Privacy & Data Retention Standards

Standards, values, and other information relevant to the NYPL Engineering Team.

Privacy & Data Retention Standards

NYPL’s full privacy and data retention policy

Products (i.e. services or applications) that retain personally identifiable information (PII) for a period greater than 7 days MUST be documented and approved by appropriate Product and Engineering management.

PII includes:

Patron information (ID, name, email address, address, etc.)
Bibliographic information (e.g. ID, title, etc.) when it relates to a patron
Item information (e.g. ID, title, etc.) when it relates to a patron
Computer information (IP address, etc.)

New third-party products (e.g. Optimizely, Google Analytics) used by the Engineering team MUST also be subject and evaluated according to this standard.