Privacy Policy

Institutional Policy

The Huntington Library's institutional privacy policy can be viewed at

Library Division, The Huntington

The Huntington's Library Division (Library) is committed to protecting researchers' privacy when library resources are used and personally identifiable information is collected. The Library defines "researcher" as a reader or remote patron using the Library’s resources.

California State Law protects the confidentiality of all library researcher records. The Huntington complies with all sections of the State of California Public Records Act (Protection of Library Circulation and Registration Records, Government Code Title 1, Division 7, Chapter 3.5). All registration and circulation records of library researchers shall remain confidential and shall not be disclosed to any person, local, state, or federal agency unless required by law or court order.

The Library's Researcher Privacy Policy explains your privacy and confidentiality rights as a library researcher, the steps the Library takes to respect and protect your privacy when you use library resources, and how we deal with personally identifiable information that we may collect from you.

The American Library Association's Library Bill of Rights considers privacy essential to the exercise of free speech, free thought, and free association.

This policy applies to researchers using the Library. The Huntington has a separate institutional privacy policy.

The Library's policy is subject to continuous review and may change periodically.

1. Notice

The Library gathers information about current library researchers for the sole purpose of providing access to the Library and its resources and services. Where it is necessary for the Library to identify researchers, it is our goal to gather the minimum information necessary.

We avoid creating unnecessary records and retaining records not needed for the fulfillment of the mission of the Library.

We do not engage in practices that might place personally identifiable information in or on public view. Reporting and statistics about the use of the Library's collections is anonymized and sanitized to prevent the identification of individual researchers.

2. Consent

The Library keeps all personally identifiable information confidential. Researcher records will only be released to the person whose name appears on the library borrower record. No information from any researcher's record will be released to any third-party, including law enforcement, unless required by law or a court order.

When you enter the Library, you must present your library card and your barcode is scanned to record your attendance by a security officer. Data collected at security access points include your name, username, barcode, card expiration date, and the time you entered the Library.

When you sign in to the Library's secure reading room, the barcode on your photo identification card links to your personally identifiable information, the time you signed in, and to the items you requested for use in the reading room.

When you borrow general collections materials, the barcode on your photo identification card links your personally identifiable information to the items borrowed.

When using library services through our website, you may need to provide your name, e-mail address, username, and password.

When using certain library services or collections, you may need to show identification and/or provide personally identifiable information on paper forms or logs that are retained as needed.

Library staff will respect and uphold the Library's Consent to Share Agreement.

3. Accessing your information

The Library provides you access to activities on your library accounts. Before viewing your library account in Aeon or the Library Catalog, you are asked to login with a username and password. You may update your personal information online, in person, or by calling Reader Services.

Library researchers must update their personally identifiable information to ensure that library operations can function properly.

4. Data Integrity & Security

Data Integrity

The Library is committed to collecting and maintaining accurate and secure data. We strive to assure data integrity, including: using only reputable sources of data, providing you access to your own library account, updating data whenever possible, utilizing middleware authentication systems that authorize payments for services and use of licensed third-party resources without requiring personally identifiable information, and destroying data or anonymizing it.

Data Retention

We protect personally identifiable information from unauthorized disclosure. Once it is no longer needed to manage library services, we regularly purge, shred, or anonymize personally identifiable information about library researchers, library resource use, and security/surveillance tapes and logs.

Tracking Researchers

We do not ask library readers, visitors, or website researchers to identify themselves or reveal any personal information unless they are accessing the Library's buildings and secure reading rooms; borrowing materials; asking a reference question for which follow-up is required; requesting special services; registering for access, services, tours, or classes; or making remote use from outside the Library of resources restricted to registered borrowers under license agreements or other special arrangements. Imagery collected from surveillance cameras is retained in a secure environment and is only accessible by authorized staff who have a legitimate reason to do so.

Third Party Security

The Library uses and links to resources owned and operated by third parties, including integrated library systems, offsite computer services, databases, and electronic journals. We license these resources for the use of authorized researchers. We make every attempt to include researcher privacy protections in license agreements with third parties, such as vendors of digital information resources like electronic databases and journals. The Library's EZproxy authentication software connects on your behalf to the Library's licensed databases to obtain webpages and sends them back to you. The Library's server address is registered with each database vendor - the vendor sees the requests as coming from an authorized IP address permitting you to access content. When connecting to licensed resources outside the Library, we authenticate researchers as members of our Library and do not provide any personally identifiable information. Nevertheless, because the use of these websites and resources is not governed by the Library, we strongly recommend that you review the privacy policies of the websites and resources that you visit and especially before creating a user profile in a third-party system or site.

Payments for Library Services

The Library does not retain any of your personal financial information. Online credit card payments for Imaging Services are made using Authorize.Net on a secure page hosted by this provider and not in the Library's Aeon System. When you choose transactions to pay for and click the "Pay Now" button on the Aeon Orders to Approve/Pay form, you are taken directly to Authorize.Net.

Mailing Lists

The Library maintains an e-mail mailing list to send announcements to its research community on an opt-in basis. You may unsubscribe from the mailing list at any time. If you need assistance canceling your subscription, you may contact Reader Services. The Library does not share your e-mail with other parties at The Huntington or sell or lease your personal information to companies, universities, or individuals.


Some of the Library's resources require the temporary enabling of cookies. For searches conducted on your computer, you can refuse to accept or disable cookies and remove them from your hard drive.

Security Measures

Our security measures involve both managerial and technical policies and procedures to protect against data loss and the unauthorized access, destruction, use, or disclosure of the Library's data. Our managerial measures include internal organizational procedures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Our technical security measures to prevent unauthorized access include encryption in the transmission and storage of data and storage of data on secure servers. We discourage researchers from choosing passwords that could reveal their identity, including usernames, social security numbers, birthdays, e-mail addresses, zip codes, etc.

Staff Access to Personal Data

We permit authorized Library staff with assigned usernames and confidential passwords to access personal data stored in library systems on a need-to-know basis in order to perform library work. Imagery collected from surveillance cameras is retained in a secure environment and is only accessible by authorized staff who have a legitimate reason to do so.

5. Enforcement & Redress

Library patrons who have questions, concerns, or complaints about our handling of their privacy and confidentiality rights should file written comments with the Library Director and the Head of Reader Services. We will respond in a timely manner and may conduct a privacy investigation or review of policy and procedures.

Library staff refer law enforcement inquiries to the Library Director. We will not make library records available to any agency of state, federal, or local government unless a subpoena, warrant, court order or other investigatory document is issued by a court of competent jurisdiction that shows good cause and is in proper form.


The following list captures the primary vendors used within the Reader Services department to handle reader data, with links to their privacy policies. In addition to these vendors, separate resources such as databases and e-journals often have their own privacy policies when using their respective websites.

Acuity Scheduling

View Acuity's privacy policy »

The Library uses Acuity so that readers may self-schedule registration and renewal appointments online. Acuity stores your name, email address, and appointment dates, and uses your contact information to email you an appointment confirmation and an appointment reminder.

If you are new to the system, when you sign up for an appointment in Acuity, Acuity will cue Mailchimp to email you an invitation to subscribe to the reader e-newsletter. No action is needed if you do not wish to subscribe to the reader e-newsletter.


View Mailchimp's privacy policy »

The Library uses Mailchimp to send the reader e-newsletter. Mailchimp stores your name, email address, and the history of which reader newsletters have been emailed to you.

To unsubscribe from the newsletter, you can click on "Unsubscribe" at the bottom of any newsletter emails or you can email us at reference​


View Springshare's privacy policy »

The Library uses Springshare for its Libanswers ticketing system to respond to queries from readers, researchers, and the public.

Innovative/My Library

View Innovative Interfaces' privacy policy »

The Library uses Innovative to power its online catalog. By default, your My Library account does not save your reading history unless you opt-in.

Aeon by Atlas Systems

View Atlas Systems' privacy policy »


The Aeon website uses technology that sends a "Session ID" to be stored on your machine. You can manually refuse this cookie using your web browser's security settings and still be able to use Aeon without any problems.


Aeon stores and encrypts your password, so if you lose your password, staff cannot retrieve it. Rather, use the Password Reset option to set a new password.

We also recommend that you follow good security practices and choose a password that is different from your username and other passwords you use to access other systems with sensitive information.

Privacy on Public Workstations

If you are accessing Aeon (or any other Library websites) on a public workstation, be aware that web browsers save information and create history files: the next user may be able to access your information. In order to safeguard the security of your personal information and requests, we recommend the following steps:

  • Use the browser in incognito mode
  • Log out of your account when you are finished
  • If not using the browser in incognito mode, be sure to delete your browsing history
  • Close your browser when leaving the public workstation