Performing the Audit

If you are at a larger library you will want to establish a team to complete the audit. Smaller libraries may find themselves with a team of one. That’s okay! Even if you don’t have the ability to make large sweeping changes, plan to audit whatever you can. Ask those Core Questions and identify the areas where you can make changes



  • Create spreadsheets for each of the ALA Privacy Checklists. Only add the items from the priority level that your library is following. Also, create documents where you can answer the Core Questions for each of the areas of your library that handle user data.
  • Assign tasks. Establish who will be responsible for seeing if the library is currently in compliance with a checklist item. Will that same person be responsible for bringing you into compliance? Identify who will research and document the answers to the Core Questions. 
  • Build a timeline. Create due dates for completing checklist items and answering Core Questions. If changes need to be made, when do they need to be completed?
  • Document your findings. Everything you audit should have a document that outlines your findings. If you discovered changes that need to be made, determine who has the authority to change them. Bring your documentation to the appropriate staff to make a case for new policies and procedures. 


You may have to interact with units outside of the library such as campus or school IT. Set up a meeting to discuss the audit. Do they already perform one regularly? Can the ALA checklist items be added to their audit process?