This document discusses privacy audits that libraries can conduct to ensure compliance with privacy policies and laws. It provides an overview of relevant federal and state laws and defines key terms like privacy, confidentiality, and personally identifiable information. The document outlines steps for a privacy audit, including reviewing existing policies and practices, categorizing data based on sensitivity, assessing security risks, training staff, and properly destroying data. Areas to audit include circulation data, payments, reference logs, computer settings and logs, holds, and fines/notices. The goal is to protect patron privacy while meeting legal obligations.