Libraries and shoe stores operate in different market niches but share a similar need for marketing. They both have an inventory they want to make available to a customer base of regular and occasional users and an interest in reaching out to non-customers. If anything, libraries have a stronger motive for marketing because, beyond their inventory of books and resources for lending, they have equally valuable services to promote. These include the skills and knowledge of reference librarians, new resources, and events aimed at a variety of patron groups.

While this article should not be considered legal advice, I am a law librarian who directs a university law school’s Legal Resource Center. I’m also a legal researcher and writer and have been a law school instructor for more than 30 years. I’m confident in my overview of the legal issues surrounding privacy law and using patrons’ email addresses for marketing communication.

Keeping Your Emails Legal

Email can be a valuable—or annoying—marketing tool for anyone promoting a product or service. However, some librarians have been reluctant to interact with their patrons via email. There is uncertainty: Is it legal? Will it be considered spam? What can be put into an email? And the key question might be, will email marketing communication benefit both the library and the patron?

When people think about email spam, their first reaction is that it violates recipients’ right of privacy. Privacy laws in the U.S. are a combination of common law (law that has evolved over time and history through the decisions of judges) and statutory law (laws that are enacted by Congress and the state legislatures).

Common law privacy rights have evolved since the late 1800s and are largely driven by an attempt to prevent intrusions into one’s “solitude” and to preclude the public disclosure of private facts. However, as the law has developed, a key distinction has focused on information that one person discloses to another. To the extent that one person shares information with another, that information loses most or all of its privacy protection. Even when the information is disclosed as part of a business or similar transaction, such as signing up for Amazon deals, retail loyalty programs, or library cards, people are considered to have “shared” that information, and so it loses much of its privacy protection.

However, the federal and state legislatures have stepped in to address privacy in various circumstances. Two areas of interest to libraries are the CAN-SPAM Act, passed by Congress in 2003, and various state laws covering the confidentiality of library records (for example, the Illinois Library Records Confidentiality Act).

The CAN-SPAM Act was passed in response to complaints about unsolicited email, particularly unsolicited adult-oriented email. The act is not an outright ban on unsolicited email, but it requires unsolicited commercial email to provide specific information and to avoid using false or deceptive information. As long as the email is clear, is not misleading, is identified as an advertisement or promotion, provides an accurate business address, and has an opt-out provision, it will generally comply with CAN-SPAM.

Library records confidentiality laws arose in the 1960s and 1970s in response to stories of federal and state law enforcement agencies wanting to obtain checkout records of activists, protesters, and alleged communists. Using the Illinois Library Records Confidentiality Act as an example, these laws generally require that “the registration and circulation records of a library are confidential information.” The law goes on to say, “No person shall publish or make any information ... available to the public.”

Many librarians have been concerned that a patron’s email address is considered part of the registration record and is confidential. Most states would say that yes, it is part of the registration record and is covered by the state law. However, in sending an email about library activities or services, you are neither “publishing” the email address nor making it “available to the public.” The one-on-one nature of the email interaction would not be considered publishing in that the email address is only disclosed to the patron who provided it.

It is fair to say, however, that library confidentiality laws limit certain actions like selling or marketing an email list to a third party such as a database vendor or service that might want to communicate directly with the patron. This occasionally happens in the law library where I work, when vendors ask us to provide student email addresses to them. In our case, this not only violates library confidentiality laws, but also the Family Educational Rights and Privacy Act (FERPA).

Follow Best Practices

While neither common law nor statutory law prohibits the use of email to market library services to patrons, each creates some level of regulation and best practices that librarians should consider. ALA provides a Privacy and Confidentiality Q&A webpage on privacy best practices. In its discussion on the use of “circulation or registration information,” it suggests that notice should be given and that people be asked to “opt-in” to having libraries use their email addresses. This goes further than the CAN-SPAM Act, which only requires that an “opt-out” be provided.

There are other recommended practices about using email for marketing and other communications. Some track the requirements of CAN-SPAM and other laws, while some are simply good business recommendations. Chief among them is, DON’T SPAM!!! with all caps and exclamation points.

Also consider doing a review of the email before sending it. Perhaps review it by sending it to yourself or a colleague, so you can see it as the real recipients will see it (including on mobile devices). Be sure to include your physical library address and an “unsubscribe” button in your email as required by CAN-SPAM.

The email marketing community also offers best practices, including the following:

• Carefully schedule and time your email blasts to make sure they deliver value.
• Avoid sending emails too frequently.
• Write clear subject lines.
• Identify a specific person or department as the sender to help personalize the email. (My suggestion would be to set up a specific email address for the sender or department to use that’s different from the person or department’s regular work email.)
• Keep the text simple.
• Keep the focus on the library.

Gathering Email Addresses

If you want to gather more email addresses, you’re not limited to doing it on library card registration forms. Any form your library uses (print or electronic) should have a field for the patron to share an email address. Suggested practices also include having a “subscribe” or similar link on the library website and as part of your blog and social media posts.

To ensure that the patron is certain about their interest, use a “double opt-in” method. A double opt-in is when a person provides an email address, then receives an email with a link he or she must click to confirm that the email address is correct and that they do, in fact, want to receive your messages. However, selling or marketing email lists to third parties may violate state library confidentiality laws. Buying email marketing lists should be avoided for similar reasons.

Use Common Courtesy

Developing and implementing an email communication plan is a common, widespread, necessary, and legal part of library marketing. Staying legal requires little more than adhering to the common courtesies and expectations that are already part of the lifeblood of libraries. Focus on the patrons and treat them with respect and courtesy.