Walk through a Data Subject Access Request (or deletion, portability, correction request) and draft the response — verify identity, locate data system-by-system, assess exemptions, draft the acknowledgment and substantive response letters. Use when a DSAR comes in, the user pastes an access/deletion/portability/correction request, or says "DSAR came in", "access request", "right to be forgotten", or "someone wants their data".
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "dsar-response" 技能: 1. 下载 https://raw.githubusercontent.com/anthropics/claude-for-legal/main/privacy-legal/skills/dsar-response/SKILL.md 2. 保存为 ~/.claude/skills/dsar-response/SKILL.md 3. 装好后重载技能,告诉我可以用了
~/.claude/plugins/config/claude-for-legal/privacy-legal/CLAUDE.md → DSAR process (systems list, verification method, SLA).Before pasting the request: the request will contain the data subject's PII. Confirm your session and output storage meet your data-handling requirements. Redact anything you don't need (ID attachments, unrelated email threads). Do not store the subject's name in filenames.
/privacy-legal:dsar-response
[paste the request email]
Matter context. Check ## Matter workspaces in the practice-level CLAUDE.md. If Enabled is ✗ (the default for in-house users), skip the rest of this paragraph — skills use practice-level context and the matter machinery is invisible. If enabled and there is no active matter, ask: "Which matter is this for? Run /privacy-legal:matter-workspace switch <slug> or say practice-level." Load the active matter's matter.md for matter-specific context and overrides. Write outputs to the matter folder at ~/.claude/plugins/config/claude-for-legal/privacy-legal/matters/<matter-slug>/. Never read another matter's files unless Cross-matter context is on.
A DSAR has a deadline (set by the applicable regime), a process (verify, locate, assess exemptions, respond), and a bunch of places it can go wrong. This skill walks through each step and drafts the response.
This analysis assumes the jurisdictional scope specified in your configuration. Privacy rules, response deadlines, and lawful bases vary materially by jurisdiction (GDPR vs. state consumer privacy laws vs. sectoral). If the data subject, processing activity, or controller is in a different jurisdiction than configured, this analysis may not apply as written.
Read ~/.claude/plugins/config/claude-for-legal/privacy-legal/CLAUDE.md → ## DSAR process. That section has:
If the systems list is empty or stale, flag it — can't do a complete DSAR without knowing where to look.
Identify which right the data subject is invoking. Common categories:
Research the applicable rule before proceeding. For each invoked right, identify the jurisdiction(s) whose law applies (GDPR, UK GDPR, CCPA/CPRA, other US state privacy laws, sectoral regimes). Cite the controlling statute or regulation with pinpoint references — the specific article/section, the scope of the right, any carve-outs. Note effective dates; data subject rights are amended frequently (new state laws each legislative session). Flag uncertainty and escalate for attorney verification rather than stating a rule you haven't confirmed.
…
Review and approve (or reject) pending playbook update proposals from the playbook-monitor agent and apply approved changes to the practice profile. Use when the playbook-monitor agent has surfaced proposals, when the user says "review playbook proposals", "what playbook updates are pending", or wants to step through deviation-driven playbook changes.
Reference: review of SaaS subscription agreements with attention to the terms that matter most in subscription deals — auto-renewal mechanics, price escalation, data portability, uptime SLAs, and subprocessor rights. Loaded by /commercial-legal:review when a SaaS or subscription agreement is detected.
Drafts board or committee meeting minutes in your house format. Auto-detects upcoming board and committee meetings from your calendar, asks for the agenda and any slides or pre-read materials, and produces a complete draft in the format learned from your seed minutes. Also handles written consents in lieu of meetings. Trigger: "board minutes", "draft minutes", "upcoming board meeting", "committee minutes", "written consent", or calendar detection of an upcoming board or committee event.
Aggregate diligence findings into a deal team briefing at the right altitude for the audience — exec summary for leadership, working summary for the team. Use when user says "brief the deal team", "what's the state of diligence", "summarize findings for [audience]", "deal update", or on the briefing cadence.
Entity compliance tracker — initialize, report upcoming deadlines, update status, run health audit, export to CSV. Maintains a compliance-tracker.yaml built from the entity table, calculates filing deadlines by entity and jurisdiction, and surfaces what's due in the next 30/60/90 days. Use when user says "entity compliance", "filing deadlines", "annual reports due", "entity tracker", "what filings are due", "entity health", or "good standing".
Trace how a contract has changed across its base agreement and all amendments — either a summary of all changes over time, or a provision trace for a specific clause. Use when the user says "what changed in this contract over time", "show me the amendment history", "where's the latest [clause]", "how has [provision] evolved", or uploads multiple versions of an agreement.