Contact Us | Donate | Advertise Follow us on TwitterFollow us on facebookFollow us on LinkedIn

MLA Privacy Policy

Last Updated 1/20/23 [MLA scope and contact information update; data controller privacy link updates]

This privacy policy explains how MLA collects, uses, and safeguards information you provide to us.

Scope of the MLA Privacy Policy

This policy applies to your use of the,, or conference registration websites (MLA Sites) or their paper equivalents (e.g., forms, ballots), which are operated by or on behalf of MLA. This policy does not apply to your use of other websites to which MLA Sites may link.

Personal Information MLA collects is used to help us better serve our members and the health science library community and to improve your user experience. We collect or store only Personal Information that our members and visitors provide. MLA does not collect Personal Information from casual users browsing MLA Sites.

In the event of a security incident or breach, MLA will notify you without delay after becoming aware of the incident and will provide you with our next steps to protect your Personal Information.

Personal Information We Actively Collect

  • Profile. When you create a user profile or log in to MLA Sites, we ask you to provide us with your name and email address. We use this information to provide you with the service(s) from us that you choose to use. You may also provide optional details about your organization, address, communication preferences, picture, biographical information, and social media identifiers. You may update your profile information by logging into MLANET any time.
  • Purchases. We collect information on products and services you purchase, including membership, products, education courses and webinars, credentialing, and MLA meeting attendance.
  • Education. We collect evaluation information on your experience(s) with MLA education on MEDLIB-ED. This information is only individually visible by you and MLA Headquarters staff unless you choose to release it to others, such as with an education transcript or a certificate that you completed a course or earned MLA continuing education credit. We may provide aggregate course evaluation information in reports to instructors or member groups that assess use and satisfaction with MLA education; we do not share individually-identifiable responses.
  • Email. We collect and store email you send to forums and email lists MLA hosts or sponsors. Your email to these lists may be visible to the public (MEDLIB-L), be restricted to the list’s group, or be restricted to MLA’s members. We also collect email that is sent to you automatically by our system; this is visible to you from your profile.

Information Our Systems and Websites Collect

  • Log data. When you use MLA Sites or sites from our affiliate providers for MLA meeting registration or content, our servers log information (“log data”), including information that your browser automatically sends whenever you visit a website, or that your mobile app automatically sends when you’re using it. This log data includes your Internet Protocol (IP) address, the address of and activity on MLA Sites, searches, browser type and settings, the date and time of your request, how you used MLA Sites, cookie data and device data. This data gives us aggregate and anonymized information about pages you access on MLA Sites and other details about your visit.
  • Device information. In addition to log data, we collect information about the device you’re using to access MLA Sites, including the type of device, operating system, and device identifiers. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. For example, different types of information are available depending on whether you’re using a Mac or a PC, or an iPhone or Android phone. You can find out more about what information your device makes available to us by checking the policies and settings of your device manufacturer, software provider, or your preferred browser.
  • Cookies. MLA Sites use “cookies” (small text files sent by your computer each time you visit our website, unique to your MLA Sites accounts and your browser or meeting app) so that we can provide you with the best user experience possible. Cookie information is stored in your browser or app and performs functions such as recognizing you when you return to MLA Sites. Cookies also help MLA to understand which sections of MLA Sites you find most interesting and useful. For example, some of the cookies we use are associated with your MLANET account and tell us whether you wish to remain logged into the site or not.
  • Other data. We collect additional website data from logged-in MLA members, MLA meeting registrants, and guests to improve or provide MLA services and support. Such information remains confidential to MLA Headquarters and will not be released except as aggregate data. For some email sent in HTML format by MLA to its members through its email discussion lists, electronic newsletters, or marketing programs, MLA may identify whether a recipient opens a message or clicks through to links provided in the message.

How We Use Your Information

  • Provide you MLA activity history. When you provide Personal Information to MLA, join MLA, receive email from MLA groups, volunteer for MLA groups or committees, take MLA surveys, apply for awards or grants, apply for credentialing, or purchase other MLA products or services, you transactions may be recorded in your personal profile. You may access and view this information at any time.
  • Website traffic and analysis. MLA uses outside third-party services (Google, OpenTracker) and internal cookies (Higher Logic, Conduent, CadmiumCD, Convention Data Services) to analyze web traffic and to make changes and improvements to MLA Sites. For information on how these services protect your website use information, please refer to their privacy policies (see web links below). By using MLA Sites and accepting MLA Site cookies, you consent to the processing of data by these parties in accordance with their privacy policies.

    Aggregate data provided by these third parties are only used for internal and marketing purposes and do not provide any information that would identify you.
  • Email notices and e-marketing. We may use Personal Information you provide in your profile to contact you about our own and third-parties’ goods and services that may be of interest to you. If you do not want us to use your Personal Information in this way, please check the relevant box(s) located in your profile or the link included with each of these email messages. If you do not want to receive MLA announcements about changes to our websites but continue to use MLA Sites after any changes to our Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is collected.
  • Profession-related materials and research. MLA may provide the name, physical mailing address or public email address of members, registrants, or attendees to not-for-profit educational organizations, librarian researchers, or other MLA units for use in encouraging participation in continuing education (CE) programs, to conduct research, or to offer specific profession-related materials. We govern this temporary use of member and website guest Personal Information with specific license agreements to ensure protection of your data.
  • Mailing lists. Advertising support is one way MLA supports programs and services that are relevant to members. We may rent membership, guest, and meeting registration lists that include your name and physical mailing address for single use to exhibitors and vendors. You may choose to allow us to provide Personal Information to exhibitors or vendors by selecting the appropriate box in your profile or at time of meeting registration. At MLA annual meetings, you may also decide to provide certain Personal Information, including your name, physical address, and telephone, by allowing meeting exhibitors to scan your annual meeting badge or by providing your business card.
  • Completing MLA purchases. We use financial information you provide to MLA, such as credit card numbers, for billing purposes, to fill orders, to provide services, or for meeting registration. This information is not stored on our servers or accessible to us after the completion of a transaction. Any physical transmission of credit card information is destroyed after we complete your authorized transaction.

    For MLA purchases and for annual meeting registration, you provide your credit card number securely through our designated business partners, and PayPal. Credit card numbers are only used to process the transactions you request.

Links to Other Sites

Users will find content on MLA Sites that link to organizations that have resources for the purposes of education and information in connection with the MLA. We do not control the contents or links that appear on these sites. We encourage you to review the privacy policies of any third party sites or services before providing any of them with your Personal Information.

How to Correct or Update Your Personal Information

MLA encourages members and website guests to update and correct their Personal Information regularly online. Logged-in website guests and members may update their Personal Information by visiting and editing their online profile, accessible by selecting "My Options" from the MLANET header area or the “My Profile” box on the MLANET home page. You may also ask us to correct Personal Information by sending an email message to

How Long MLA Retains Personal Information

The MLA retains Personal Information regarding members indefinitely and guest data for at least five years as dictated by business, use, and legal requirements. You may access, update or correct your Personal Information or remove it from MLA Sites by making a request to us at the contact information provided below. Requests typically receive a response within thirty (30) days. If access or removal cannot be provided within that time frame, we will provide the requesting party with an estimated date by which the information will be provided. If for some reason access is denied, we will provide an explanation of why access has been denied.

If you are in a country subject to the General Data Protection Regulation (GDPR), please see the section below for information on your specific rights in relation to the Personal Information we hold about you.

EU Members and Guests

Scope. This section applies if you are an individual located in the European Union (“EU”). For these purposes, our reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland.

Data Controllers

  • Higher Logic, LLC acts as data processor on behalf of MLA for personal information that resides on MLANET.
  • Conduent, Inc. acts as data processor on behalf of MLA for personal information that resides on MEDLIB-ED.
  • MCI USA acts as data processor on behalf of MLA for personal information that resides on the MLA meeting registration site. MLA is managed by MCI USA and the MLA privacy policy includes MCI data processing for registration.
  • Cadmium LLC acts as data processor on behalf of MLA for personal information that resides on the Abstract Scorecard, Education Harvester, and eventScribe website and app for MLA meeting submissions, reviews, and content.
  • Authorize.Net acts as data processor on behalf of MLA for financial transactions for MLA sites, for meeting registration, and for meeting exhibit fees.

Links to data processor privacy agreements above open in a new tab or window.

Your Rights

Subject to applicable law, you have the following rights in relation to your Personal Information:

  • Right of access: If you ask us, we will confirm whether we have your Personal Data and, if so, provide you with a copy of that Personal Information (along with certain other details). If you require all data to be provided to you in the same format, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Information is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your Personal Information with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so that you can contact them directly.
  • Right to erasure: You may ask us to delete or remove your Personal Information and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Information in certain circumstances, such as when you contest the accuracy of that Personal Information or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Information with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so that you can contact them directly.
  • Right to data portability: Effective 25 May 2018, you have the right to obtain your Personal Information from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Information in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your Personal Information, and we will do so: If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing; or if we are processing your Personal Data for direct marketing.
  • Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Information, unless such processing is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent to such processing.
  • Right to withdraw consent: If we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Information, you can report it to the data protection authority that is authorized to hear those concerns.

You may exercise your rights by contacting us as indicated under “Contact Us” section below.


  • Legitimate Interest. “Legitimate interests” means the interests of the Medical Library Association in conducting and managing our organization. For example, we have a legitimate interest in processing your Personal Information to analyze how our websites, apps, and products and services are being used by you, and to ensure network and information security, as described in this Privacy Policy. When we process your Personal Information for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate interests do not automatically override your interests. We will not use your Personal Information for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section above.

Changes to Privacy Policy

As our organization, membership benefits, and data collection may change from time to time, this Privacy Policy is expected to change as well. We reserve the right to amend the online Privacy Statement at any time, for any reason. MLA will provide notice of Privacy Policy changes on our MLANET home page and in email messages to users.

Disclaimer Notice

We provide MLA Sites and the information they contain as a service to members, guests, and the public. MLA sites are monitored to ensure proper operation and to verify the functioning of applicable security features. If you use MLA Sites, you expressly consent to such monitoring. Users who attempt to make unauthorized changes to any information stored on MLA Sites, to defeat or circumvent security features, or to use MLA Sites for other than their intended purposes may be criminally liable to prosecution.

Limitations of Liability

The Medical Library Association makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the contents of MLA Sites and expressly disclaims liability for errors and omissions in the contents.

No warranty of any kind, implied, expressed or statutory, including but not limited to the warranties of non-infringement, title, merchantability, fitness for a particular purpose and freedom from computer virus, is given with respect to the contents MLA Sites or its hyperlinks to other internet resources.

MLA Sites’ reference to any specific commercial product, process, or service, or the use of any trade, firm, or corporation name is for the information and convenience of the public, and does not constitute endorsement or recommendation by MLA.

Contact Us

If you have any questions or comments about this Privacy Policy, contact us at You can also send us mail at:

Medical Library Association
ATTN: Privacy Policy
233 South Wacker Drive, 44th Floor
Chicago, IL 60606