Keep the privacy policy current with practice. Two modes: weekly sweep of saved PIAs, DPA reviews, and triage results to find policy drift; or direct query for a proposed new practice. Use when the user asks "does our policy cover this", "we want to start doing X — does the policy need updating", "run the policy monitor", "policy sweep", or wants to find where the privacy policy no longer matches what the team actually does.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "policy-monitor" skill from askskill: 1. Download https://raw.githubusercontent.com/anthropics/claude-for-legal/main/privacy-legal/skills/policy-monitor/SKILL.md 2. Save it as ~/.claude/skills/policy-monitor/SKILL.md 3. Reload skills and tell me it's ready
Sweep mode (no argument or --sweep):
~/.claude/plugins/config/claude-for-legal/privacy-legal/CLAUDE.md → outputs folder path, policy document, last sweep date.~/.claude/plugins/config/claude-for-legal/privacy-legal/CLAUDE.md.Direct query mode (with description argument):
~/.claude/plugins/config/claude-for-legal/privacy-legal/CLAUDE.md → current policy commitments + actual policy document.Schedule: Set up a recurring reminder in your own scheduler (calendar, task manager, or CI) to run /privacy-legal:policy-monitor weekly. Scheduled execution requires a scheduled-tasks integration, which is not bundled with this plugin.
/privacy-legal:policy-monitor
/privacy-legal:policy-monitor "We want to start using behavioral data to personalize onboarding emails"
Privacy policies drift from practice in one direction: practice moves forward, policy stays behind. A PIA approves a new data category. A DPA is signed with a subprocessor not listed anywhere. A triage result marks a new use case conditional with a disclosure requirement that the policy doesn't yet make. Months later, someone reads the policy and it doesn't reflect what actually happens.
This skill catches the drift before it becomes a problem — either by crawling the outputs folder weekly, or by answering the direct question: "we're about to start doing X, what does that mean for the policy?"
The output is always the same: here's the gap, here's the suggested language.
Read ~/.claude/plugins/config/claude-for-legal/privacy-legal/CLAUDE.md:
## Who we are → ## Regulatory footprint — the regimes in scope (GDPR, CCPA / CPRA / other state consumer privacy, GLBA, HIPAA, FERPA, COPPA, VPPA, CPNI, etc.)## Privacy policy commitments — the commitments extracted from the published policy## Outputs — outputs folder path, policy document location, last sweep dateIf ## Outputs contains [PLACEHOLDER]:
"Outputs aren't configured yet. I can still run a direct-query check — describe what you're planning to do and I'll diff it against your current policy. To enable the crawl sweep, run
/privacy-legal:cold-start-interviewand provide the outputs folder path."
Read the actual privacy policy document from the path in ## Outputs → Privacy
policy document. The commitments in the config CLAUDE.md are a summary; the actual document
is authoritative for suggesting edits.
The website privacy policy is one surface. Modern privacy programs make binding commitments in at least four more places that regulators actively scrutinize for inconsistencies:
…
Ask questions against an open investigation log — what witnesses said, where accounts conflict, what gaps exist, what the strongest evidence is on each issue. Use when the attorney needs to query the investigation record without re-reading every entry.
EU AI Act per-system inventory — track each AI system's role (provider, deployer, importer, distributor, authorized representative, product manufacturer) and risk tier (prohibited, high-risk, limited, minimal, GPAI, GPAI+systemic). Role and tier are assessed per system, not per company. Use when the user says "ai inventory", "add an ai system", "what systems do we have", "classify this ai system", "eu ai act register", or "ai system registry".
Draft a firm AI usage policy from published model policies, adapted to your practice profile — a research-and-synthesis tool whose output is a draft for attorney review and adoption, not a finished policy. Use when user says "draft an AI policy", "we need an AI policy", "build an AI usage policy", "our firm needs a GenAI policy", or similar requests to generate a first-cut internal AI policy.
Review vendor AI terms — agreement, addendum, or ToS AI provisions — against your governance positions; flag training-on-data, liability, model changes, and AI policy consistency. Use when user says "review this AI agreement", "check OpenAI terms", "what did we agree to with [vendor]", "vendor sent an AI addendum", "is this AI contract okay", or attaches vendor AI terms.
Route a contract issue to the right approver per the escalation matrix in `~/.claude/plugins/config/claude-for-legal/commercial-legal/CLAUDE.md`, and draft the ask. Use when the user says "who needs to approve this", "escalate this", "does this need GC sign-off", "route this for approval", or when another skill finds an issue that exceeds the reviewer's authority.
Freedom-to-operate triage — a structured first look at potentially blocking patents, not an FTO opinion. Use when a product, process, or feature is being evaluated for blocking patents, when asked whether anything stops a launch, or to build a claim-chart first pass against the most plausible patents before patent counsel review. This skill never concludes a product is clear to launch.