Skip to Main Content
Library Guides

Library and IT Self Help

Self help articles for Library and IT support

Library and IT Self Help Banner

Data Protection and Freedom of Information Act in the Library

University information about Data Protection & Freedom of Information is available here.

Data Protection (DPA) and Freedom of Information Act (FOI) in the Library

1. Sources of personal data held by or accessible by Library and Digital Support

1.1 Library Management System

Within the library, most user data is held on Alma. We cannot disclose to anyone other than the student or member of staff concerned, who has a particular item on loan, who has placed a reservation on an item or any personal details such as home addresses. Staff should be satisfied that any release of data of this kind should be supported by corresponding identification such as a current University card or Associate library card. Staff may disclose information to other staff within LDS for specified administrative tasks, e.g. overdue procedures. The sensitivity of data held should determine its level of security and confidentiality.

Students wishing to access to the data we hold on them should be encouraged to use

“Your account” section on Alma. We would maintain the right to levy an administrative charge if we are asked to provide any further information by users (e.g. borrowing or overdue charges history. After a student has left the University, all data about them held on Alma is deleted unless they have outstanding charges or overdue loans which we may then pursue.

1.2 Student Record System

The Student Record System (UnitE) contains confidential personal data and assessment marks. Only designated library staff have access and can only log on to the system using their individual username and password.

Data seen must not be disclosed to others except for clearly defined work purposes, e.g. to determine which course a student is studying; identify an external address for correspondence, etc.

1.3 Manual records

The Library holds files on library users as follows:

  • Short term manual records used to record manual issues, equipment bookings, and short-term arrangements for loans. These are kept until the data has been entered on Alma or the item returned to the library.
  • Associate members’ registration cards. These are kept until the Associate member leaves the University or their Associate membership expires and all charges and outstanding items are cleared from their card (whichever is soonest).
  • Visitors’ forms (records of members of the public who use the library). These are kept for one year.
  • Comments, suggestions and complaints – written or e-mail complaints, comments and suggestions and the Library’s replies will be held for one year.

1.4 CCTV

CCTV is in operation in the Plymouth library building. Images are held for no longer than 7 days, after which they will be erased. Access to, and disclosure of, images recorded by CCTV is restricted and carefully controlled.

2. Access Control System

An access control system is in operation at the Plymouth library for the safety and security of authorised users. A transaction log is stored electronically and viewing of this is strictly restricted. It may be viewed for the purposes of crime prevention and detection and to facilitate administration of the system. Data is held for no longer than 14 days after which they are deleted.

3. Consent

Normally, the University is not authorised to release any information about a student or member of staff (or any other individual on whom it holds personal information) to anyone except that individual. Unauthorised disclosure of information is not only a breach of the Data Protection Act, for which the University could be liable, but also breaches the undertaking of confidentiality to staff and students.

This applies even if the request for information comes from a relative, partner, colleague or close friend of the student/ staff member.

The University may disclose personal information to a third party if it has the specific written consent of the individual to whom the personal information relates. Written consent should identify the named individual(s) and the type of information which can be released, e.g. address, items on loan, etc and whether the request for information will be ongoing. Staff should verify the identity of the enquirer whenever possible. Library staff should not enter into correspondence with parents or partners, etc over missing items, overdue charges, etc, without the written consent of the student