Director Briefing - September 8, 2025

Upcoming Expansion of Minimum Standard Policies

Expanding the Minimum Standards for Policies

Over the past year, a PULISDO committee has been working on identifying a set of core policies that support strong governance and sustainable library operations across New York State. At the 2025 PULISDO Conference, the State Librarian confirmed that there is a regulatory path forward to incorporate these policies more formally into the Annual Report for Public and Association Libraries.

If libraries begin adopting these policies now, you’ll be well-positioned once the regulation is finalized.

Proposed Core Policy List

External-Facing Policies

1. Materials Selection / Reconsideration of Materials (including Displays and Programs)
2. Public Usage of Library Space / Meeting Room Use
3. Code of Conduct / Behavior
4. Confidentiality of Library Records
5. Public Comment

Internal-Facing Policies

1. Personnel Policies
2. Disaster Preparedness
3. Financial Control Policies

Why This Matters

• These policies respond to real-world issues (intellectual freedom challenges, First Amendment audits, cybersecurity, labor law, fiscal oversight).
• They will likely be integrated into the Annual Report as required or strongly recommended fields.
• DLD will also provide guidance, templates, and best practice resources to support adoption.

Reminder: Already Required Policies Libraries are already required to have the following under law or regulation:

• Open Meetings Policy (Education Law, §260-a)
• Confidentiality of Library Records (CPLR §4509)
• Conflict of Interest Policy (NPCL §715-a)
• Whistle Blower Policy (for certain libraries: NPCL §715-b)
• Disaster Response Policy
• Collection Development Policy
• Meeting Space Policy (if applicable)
• Internet Use Policy
• Code of Ethics
• Personnel Policy
• Financial Controls (Purchasing/Procurement, Petty Cash)

The takeaway: get these policies in place now and you won’t have to scramble later.

OWWLDAC Meeting – September 5, 2025

Highlights from the September 5 OWWLDAC Meeting

Here are the key topics and action items from Friday’s meeting:

Key Topics

• Policy Compliance & Updates – new board resolution requirement, expanded policy lists, system website updates.
• Data Security & Training – focus on cybersecurity, Zimbra training, FOIL requests, and risks of third-party communication platforms.
• Database Usage & Promotion – current resources (Consumer Reports, Kanopy, Mango, ASL Inside) and potential new databases (LinkedIn Learning, Mailbox Plus, Artist Works, Ground News).
• Library Operations & Best Practices – online card renewals, school district coding in Evergreen, disposal/sale of surplus property.
• Board Involvement & Oversight – introduction of a five-year financial oversight and audit cycle policy.
• Friends of the Library – legal status issues for groups not registered as non-profits.

Action Items for Libraries

• Pass an annual board resolution confirming compliance with minimum standards (by end of October or during your fiscal year).
• Review your policy set – especially financial and personnel policies.
• Ensure staff complete cybersecurity training (Zimbra required for new accounts Oct 1).
• Promote Consumer Reports, Kanopy, Mango, and ASL Inside. There are new promotional materials now available on the eResources Page on OWWL Docs.
  
• Consider adopting the five-year financial oversight cycle policy.
• Review disposal and sale of surplus property procedures; ensure board approval for non-exhaustible items.
• Avoid sharing patron-identifiable info on third-party platforms.
• Have staff sign the Systems Access and Confidentiality of Library Records acknowledgment form.
• Provide feedback on Artist Works or Ground News.
• If your Friends group is not a registered non-profit, take steps toward compliance.

New Sample Policies Available

New Sample Policies for Libraries

To support directors and boards, I’ve drafted three new sample policies for your use:

• Internal Communication Policy
• Disposal and Sale of Surplus Property Policy
• Financial Oversight and Five-Year Audit Cycle Policy

The Financial Oversight and Audit Cycle Policy is particularly timely, offering a practical solution to the difficulty libraries face in securing annual auditors.

If you’d like help adapting any of these policies for your library, just reach out and I’ll work with you directly.

Cybersecurity and New State Reporting Requirements

What the Law Says

New York State recently passed new cybersecurity reporting and training requirements for local governments and public authorities.

• Local governments are now required to report cybersecurity incidents and ransom demands to the Division of Homeland Security and Emergency Services (DHSES) within 72 hours of discovering the incident. Reports must also indicate if technical help from DHSES is requested or declined.
• Starting January 1, 2026, local government staff who use technology will need to complete annual cybersecurity awareness training. The State Office of Information Technology Services (OITS) will provide this training at no cost.

Libraries are not currentlyincluded in this law; therefore, you are not required to report to DHSES or participate in the state training. However, the focus on incident response and staff training shows that all public-serving organizations are expected to take cybersecurity seriously. It will be wise to continue moving in this direction so that we are prepared when libraries face the eventuality of having to comply with this standard.

What Libraries Must Do

Even though libraries are not covered by the new state rules, you still have important responsibilities for data protection, staff awareness, and compliance. Three OWWL Library System policies guide what member libraries need to do:

• Data Breach Policy: Libraries must notify affected individuals and appropriate authorities if personal information is compromised. This policy also sets clear procedures for reporting incidents to the System and responding to potential breaches.
• Systems Access and Confidentiality of Library Records Policy: Patron data and records are confidential and can only be accessed or shared in very limited situations. Directors must ensure that staff sign and retain acknowledgments for this policy.
• Computer Support Policy: Member libraries must follow set security standards so that software updates, antivirus protection, and system settings are consistent and up to date across the system.

State law also imposes obligations (which System policies are based on). The SHIELD Act requires libraries to maintain “reasonable safeguards” to protect sensitive information, and Civil Practice Law 4509 (which all library folks must know and understand) establishes the confidentiality of library records by default. Libraries must also be aware that, in certain cases, they may be required to report incidents to the New York Attorney General for issues involving data security.

Additionally, Minimum Standards (number 13) requires each library to provide annual technology training for staff, based on their roles and community needs. Because libraries handle sensitive information and must meet strict security requirements, this training must always include cybersecurity awareness. Phishing emails remain the most common entry point for attackers. At the System, Kelsy provides ongoing training and phishing awareness notices that are designed to help staff recognize and stop threats before they cause damage. Paying attention to those trainings is one of the simplest and most effective steps staff can take to protect their library and their community.

Libraries do not have to report incidents to DHSES, but the important question is: Are you ready if something happens? With strong policies, safeguards, insurance, and regular staff training, you can be confident in your response.

Key Takeaways for Directors

• The new state law does not currently apply to libraries, but it indicates that quick reporting and required staff training for cybersecurity are becoming the norm.
• Starting in 2026, local government staff will be required to undergo annual cybersecurity training. Libraries are not included, but Minimum Standards already require annual technology training for staff, and this must cover cybersecurity.
• OWWL member libraries need to follow three key system policies:
  • Data Breach Policy (reporting and response if personal data is compromised)
  • Systems Access and Confidentiality of Library Records Policy (limits on access and disclosure of patron data, with staff acknowledgement required)
  • Computer Support Policy (use of OWWL-provided IT support to maintain consistent security standards)
• Libraries also need to comply with the SHIELD Act and Civil Practice Law 4509, which require robust safeguards and protect patron records. Sometimes, incidents must be reported to the Attorney General.
• Staff training and awareness are your first line of defense. Directors should make cybersecurity a regular part of staff development.
• The main question for every library is: If something happens tomorrow, are you ready to respond?

Practical Steps for Directors

• Ensure that all staff/authorized users have signed the local acknowledgement of the Systems Access and Confidentiality of Library Records Policy. This is required for anyone who needs access to library systems or patron data.
• Verify that your library has a Data Breach Response Plan and that staff are aware of the procedures for reporting a breach. If an issue arises, please email support@owwl.org and we will assist you.
• Review your library’s cybersecurity insurance and ensure it is sufficient. Please let me know if you have any questions.
• Provide annual technology training for staff that covers cybersecurity, as required by Minimum Standards.
• Encourage staff to complete and actively engage with phishing awareness and other cybersecurity trainings provided through the OWWL Library System.
• Schedule a periodic review of your library’s technology and privacy policies with your board and staff.

Upcoming Cybersecurity Training with Kelsy

Kelsy is offering two timeslots of cybersecurity training for library staff this October. This training will equip library staff with practical knowledge and tools to protect themselves and their workplace from online threats. The session is divided into three key parts:

• The Threats – Learn why cybercriminals target individuals and organizations, the methods they use, and the goals we strive to maintain: safeguarding data and keeping our devices free from compromise.
• How to Stay Safe – Explore essential practices for reducing risk, including timely software updates, strong passwords and password managers, multi-factor authentication, secure browsing, phishing recognition, and safe device habits.
• Reporting Incidents – Understand why reporting is critical, how to respond to phishing attempts, and the importance of following your library’s reporting procedures.

By the end of this session, staff will be better prepared to recognize cyber threats, protect library resources, and take the right steps when incidents occur.

This training will be held on Zoom. Please note this training is 1.5 hours.

Register:

Wednesday, October 22 from 2 to 3:30 PM: https://owwl.libcal.com/event/15296596

Thursday, October 23 from 10 to 11:30 AM: https://owwl.libcal.com/event/15296611

Now Virtual: Procurement and Other Common Topics in OSC Audits

Due to a scheduling conflict at our in-person location, the Procurement and Other Common Topics in OSC Audits workshop has been moved fully virtual.

This session will provide an overview of Procurement for public libraries. Additionally, we will explore audits from the Office of the State Comptroller (OSC) with an eye to procurement and the other most common topics that impact libraries. Attendees will learn how to use OSC audits to their advantage.

Date/Time: Monday, September 15, 2025 at 5:00 PM

Register here if you would like to attend: https://owwl.libcal.com/event/14355162

Library Hours Brochure

Kelsy sent out a couple notices about the Library Hours Brochure on OWWL Docs.

Subscribe for notifications of changes

For those who use the brochure, you can now subscribe to the brochure page on OWWL Docs and receive an email notification when there has been an update. Make sure you are logged into OWWL Docs, then click on the "Subscribe" button on the brochure page.

If any changes to the page are detected, OWWL Docs will send a notification email to subscribed users at 6 AM the following day. The email will contain a link that you can click on to go straight to the brochure page.

Changes made to brochure today

If you take a look at the OWWL Docs brochure page, you may notice that I updated the brochure this afternoon to reflect Macedon and Attica expanding their hours. However, I would recommend waiting a bit longer before printing large quantities of the brochure. This will give other libraries a chance to reply to my original email where I asked for changes to be submitted by September 12.

NOVELny Database Webinars

There are a few upcoming webinars on NOVELny databases from the State Library. These might be helpful to attend or to share with interested patrons. Register below to attend or to receive a link to the recording.

NOVELny Webinar: Back to School with Britannica | Thursday, September 11 at 11 AM | Register Here

Whether you're new to Britannica or just want a refresher, this session is for you! With thousands of fact-checked articles and engaging images and videos in Britannica School, Academic and Escolar, we have just what you need to incorporate high-quality digital content into your classroom or media center. In this session attendees will:

• Learn about key features in Britannica resources to help meet students where they are,
• Share best practices for implementing Britannica resources in the classroom,
• Explore Teach Britannica, an open-access educator hub with high-quality resources for the classroom and media center.

NOVELny Gale in 15: Peterson’s Test and Career Prep to Support Fall SAT and ACT Exams | Thursday, September 18 from 3-3:15 PM | Register Here

SAT and ACT exams are right around the corner and your NOVELny resources, Gale Presents: Peterson’s Test and Career Prep can help! Join this short, virtual training session to learn more about these resources and discover exam prep courses, practice exams, and more!

NOVELny Webinar: Teach Britannica: Igniting Curiosity with High Quality Resources | Tuesday, September 30 at 12 PM | Register Here

We get it - lesson planning is time consuming, and your time is valuable! Why not let Britannica help you? Introducing Teach Britannica, a new open-access resource hub with plenty of materials to make lesson planning a snap! With evidence-based lessons, engaging bell ringers and exit tickets, and dozens of graphic organizers, Teach Britannica has a little something for everyone. Join us to learn more and share best practices for implementing these resources in the classroom!

Supporting Higher Ed Students with Gale OneFile Periodical Resources from NOVELny | Thursday, October 16 at 10 AM | Register Here

Covering nearly every research area and discipline, the NOVELny Gale OneFile periodical resources support students at all academic levels. This webinar provides an overview of all included resources, and ideas for connecting Gale OneFile resources to a variety of higher education departments.

Why Doing Less Helps Libraries Achieve More

If you've ever sat through a leadership meeting where the list of “priority initiatives” was longer than the agenda, you understand the issue: too many projects and too little progress.

Libraries and nonprofits are particularly vulnerable to this. We want to say yes to every good idea, request, and opportunity to serve our communities. Starting something new can be positive and exciting. But the hard part isn't starting; it's knowing when to stop. Without that discipline, resources become overextended, people get exhausted, and essential goals take longer to achieve.

I have seen organizations with more projects than people to manage them, each claiming to be essential. The result is overload. Instead of breakthroughs, bottlenecks develop.

The counterintuitive truth is that doing less allows us to accomplish more. When we focus on fewer initiatives that truly matter, energy flows where it has the greatest impact. Work accelerates. Teams feel more motivated. The mission becomes clearer. Many organizations could cut half their current projects tomorrow, and the outcome would be better services, not setbacks.

Why It Is So Hard to Stop

Stopping a project can feel uncomfortable. Leaders worry about wasted investments, reputational risk, or disappointing staff and community partners. “Zombie projects” continue long after they have lost their value, simply because no one wants to be the person to say it is time to move on.

This is more than inefficient; it is risky. Excessive project lists slow down fundamental transformation and hinder organizations from focusing on what matters most. Success does not come from adding more; it comes from sharpening focus.

Habits That Make Stopping Easier

Organizations can reframe the way they think about projects. Here are seven habits that help:

1. Make continuation a choice. Every project should earn its place based on future value, not past investment.
2. Force tradeoffs. If leaders want to start something new, they should stop something of equal importance. This keeps priorities honest.
3. Not every idea deserves project status. Try short pilots or squads to test ideas before turning them into full-scale projects.
4. Set time limits. Use three or six-month cycles, then review. This makes pivoting or ending a project easier and less personal.
5. Celebrate stopping. Recognize leaders and teams who free up resources and redirect them effectively, not just those who launch new programs.
6. Catch weak projects early. Missed deadlines, slipping engagement, or fading sponsor interest are signals that it is time for a tough conversation.
7. Move people quickly. When staff from a closed project are reassigned to top priorities, stopping feels like progress instead of loss.

Winning by Stopping

When we develop the habit of ending projects that no longer align with the mission, we create space to focus on the ones that do. Teams gain clarity, and communities benefit from stronger, more visible results. Staff become more energized because their work is clearly connected to a purpose.

At your next planning session, avoid simply asking, “What should we start?” Instead, ask, “If we could only keep half of what we're doing now, which half truly matters?” Then act on that decision.

Ultimately, success isn't about how much we start; it's about how well we finish what truly matters most.

This article was inspired by themes from an August 2025 piece in Harvard Business Review, “Your Company Needs to Focus on Fewer Projects. Here’s How.”