32 Survey Results: Survey Questions and Responses USA Patriot Act of 2001 9 31% Family Educational Rights and Privacy Act (FERPA) 8 28% Canada’s Privacy Act 0 — Personal Information Protection and Electronic Documents Act (PIPEDA) 0 — Other document 3 10% Please briefly describe the other document. N=3 ALA Policy on Confidentiality and Privacy of Library Records California Digital Libraries commitment to user policy HIPPA, Information Technology Policies—Electronic Information Classification 31. How often is the privacy policy updated or reviewed? N=27 Annually Annually or as needed Approximately annually As needed (3 responses) As the laws change and library stays in compliance on known policies. Currently under review. Every 3 years Every 3–4 years. Hasn’t been updated since 2004. I have no idea. Infrequently It is reviewed annually. It should be noted that the institution privacy policy is brand new and in response to a new law requirement imposed by the European Union [GDPR]. That document was to be ready by June 1 but has yet to be posted. It was updated this year. It is updated as needed and reviewed by both the University Library Dean’s Council and General Council. There is not a set timeline for reviewing it, but it should be reviewed each time the website is redesigned, as well as any need for clarifying privacy policy that might emerge on an ongoing basis. Last update of university policy 1/17, Libraries’ policy 10/2013 No library specific policy. Not sure. Last update was January 2018. Periodically, but not on a regular cycle. Periodically undertaking review now. Review cycle: every 2 years The privacy policy is being discussed now at the university level to reflect institution’s desire to use student data for predictive analytics projects. A group out of provost’s office is tasked with developing guidelines and policy relating to the use of student personal data.