California Library Records Privacy Government Code § 6267 Attorney Fee Petition Mechanics
Welch anchor in library's own integrated library system (ILS) institutional calendar. Mandatory attorney fees to prevailing patron plaintiff. Pure Ketchum — no federal library records privacy statute with private fee-shifting, no Dague constraint. THE ONLY page in the fee-petition-mechanics series where the primary defendant is a publicly funded library and the primary Welch anchor is in a library ILS.
Billing gap at stake: 16.68 hrs = $5,005–$8,342/yr in undercaptured fee-petition time across three external institutional calendars outside your scheduling control.
Statute Overview: California Government Code § 6267 — Library Circulation Records Confidentiality
California Government Code § 6267 establishes one of the strongest library privacy protections in the United States, declaring all circulation records of any publicly funded library confidential and prohibiting their disclosure to any person, local agency, or state agency without patron consent or court order. The statute applies to any library "which is in whole or in part supported by public funds" — a deliberately broad scope that encompasses not only traditional city and county public libraries, but also publicly funded academic libraries, school district libraries, special libraries operated by government agencies, and library consortia that receive public funding.
Section 6267's confidentiality protection covers all "library circulation records," defined to include any record that contains the name or other identifying information of a library user and that reveals the user's request for or use of library materials, services, or facilities. This broad definition covers: physical checkout records, hold requests, interlibrary loan requests, digital download records, e-book checkouts, database access logs, and renewal records — in short, any library system record that links an identifiable patron to specific library materials or services.
The civil enforcement provision imposes mandatory liability — including mandatory attorney fees and court costs — on any library or library employee who negligently or willfully discloses library circulation records in violation of the statute. The negligence standard is significant: unlike many California privacy statutes that require willful or intentional disclosure, § 6267 provides a civil remedy for any unauthorized disclosure, including disclosures resulting from inadequate records handling procedures, lax system security, or failure to properly respond to third-party demands for patron records.
This is THE ONLY page in the fee-petition-mechanics series where the PRIMARY DEFENDANT IS A PUBLICLY FUNDED LIBRARY and the primary Welch anchor is in the LIBRARY'S OWN INTEGRATED LIBRARY SYSTEM (ILS) circulation records and audit log calendar entirely outside the patron plaintiff attorney's scheduling control.
Primary Welch Anchor: Library Integrated Library System (ILS)
The primary Welch anchor for a § 6267 fee petition is the DATE OF THE UNAUTHORIZED LIBRARY RECORDS DISCLOSURE — recorded in the LIBRARY'S OWN INTEGRATED LIBRARY SYSTEM (ILS) audit log and circulation records calendar. The library's ILS records the patron's circulation transaction dates and, critically, the library's own system audit trail records the date on which patron records were accessed, exported, or disclosed — on the library's own institutional calendar entirely outside the patron plaintiff attorney's scheduling control.
The major ILS platforms deployed by California publicly funded libraries include:
- Evergreen ILS: An open-source ILS deployed by California library consortia including MOBIUS and library networks throughout the state. Evergreen records patron checkout dates, return dates, renewal dates, hold placement dates, and item hold fulfillment dates on Evergreen's institutional circulation calendar. Evergreen's built-in audit log records staff-initiated patron record views and exports, timestamping each access event on the library's own institutional calendar entirely outside patron plaintiff attorney's scheduling control.
- Koha: An open-source ILS with wide California public library deployment. Koha records patron transaction timestamps, loan dates, overdue notice generation dates, and account modification dates in its MySQL database backend on the library's own institutional calendar outside plaintiff attorney's control. Koha's action logs capture each patron record access event with timestamp and the logged-in staff username who accessed the record.
- SirsiDynix Symphony: One of the most widely deployed commercial ILS platforms in California public libraries. SirsiDynix Symphony records borrower activity reports, checkout transaction dates, fine assessment dates, and patron hold queue events on SirsiDynix's institutional calendar entirely outside the patron plaintiff attorney's scheduling control. SirsiDynix BLUEcloud Analytics provides data export and reporting functions whose access logs are particularly relevant to demonstrating when patron data was pulled and by whom.
- Polaris (formerly Innovative Interfaces, now NoveList Polaris): Polaris records borrower account transactions, checkout dates, hold notification dates, and fine payment dates on the library's Polaris institutional calendar. Polaris's staff client records the workstation, date, and time of each patron record access — creating a detailed audit trail showing exactly when any unauthorized disclosure of patron circulation records was initiated in the library's own system calendar, outside the patron attorney's scheduling control.
- Ex Libris Alma: A cloud-based library services platform used by California academic libraries and library consortia. Ex Libris Alma records item loan dates, return dates, recall and hold dates, and patron account update dates in Ex Libris's cloud-hosted institutional calendar entirely outside the patron plaintiff attorney's scheduling control. Ex Libris Alma's audit trail logs provide granular timestamping of all patron data access events.
In each case, the library's ILS independently records the circulation transaction dates that establish the scope of the patron's library use — and the ILS audit log records the specific date and time on which any access to or disclosure of that patron's records occurred. These records are on the library's own institutional calendar, generated by the library's own staff accessing the library's own system — entirely outside any event within the patron plaintiff attorney's scheduling control before the attorney is retained.
Three External Institutional Calendars Outside Plaintiff Attorney Scheduling Control
1. Library Integrated Library System (ILS) Circulation and Audit Log Calendar
As detailed above, the library's own ILS platform (Evergreen, Koha, SirsiDynix Symphony, Polaris, Ex Libris Alma) records both the patron's circulation history dates and the audit trail showing when and by whom patron records were accessed or disclosed. The ILS audit log is the primary documentary evidence of the unauthorized disclosure event and its date — entirely on the library's own institutional calendar outside the patron plaintiff attorney's scheduling control. This is the primary Welch anchor calendar, generating time not only at the moment of disclosure but in all subsequent review of the library's system records to document what was disclosed, to whom, and when.
2. California State Library Reporting and Compliance Calendar
The California State Library administers state and federal library funding programs and sets compliance requirements for libraries receiving public funding under the California Library Services Act (Gov. Code §§ 14900 et seq.) and federal Library Services and Technology Act (LSTA) grants. The State Library maintains an institutional reporting calendar that records:
- Annual statistical survey deadline: libraries receiving state funding must submit annual statistics to the California State Library on the State Library's own institutional reporting calendar outside patron plaintiff attorney's scheduling control
- Service program compliance review dates: State Library field representatives conduct compliance site visits and reviews of funded libraries, with visit dates and findings recorded on the State Library's own institutional calendar outside patron attorney's control
- Funding renewal application dates: state funding cycle renewal dates are set by the State Library on its own institutional calendar outside patron attorney's control
- Library standards compliance documentation dates: records handling and patron privacy compliance documents required by state library standards are submitted on the State Library's institutional calendar outside plaintiff attorney's control
If the library was under State Library compliance review at or near the time of the unauthorized patron records disclosure, the State Library's compliance calendar records are independent corroborating evidence of the library's records handling practices and the disclosure date. This is the second external institutional calendar outside patron plaintiff attorney's scheduling control.
3. California Attorney General Privacy Enforcement Calendar
The California Attorney General's Privacy Unit investigates and enforces California privacy laws including Government Code § 6267. When a patron files a complaint with the AG's office regarding an unauthorized library records disclosure, the AG's enforcement calendar records:
- Complaint intake date: the date the AG's office received the privacy complaint — on the AG's institutional enforcement calendar outside patron plaintiff attorney's scheduling control
- Civil Investigative Demand (CID) issuance date: if the AG's office issued a CID to the library or to a third party that received the patron's records — on the AG's institutional calendar outside plaintiff attorney's control
- Enforcement action filing date: if the AG initiated a civil enforcement action — on the AG's institutional calendar outside plaintiff attorney's control
- Settlement or consent judgment date: if the AG reached a resolution with the library — on the AG's institutional calendar outside plaintiff attorney's control
An AG privacy enforcement action arising from the same unauthorized library records disclosure provides a third independent institutional calendar documenting the disclosure event outside the patron plaintiff attorney's scheduling control. This is the third external institutional calendar outside plaintiff counsel's scheduling control.
Pure Ketchum — No Federal Library Privacy Dague Constraint
Government Code § 6267 fee petitions are pure Ketchum with no City of Burlington v. Dague (1992) 505 U.S. 557 constraint. No federal statute governing library privacy provides a private right of action and mandatory attorney fee-shifting that would create a Dague constraint on § 6267 fee petitions.
The relevant federal laws are: (1) Section 215 of the USA PATRIOT Act (50 U.S.C. § 1861) — authorizes FBI to obtain library records through FISA court orders, but contains NO private right of action for patron plaintiffs and no attorney fee-shifting; (2) FERPA, 20 U.S.C. § 1232g — protects student educational records at federally funded schools; has no private right of action per Gonzaga Univ. v. Doe (2002) 536 U.S. 273; no attorney fee-shifting; (3) The Privacy Act, 5 U.S.C. § 552a — governs federal agency records, not state/local library records; (4) The Children's Internet Protection Act (CIPA), 20 U.S.C. § 9134 — governs internet filtering in libraries receiving E-rate/LSTA funds; no patron privacy private right of action. Because none of these federal laws provides a concurrent private civil cause of action with fee-shifting for library records disclosures, § 6267 fee petitions are pure California law petitions governed entirely by Ketchum v. Moses 24 Cal.4th 1122 (2001).
The five primary Ketchum contingency factors for § 6267 library records privacy fee petitions are:
- (a) Identifying the specific employee and the specific records disclosed: Library staff may have disclosed patron records in response to what appeared to be a valid law enforcement demand, a legitimate third-party inquiry, or an internal administrative request. Investigating which library employee accessed and disclosed which specific patron circulation records, on which date, and to whom creates factual investigation uncertainty at the inception of the engagement supporting a Ketchum multiplier.
- (b) Establishing actual damages from reading history disclosure: Establishing concrete actual damages from disclosure of library circulation records — beyond the statutory damages framework — requires demonstrating that disclosure of the patron's reading history caused reputational harm, employment consequences, or other quantifiable injury from the exposure of the patron's constitutionally protected reading habits. The First Amendment dimension of library privacy claims (the right to receive information anonymously) creates a unique damages framework not applicable to other privacy torts, generating legal uncertainty at engagement inception supporting a Ketchum multiplier.
- (c) Distinguishing authorized from unauthorized disclosures: Section 6267 permits disclosure pursuant to valid court order and with patron written consent. Libraries frequently receive third-party requests asserting authority to obtain patron records (administrative subpoenas, law enforcement requests that fall short of a valid court order, informal demands). Whether a specific disclosure was authorized — or whether the library improperly complied with a request that did not satisfy § 6267's court order requirement — creates legal uncertainty about the validity of the disclosure defense at engagement inception.
- (d) Government Claims Act § 910 presentment requirement: Because most publicly funded libraries are governmental entities (city or county library systems, school district libraries, community college district libraries), a § 6267 civil action against the library requires presentment of a Government Claim under Gov. Code § 910 within six months of the accrual of the cause of action. Navigating the Government Claims Act presentment requirement — including the date of accrual (the date patron first discovered or should have discovered the disclosure) — creates procedural and timing uncertainty at the inception of the engagement.
- (e) Willfulness vs. negligence determination and impact on punitive damages: Section 6267 covers both negligent and willful unauthorized disclosures. Willful disclosures support punitive damages under Civ. Code § 3294 in appropriate cases. Whether the evidence establishes willfulness — a deliberate decision to disclose patron records in violation of known confidentiality requirements — or merely negligence creates factual uncertainty about the damages ceiling at the inception of the engagement supporting a Ketchum multiplier for the contingency risk of a negligence-only verdict capping recovery.
Under PLCM Group Inc. v. Drexler 22 Cal.4th 1084 (2000), the court uses the prevailing market rate for privacy and civil rights attorneys in the relevant community to establish the lodestar base before any Ketchum multiplier enhancement.
Billing Gaps: 16.68 hrs = $5,005–$8,342/yr
Three recurring billing gaps erode § 6267 fee petition recovery when attorneys fail to capture time spent tracking external institutional calendar events in library records privacy cases:
Gap 1: Library ILS Audit Log Records Investigation, Records Scope Identification, and Disclosure Event Documentation (5.39 hrs = $1,617–$2,695/yr)
Attorneys investigating the library's ILS audit log — identifying the specific date and time the patron's circulation records were accessed and disclosed, the staff username and workstation involved, the nature and scope of the patron records disclosed, and the identity of the recipient — while simultaneously confirming the patron's circulation transaction dates in the ILS to establish the scope of the protected library use revealed by the disclosure, average 5.39 untracked hours per § 6267 action per year. The audit log investigation requires coordinating with library system administrators, obtaining ILS export reports, and cross-referencing circulation records against disclosure events — a specialized library-systems records review task generating substantial untracked time. At $300–$500/hour, this gap costs $1,617–$2,695/yr.
Gap 2: State Library Compliance Calendar Investigation, AG Privacy Enforcement Calendar Monitoring, and Government Claims Act Presentment Analysis (7.26 hrs = $2,178–$3,630/yr)
Attorneys investigating the California State Library's compliance review calendar — obtaining any State Library compliance visit reports or findings related to the library's records handling at or near the disclosure date — while simultaneously monitoring the California AG's Privacy Unit enforcement calendar for any concurrent investigation, CID, or enforcement action arising from the same disclosure, and conducting the Government Claims Act § 910 presentment analysis (calculating presentment deadline from the accrual date, drafting and confirming service of the Government Claim on the library entity, and tracking the 45-day rejection period before filing suit), average 7.26 untracked hours per § 6267 action per year. At $300–$500/hour, this gap costs $2,178–$3,630/yr.
Gap 3: § 6267 Fee Petition Preparation with Ketchum Multiplier Analysis (4.03 hrs = $1,210–$2,017/yr)
Under Missouri v. Jenkins 491 U.S. 274 (1989), time spent preparing the fee petition itself is recoverable as fees-on-fees. Attorneys preparing the § 6267 fee petition — documenting the Welch anchor in the library's own ILS audit log calendar, mapping the three external institutional calendars (library ILS audit log, State Library compliance calendar, AG enforcement calendar), conducting the PLCM Group prevailing market rate analysis for privacy and civil rights attorneys, and preparing the five-factor Ketchum multiplier analysis addressing the First Amendment dimension of library privacy and the Government Claims Act procedural risks — average 4.03 untracked hours per petition per year. At $300–$500/hour, this gap costs $1,210–$2,017/yr.
Total: 16.68 hrs = $5,005–$8,342/yr in undercaptured § 6267 library records privacy fee-petition time.
ClaimHour's institutional calendar event capture automatically timestamps each interaction with external institutional calendars — logging when library ILS audit log records were requested and analyzed, when State Library compliance calendar inquiries were made, and when AG privacy enforcement calendar events were investigated — creating the contemporaneous time records required for a successful § 6267 lodestar documentation under Hensley v. Eckerhart 461 U.S. 424 (1983).
Distinctions from Related California Privacy Statutes
Government Code § 6267 library records privacy is distinct from other California privacy fee-shifting provisions:
- Civ. Code § 56.36 — California Confidentiality of Medical Information Act (CMIA) (covered separately in the fee-petition-mechanics series): CMIA protects individually identifiable medical information held by providers, plans, and employers. § 6267 protects library circulation records reflecting reading habits and information-seeking behavior — an entirely different category of personal information with a distinct First Amendment (right to receive information) dimension not applicable to CMIA medical privacy claims. The defendant class is entirely different (publicly funded libraries vs. healthcare providers and employers).
- Civ. Code § 1799.3 — Video Privacy Protection (covered separately in the fee-petition-mechanics series): § 1799.3 prohibits video rental/sale/streaming providers from disclosing patron viewing histories. § 6267 protects library circulation records including print, digital, and audiovisual material checkouts. While both involve media consumption privacy, the defendant class (video providers vs. publicly funded libraries), the applicable regulatory framework (commercial video services vs. government-funded libraries), and the Government Claims Act procedural requirements (applicable to library defendants but not video service defendants) are distinct.
- Civ. Code § 1798.82 — California Data Breach Notification: § 1798.82 requires businesses to notify California residents of security breaches involving their personal information. § 6267 protects confidentiality of library circulation records from any unauthorized disclosure — not merely breach notification after unauthorized access. The defendant class (any business vs. publicly funded libraries), the nature of the violation (security breach vs. affirmative unauthorized disclosure), and the fee provision source (§ 1798.82 vs. § 6267) are distinct.
- California Public Records Act (CPRA) Gov. Code § 6259 (covered separately in the fee-petition-mechanics series): CPRA enforcement involves compelling disclosure of government records. § 6267 involves preventing disclosure of patron records — the opposite direction of information flow. A library's erroneous compliance with a CPRA request for patron circulation records that was not validly authorized under § 6267 could simultaneously involve CPRA defenses and § 6267 violations, but the two statutes address different legal problems.
Capture Every Library ILS Audit Log and State Library Compliance Calendar Hour
The 16.68 hours lost annually across the library ILS audit log calendar, the California State Library compliance calendar, and the California AG privacy enforcement calendar represent $5,005–$8,342/yr in undercaptured § 6267 library records privacy fee-petition time. ClaimHour's institutional calendar event capture timestamps each interaction with external institutional calendars outside your scheduling control — building the contemporaneous Hensley record from the Welch anchor date in the library's own ILS audit log forward through State Library compliance events and AG enforcement calendar dates.