Whenever private information that is legally used by multiple employees of a company has been illegally exposed to a third party, it is of significant importance to the concerned company to find the information leak in its staff for a variety of reasons, e.g., to keep confidence of its customers. In this paper, we present a privacy audit system for XML databases and the XPath query language which uses the concept of an audit query to describe the secret information. For a given audit query, our system returns a set of suspicious user queries that may have used the secret information. Suspicious user queries are identified in a sequence of four steps: first, a static analysis based on the time constraints; second, a comparison of the nodename tests of the audit query and the user queries; third, an analysis of the associations of the node-name tests found in the audit query and in the user queries; and finally, a test on ?historic data?. Furthermore, we discuss privacy violation detection in case of an attacker who submits multiple queries and externally compares the results.