Quickly determine whether a processing activity needs a PIA, a mandatory GDPR DPIA, or can proceed — surfaces privacy policy conflicts and routes to the right next step. Use when the user asks "does this need a PIA", "triage this feature", "privacy check on X", "is this okay from a privacy perspective", or describes a new data processing activity, product feature, or vendor relationship.
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "use-case-triage" 技能: 1. 下载 https://raw.githubusercontent.com/anthropics/claude-for-legal/main/privacy-legal/skills/use-case-triage/SKILL.md 2. 保存为 ~/.claude/skills/use-case-triage/SKILL.md 3. 装好后重载技能,告诉我可以用了
~/.claude/plugins/config/claude-for-legal/privacy-legal/CLAUDE.md. Confirm privacy practice is configured — if not, stop and direct to setup./privacy-legal:use-case-triage "New feature that uses behavioral data to personalize content recommendations"
Matter context. Check ## Matter workspaces in the practice-level CLAUDE.md. If Enabled is ✗ (the default for in-house users), skip the rest of this paragraph — skills use practice-level context and the matter machinery is invisible. If enabled and there is no active matter, ask: "Which matter is this for? Run /privacy-legal:matter-workspace switch <slug> or say practice-level." Load the active matter's matter.md for matter-specific context and overrides. Write outputs to the matter folder at ~/.claude/plugins/config/claude-for-legal/privacy-legal/matters/<matter-slug>/. Never read another matter's files unless Cross-matter context is on.
Before producing output, check where it's going. If the user has named a destination (a channel, a distribution list, a counterparty, "everyone"), ask whether it's inside the privilege circle. Public channels, company-wide lists, counterparty/opposing counsel, vendors, and clients (for work product) waive the protection. When the destination looks outside the circle, flag it and offer (a) the privileged version for legal only, (b) a sanitized version for the broader channel, or (c) both — don't silently apply a privileged header and then help paste it somewhere the header won't protect it. See the canonical ## Shared guardrails → Destination check in this plugin's CLAUDE.md.
Answer the question that comes up before anyone runs a PIA: "does this thing even need one?" And if it does, what kind, and what's blocking the way?
Privacy triage is faster than PIA generation but upstream of it. It doesn't write the assessment — it determines whether one is needed and on what terms. The PIA generation skill does the deep work.
The output is one of four classifications:
This triage assumes the jurisdictional scope specified in your configuration. Privacy rules, assessment triggers, and lawful bases vary materially by jurisdiction (GDPR vs. state consumer privacy laws vs. sectoral). If the processing activity, controller, or affected data subjects fall under a different jurisdiction, this classification may not apply as written.
Before triaging, always read ~/.claude/plugins/config/claude-for-legal/privacy-legal/CLAUDE.md. The PIA trigger criteria, regulatory
footprint, and privacy policy commitments there are authoritative. Generic privacy
law reasoning is not a substitute for what this company has actually committed to.
If the file is missing or contains [PLACEHOLDER], surface this bounce:
I notice you haven't configured your practice profile yet — that's how I tailor the PIA trigger criteria, regulatory footprint, and privacy policy commitments to your practice.
Two choices:
…
Diff a proposed handbook change against the current version, flag ripple effects and state supplement impacts. Use when user says "update the handbook", "add this to the handbook", "handbook change", or has a policy ready for insertion.
Review an offer letter and any restrictive covenants — jurisdiction check included. Substantive rules (covenant enforceability, pay-transparency, salary-history limits, exemption criteria) are researched per hire, not stored. Use when the user says "review this offer", "can we use a non-compete here", "check this offer letter", "hiring in [state]", or attaches an offer.
Draft an audience-specific summary from the privileged investigation memo — HR, leadership, or outside counsel versions. Use when an investigation memo needs to be communicated to an audience that should not see the full privileged work product.
Track the IP portfolio — registrations, renewals, maintenance fees, and use declarations. Use when checking what's renewing, adding or updating an asset, recording a maintenance filing, or auditing the register for gaps, lapses, and use-in-commerce questions. Receives handoffs from prosecution and clearance work.
IRAC-scaffolded case analysis memo with research gaps flagged — the scaffold, not the analysis. Rule blocks are RESEARCH NEEDED, Application is STUDENT ANALYSIS prompts, Conclusion is blank. Use when a student needs to scaffold a case analysis memo, write up their analysis, or build an IRAC memo for a case.
Read VDR documents and extract issues per house categories and materiality thresholds, producing findings in house memo format. Use when user says "review the data room", "extract issues from [folder]", "diligence review", "what's in the VDR", or points at VDR documents.