized, or presence in the library being reported except to authorized parties for legitimate reasons. 

By utilizing our website, attending library programs, participating in library instruction or research sessions, accessing our electronic resources or physical materials, visiting McFarlin Library, or paying for an individual library membership, you agree to our privacy policy. By consenting to this policy, you authorize McFarlin Library to contact you utilizing the contact information we have on file regarding overdue materials or in response to library inquiries. However, in accordance with Oklahoma State law and our own commitment to patron privacy, information about materials you check out and information that you access in library resources is confidential. 

The McFarlin Library Patron Privacy Policy may change over time. Please refer back to this specific section of our website to see the most recent version of our policy.

Legal Requirements

As a joint public-private academic library in the State of Oklahoma, McFarlin Library complies with Oklahoma statutes governing patron privacy, which state:

Any library which is in whole or in part supported by public funds including but not limited to public, academic, school or special libraries, and having records indicating which of its documents or other materials, regardless of format, have been loaned to or used by an identifiable individual or group shall not disclose such records to any person except to: Persons acting within the scope of their duties in the administration of the library; Persons authorized to inspect such records, in writing, by the individual or group; or By order of a court of law (65 OK Stat § 65-1-105 (2014)).

In other words, McFarlin Library will not release information about your library activities, library usage, books or materials checked out, or similar unless the release of information is needed by a library administrator, authorized parties, or court order. 

While McFarlin Library serves a private university, the University of Tulsa and McFarlin Library participate in federally funded programs, such as Federal Student Work Study, and receive public funding in the form of federal grants and state funding for a portion of our library resources. As such, we are bound to the Oklahoma statute as our library is funded "in whole or in part by public funds".

As a student-serving university, the University of Tulsa and its departments, including McFarlin Library, is also bound by the Family Educational Rights and Privacy Act (FERPA). Under FERPA, McFarlin Library will not disclose information pertaining to educational information, student records, or personally identifiable information without express written approval from the student as outlined in the University of Tulsa's FERPA policy.

Some McFarlin Library users may also be protected by the European Union (EU) General Data Protection Regulation (GDPR). GDPR is a European law that established protections for privacy and security regarding "personal data" for individuals in European Economic Areas and some non-European Economic Areas. GDPR applies to any organization that operates within the EU and processes personal information. GDPR also applies to any organization outside of the EU that processes the personal information of individuals who are physically located in the EU, which either (i) offers goods or services to such individuals, or (ii) monitors the behavior of such individuals. The GDPR does not cover individuals by virtue of their citizenship, but their physical presence in an EU country. For example, personal information of an EU citizen collected at a U.S. location is not covered by the GDPR unless the controller or processor continue to monitor the EU citizen upon their return to the EU. 

Under the GDPR, individuals have the right to request the erasure of their previously provided data or to inquire about the data that has been collected on them. Individuals requesting erasure of their personal data from McFarlin Library records should contact Please review the University of Tulsa's GDPR FAQs document for more information on how the University as a whole complies with GDPR guidelines.

Library Ethical Obligations

Outside of legal obligations to protect patron data, McFarlin Library strives to abide by patron privacy guidelines set forth by the American Library Association and the American Library Association's Library Bill of Rights. Per the American Library Association's Library Bill of Rights, section seven, "All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information." The American Library Association affirms this right to privacy in the pursuit of free inquiry, stating, "All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. When users recognize or fear that their privacy or confidentiality is compromised, true freedom of inquiry no longer exists. Privacy is essential to the exercise of free speech, free thought, and free association. Federal and state courts have established a First Amendment right to receive information in a publicly funded library. Further, the courts have upheld the right to privacy based on the U.S. Constitution." The American Library Association acts as the governing and advocacy group for all libraries in the North Americas, working with American libraries to establish common ethics for libraries to uphold, including the Library Bill of Rights. 

University of Tulsa Data Gathering

As a joint private-public library, McFarlin Library protects patron data as outlined in Oklahoma State law. McFarlin Library cannot guarantee total privacy of its users who may utilize University of Tulsa-provided resources, such as computer usage, wireless internet, or University of Tulsa website resources. Users should review the University of Tulsa's Privacy Policy in addition to McFarlin Library's Patron Privacy Policy.

Data Obtained by McFarlin Library

Data Obtained by McFarlin Library

While McFarlin Library will not release data on personal library use and activities, our staff and library systems collect data about individual library usage manually, from library systems that automatically log information, and from library databases that automatically log information. 

Manual Data

Manual data includes generic information collected by library staff regarding utilization of library spaces and services, such as attendance at library programs, instruction sessions, or one-on-one research appointments. This data is anonymized and staff record tallies of individuals, rather than individuals' attendance. For example, McFarlin Library staff collect room counts at the same times each day, but library staff only counts individuals in each space. In some instances, library staff may collect information regarding the degree level, course, or research topic in question, but no identifiable information is recorded.

Manual data is recorded in paper format before being keyed into an online spreadsheet. A digitized copy of the paper document and the online spreadsheet is retained in perpetuity within McFarlin Library's internal digital storage, which is managed by the University of Tulsa's IT department and is protected by the University of Tulsa's firewall. Only authorized users have access to manual data files. 

Library Systems Data

McFarlin Library relies on library systems to manage its circulation system, website, interlibrary loan and document delivery services, online catalog, and online user profiles within the online catalog.

  • Circulation System: Innovative's Sierra acts as McFarlin Library's circulation system. This system pulls patron data from the University of Tulsa's student and staff records to determine who has library privileges and to what degree. Patron records contain your full legal name, your TU ID number, your TU relationship (student, staff, faculty, et cetera), your TU email address, your department relationship, currently checked out materials, materials on hold for you, and information on fines accrued and their corresponding materials. Sierra automatically wipes all circulation data after fourteen days with exceptions for materials currently checked out, on hold, or for which there are fines. Your Sierra circulation profile expires after your relationship with the University of Tulsa ends, but your profile remains active for up to five years after your relationship ends should you have overdue materials and/or library fines. After five years, expired profiles and all corresponding overdue/fine information are wiped from Sierra. Only authorized library employees can review Sierra data. Data collected from Sierra helps the library make decisions on additional materials to purchase to support student success, but all data pulled from the system that is used outside of the library is anonymized so you are not identifiable. Examples of data pulled from this system to support decision making include your relationship to TU, your departmental relationship, information about the subject of physical library materials you checked out, or information about the shelving location in which physical library materials were pulled.
  • Website: McFarlin Library's website is created and managed using Springshare's LibGuides product. Springshare helps the library manage our main website, research guides, A-Z list for databases, and website-level searches. Springshare aggregates daily tallies for each of these components for one year. After one year, only monthly aggregations are available. Springshare only collects anonymized data, such as the number of visitors to our website and A-Z database list and the search terms entered into the website search bar. While still anonymized, Springshare does record the browser, operating system, screen resolution, and state/country information of the accessor. The University of Tulsa's IT department hosts our website and website resources, but only authorized library staff have access to Springshare and its data. Examples of data that might be pulled from this system to support library decision making include aggregated tallies on our number of website visitors or research guide users, research guide utilization based on topic, and website searches to improve findability of library resources online.
  • Interlibrary Loan and Document Delivery Services: McFarlin Library utilizes ILLiad to record and fulfill requests for interlibrary loan and document delivery materials. ILLiad requires users to set up an account by creating a login with a password. This account contains information on each user to facilitate requests, including full legal name, TU ID number, TU relationship (student, staff, faculty, et cetera), TU email address, phone number on file, local address, departmental relationship, currently checked out materials, materials on hold for you, articles available for download, all materials requested during the life of your ILLiad account. Inactive ILLiad accounts are purged after four years of inactivity, along with all historic loan information. Only authorized library staff can access ILLiad user and loan information. Examples of data that might be pulled from this system to support library decision making include aggregated tallies on the number and type of ILL requests, aggregated tallies on the number and type of ILL user (e.g. staff versus graduate student), aggregated tallies on the number and type of subjects requested via ILL, and titles of items (e.g. serials, monographs) that the library may consider for purchase.
  • Online Catalog and Link Resolver: ExLibris provides access to McFarlin Library's online catalog, called Summon. Additionally, ExLibris provides catalog enhancement resources to support student success through a service called Syndetics and access for current TU affiliates to electronic resources through a product called 360 Link. Summon, Syndetics, and 360 Link do not collect user-level information. All three platforms collect anonymized data on the average time spent by users during a web session using these products, the number of sessions in which users interacted with these products, and the number of actions completed in these products. Additionally, 360 Link tracks the number of times users clicked into an electronic resource. No personally identifiable information is automatically gathered in these platforms and only authorized library staff can access usage stats regarding aggregated usage of the library's online catalog. Examples of data that might be pulled from this system to support library decision making include the total number of users using the library catalog by day or month, the average amount of time spent by users in the library's online catalog and the number of clicks or interactions with the library's online services.
  • Online Catalog User Profile: Within ExLibris Summon, users can access their current circulation information and compile lists of books that they would like to read using the "My Account" feature. Within the "My Account" feature, users have to "Opt in" to allowing Sierra and Summon to track their history. Users opting in to tracking of their reading history and wish list items understand that this data will be retained until their affiliation with the University of Tulsa ends. McFarlin Library staff cannot access this data or information stored within the "My Account" feature. ExLibris or other branches of the Clarivate family that owns ExLibris may be able to access this information.

Electronic Resources and Vendor Data

McFarlin Library often uses third-party vendors to supply access to our electronic resources and library systems. Some of these resources are discussed above, and many of the other resources are listed in the library's A-Z database list. Additionally, many of the library's serial titles are provided electronically through vendors, and all library-owned electronic books are provided through these vendors. If and when you choose to use such services, we may share your information with these third parties. Information shared with third parties is only as necessary to confirm your affiliation with the University of Tulsa and on behalf of McFarlin Library. We may display links on our website, in our resource guides, or within our online catalog that may take you to third-party services or content. By following these links, you may be providing personal information (including, but not limited to personal information such as your name, username, email address, and password) directly to a third party, to us, or to both.

By using these services, you acknowledge and agree that McFarlin Library and the University of Tulsa are not responsible for how third parties collect or utilize your information. Library users must understand that use of remote or third-party vendor resources limits the privacy protection that McFarlin Library and the University of Tulsa can provide.

Third-party service providers may collect and share your information, including:

  • Personally identifiable information you knowingly provide. This includes registering for access to their site, providing feedback and suggestions, requesting information, or creating shared content.
  • Other information that you may not knowingly provide, but that could be used to identify you, such as your Internet Protocol Address (IP Address), search history, location-based data, and device information.
  • Biometric data such as facial recognition, voice recognition.
  • Non-personally identifiable information. This includes advertisements on the pages that you visit, analytics, browser information (type and language), cookie data, date/time of your request, demographic data, hardware/software type, interaction data, serving domains, page views, and the web page you visited immediately prior to visiting the third-party site.
  • Other data as described in the vendor's privacy policy and terms of use.

For more information on these services and the types of data that are collected and shared, refer to the Terms of Use and Privacy Policies on their webpages. You may choose not to use these third-party services if you do not accept their terms of use and privacy policies. Please take the time to read them carefully.

We encourage you to review the privacy policies of every third-party website or service with whom you interact through our Library services. You can always choose not to use third-party websites or services if you do not accept their privacy policies.

The Library also suggests links to external websites that are not under contract or our direct control. In these instances, you are not required to give these sites your Library card or any other personally identifiable information in order to use their services.

All McFarlin Library vendors supplying electronic resources or other library services abide by their own company privacy policies. McFarlin Library reviews these policies during contract negotiation and strives to protect patron data under these legally-binding contracts. Many vendors abide by GDPR guidelines and McFarlin Library aims to negotiate improved patron privacy where possible. The library has incorporated use of anonymization features from OCLC's EZproxy, the intermediary between users and databases to ensure that only TU affiliates are accessing our resources. McFarlin Library has opted into EZproxy's Security Identifier, which pseudonymously identifies each individual patron through an alphanumeric string of characters, and attaches the pseudonym to requests completed through EZproxy, thus adding an extra layer of protection between users and third-party vendors. A new, unique Security Identifier is created by OCLC for each individual patron on the first of each calendar month, and the previous month’s Security Identifier is permanently deleted by OCLC after two (2) calendar months. OCLC and the authorized content provider only uses the Security Identifier for the purpose
of identifying potential compromised usage. This feature is only available with certain vendors at this time, so users understand that not all third-party use of library resources will be protected by EZproxy's Security Identifier. 

McFarlin Library aims to compile all third-party data privacy policies within its Privacy Policy guide, but patrons can search and review the privacy policy associated with any third-party vendor to opt in or out of utilizing their product at any time.


Special Collections at McFarlin Library 

As a predominantly outward-facing library for researchers, McFarlin Special Collections relies on many of the same systems and third-party vendors as McFarlin Library, but data collection practices and personally identifiable information storage differ. Circulation information in regards to the titles that Special Collections' users have reviewed are maintained for fourteen days in accordance with Sierra's circulation records retention policy. However, Special Collections' other patron records are retained in perpetuity, including patron records within Sierra and in a physical format in a secure area. Special Collections' patron information may also be located within its online finding aid system, ArchivesSpace, within internal notes, or within departmental historic documentation. Physical records are stored within a secure area while digital records are stored with best practice assistance from University IT. 

Types of Data Collected and What We Do With Your Data

McFarlin Library requires your full legal name, current contact information including phone number and email address, information regarding your affiliation to the University of Tulsa, and a TU ID number to provide library services to you. In rare instances, McFarlin Library may set up guest privileges for visitors to the library. Visitors will be asked to provide their full legal name, a TU ID number (if necessary), birthdate, current mailing address, phone number, email address, and a photo ID to access library resources. 

Aggregate information on all library users includes:

  • Number of users in the building or in a particular area of the building at a set time
  • Number of materials circulating in a given time frame or subject area
  • Number of users accessing online resources by time frame or subject area
  • Number of interactions with library staff over a particular topic

More specified information is collected on certain groups of library users including:

  • Class level (undergraduate or graduate)
  • Identifying information for a specific class (professor name, course number, number of attendees)
  • Research topic or instruction session topic

Automatically collected data on users including:

  • Currently checked out books or library materials
  • Overdue or missing books or library materials
  • Unpaid library fines

Some user groups may have data retained in perpetuity regarding their use of the library, including:

  • Special Collections visitors
  • Special Collections research requests

McFarlin Library uses data manually or automatically generated to help inform library decision-making. Data containing personally identifiable information will only be used by authorized library administrators. Any data for external audiences is fully anonymized and you will not be identifiable by any data utilized for evaluation purposes. Anonymized McFarlin Library data produced for annual reports will be stored in accordance with the University of Tulsa's best practices for digital or physical file storage. Only authorized library staff members can access system data, aggregated data, and stored data. 

Even if not protected by GDPR, McFarlin Library users can email at any time to request more information about the data gathered on them and how it has been used or to request erasure of personal data gathered at the library level.

For More Information

If you have questions or concerns about our Privacy Policy and practices, please send an email to

You can also contact McFarlin Library's circulation desk by calling +1 (918) 631-2871.