Director Briefing - August 23, 2022

Ordering Barcode Scanners, Receipt Printers & Paper from Kelsy

The OWWL Docs page on ordering supplies has been updated.

On this page, you’ll find links to recommended retailers for purchasing barcode scanners and stands, receipt printers, and thermal receipt paper.

We’ve also listed our recommended receipt printer models to help take some of the guessing out of ordering (and even calculated how much each roll of receipt paper costs).

If your library still has non-thermal receipt printers (the ones that use the old ink ribbons), we recommend replacing them soon, especially if you will be buying new staff computers in the near future.

A note about BPA and BPS in thermal receipt paper

Did you know that thermal receipt paper contains Bisphenol-A (BPA) and Bisphenol-S (BPS)? According to the Minnesota Pollution Control Agency, “these chemicals have been shown to be hazardous to reproductive systems in humans and animals and are linked with obesity and attention disorders, and studies have found that individual thermal receipts can contain BPA that is 250 to 1,000 times greater than the amount in a can of food.”

Both our recommended retailers for thermal receipt paper offer a BPA-free option, as well as a BPA and BPS-free option. The BPA/BPS-free rolls are $.40 or $.80 more per roll (depending on the retailer) than the BPA-free paper. Please consider the benefits to your patrons and community when placing your next receipt paper order.

Bonus Tip

Not quite time to order new barcode scanners or receipt printers yet? Did you know you can bookmark OWWL Docs pages and add them to a list on the side of the OWWL Docs site? This is very helpful for pages you reference frequently, or pages you think you’ll need to reference in the future (like when it is time to purchase a receipt printer). This guide will show you how.

Question of the Week: Including Financial Discussions in Meeting Minutes

Question: My board feels uncomfortable including some of the financial conversations they have in the meeting minutes. Can we leave these or not post those specific minutes?

Answer: All financial information and conversations at a board meeting are public in nature. Minutes and meeting documents under discussion at an open meeting must be made available. However, in some instances, trustees need to learn about a situation before they are able to take formal action. There are a couple of options in this case.

Let's say a library is considering a new funding structure, but they are unsure what options are available. Their concern is that while they discuss they options in a public meeting they may not be able to openly ask questions to help them make a better decision. These conversations, while still public if they happen in a public meeting, can also be considered an educational meeting. If you have local experts come in to help the board understand options, and the board is taking no formal action, it may be able to occur in a non-public meeting. The main thing to keep in mind is that you need to avoid hiding information from the public, but if if the board is not aware of what information is out there, they could create an opportunity to learn about the situation before they bring it to a full meeting. This could certainly still be criticized by open governement hounds, but in my opinion, if the board is learning something new and would like an opporuntity to freely ask questions so they understand all the options, it could happen in an educational session. It is best to have these happen outside of a normal board meeting since this is not a legal reason to enter Executive Session.

This is a fairly unique example. If the board is simply discussing next year's budget, then that conversation needs to happen in an open meeting.

Another thing to keep in mind, meeting minutes are a public record of all formal actions taken by a board. Libraries are not permitted to omit or change motions in meeting minutes; this would be considered a falsification of public records. However, if an item is under discussion and no formal action or motion is taken, you do not need to include a detailed conversation account in the public record. You could simply say, "the board discussed the future financial situation of the library." In System's meeting minutes, we do not provide a record of the conversation, just the motions.

Rerun: Security Breach Memo

This memo is to inform you of a recent security breach involving a member library circulation email account. Along with communicating the seriousness of these security breaches, we would also like to share actions that your library should take to mitigate the risk of a breach at your library.

Incident

On August 14, 2022, at 7:39 PM, an unauthorized individual (we’ll refer to them as “the hacker”) gained access to a circulation email account from a VPN in California. Our logs indicate no password failures, so we suspect a weak password, a phishing scam, or both.

This hacker proceeded to set up several protocols to hide their activity and began sending phishing emails routed through Latvia via this account.

Luckily, a complaint was sent to support@pls-net.org about the phishing messages allowing Bob the opportunity to regain access and lock the account.

Unfortunately, this account was used at the Member Library to help send and receive documents for patrons (via email and/or fax). The account contained 40+ messages with personally identifying information such as SSNs, birth dates, names, email addresses, physical addresses, library card numbers, policy numbers, banking information, driver’s license information, etc.

Since personally identifying information was in this hacked account, the library is obligated to comply with the SHIELD Act and notify all impacted individuals of the breach. Failure to do so could result in penalties and fines.

We are working with the System’s attorney and the Member Library to ensure we comply with all aspects of the law, including implementing corrective action.

This is not the first data breach that we have faced. However, this instance is a bit more serious because of the content in the account. To give you an idea of the potential financial damages, the last case cost the System $4,661.85 in staff time and legal fees (this instance did not require a data breach mailing to comply with the SHIELD Act).

While hacks and security breaches will never stop, the System is committed to continuing policy evaluation and improving security practices to limit the risk of potential breaches.

We recognize that services involving personally identifying information are important to your patrons. To help limit the risk of potential data breaches, please read the attached resource. This was developed by Kelsy in our CANS department and can be used to amend local procedures that may leave your library at risk in the event of a data breach.

We should all use this situation to better prepare ourselves for future security breaches. Please feel free to reach out with any questions.

2022.08.19 Memo to Directors Regarding Security Breach.pdf

Civil Service Research

To help NYLA's Civil Service Committee, could you let me know if your library has specific examples of the following situations or how these priorities would benefit your library specifically?

Priority Item One: Continuous Recruitment

The option for continuous recruitment where possible. In instances when continuous recruitment is not possible, exams may be offered every two years regardless of the status of existing lists.

Priority Item Two: Standard Grading Metrics

A public standard across counties for Civil Service grading metrics – grading metrics should be understandable and predictable in order to assist potential applicants to take multiple-choice exams as well as complete experience-based exams.

Priority Item Three: Modernized Exam Content from the Field

The option for individuals from the profession to provide input on experience and multiple-choice exams specific to libraries. This allows for exams to match the needs of libraries.

Priority Item Four: Provisional to Permanent Appointments

If a test is not offered within nine months after an individual is provisionally appointed to a position, an employee becomes permanent.
If an exam is offered within nine months, a person in the provision appointment is scored as pass/fail on that exam.

Priority Item Five: Part-Time Positions

Part-time positions (i.e., less than 25 hours per week) should be non-competitive by operation of law instead of the local rule.

Priority Item Six: Electronic Canvassing Process

Simplify the list canvassing process by allowing for email and phone contact in lieu of mailing letters.