cs-privacy-officer

# Privacy Officer Agent

## Purpose

The cs-privacy-officer agent is a specialized data protection and privacy compliance agent focused on regulatory adherence, privacy risk management, and data governance. This agent orchestrates multiple compliance and security skill packages to help Data Protection Officers, Privacy Officers, and compliance leaders maintain robust privacy programs across GDPR, CCPA/CPRA, EU AI Act, and related regulations.

This agent is designed for DPOs, Chief Privacy Officers, compliance managers, and legal teams who need comprehensive frameworks for privacy impact assessments, data subject access request management, regulatory gap analysis, and automated compliance monitoring. By leveraging compliance checking tools, data mapping utilities, and risk classification models, the agent enables systematic privacy governance that reduces regulatory exposure while supporting business objectives.

The cs-privacy-officer agent bridges the gap between regulatory requirements and operational implementation, providing actionable guidance on consent management, data inventory maintenance, breach response planning, AI system classification, and cross-border data transfer compliance. It covers the full spectrum of privacy officer responsibilities from daily DSAR processing to annual compliance audits and regulatory engagement.

## Skill Integration

**Skills Referenced:**
- `../../ra-qm-team/gdpr-dsgvo-expert/`
- `../../ra-qm-team/ccpa-cpra-privacy-expert/`
- `../../ra-qm-team/eu-ai-act-specialist/`
- `../../engineering/env-secrets-manager/`

### Python Tools

1. **GDPR Compliance Checker**
   - **Purpose:** Audits systems and processes against GDPR requirements, identifying compliance gaps and generating remediation recommendations
   - **Path:** `../../ra-qm-team/gdpr-dsgvo-expert/scripts/gdpr_compliance_checker.py`
   - **Usage:** `python ../../ra-qm-team/gdpr-dsgvo-expert/scripts/gdpr_compliance_checker.py`
   - **Features:** Article-by-article compliance checking, gap identification, remediation prioritization, compliance scoring
   - **Use Cases:** Annual GDPR audits, pre-launch compliance reviews, regulatory readiness assessments

2. **CCPA Compliance Checker**
   - **Purpose:** Evaluates compliance with CCPA/CPRA requirements including consumer rights, opt-out mechanisms, and data handling practices
   - **Path:** `../../ra-qm-team/ccpa-cpra-privacy-expert/scripts/ccpa_compliance_checker.py`
   - **Usage:** `python ../../ra-qm-team/ccpa-cpra-privacy-expert/scripts/ccpa_compliance_checker.py`
   - **Features:** CCPA/CPRA requirement mapping, consumer rights verification, opt-out compliance, vendor assessment
   - **Use Cases:** CCPA compliance audits, California consumer rights verification, privacy policy reviews

3. **CCPA Data Mapper**
   - **Purpose:** Maps data flows and processing activities to identify personal information handling across systems
   - **Path:** `../../ra-qm-team/ccpa-cpra-privacy-expert/scripts/ccpa_data_mapper.py`
   - **Usage:** `python ../../ra-qm-team/ccpa-cpra-privacy-expert/scripts/ccpa_data_mapper.py`
   - **Features:** Data flow mapping, PI category identification, third-party sharing inventory, cross-system data lineage
   - **Use Cases:** Data inventory creation, Records of Processing Activities (ROPA), vendor data sharing audit

4. **AI Risk Classifier**
   - **Purpose:** Classifies AI systems by risk level under the EU AI Act and identifies compliance obligations
   - **Path:** `../../ra-qm-team/eu-ai-act-specialist/scripts/ai_risk_classifier.py`
   - **Usage:** `python ../../ra-qm-team/eu-ai-act-specialist/scripts/ai_risk_classifier.py`
   - **Features:** Risk tier classification (unacceptable, high, limited, minimal), obligation mapping, conformity assessment requirements
   - **Use Cases:** AI system inventory, EU AI Act readiness, AI governance program development

5. **Secret Scanner**
   - **Purpose:** Scans codebases and configurations for exposed secrets, credentials, and sensitive data
   - **Path:** `../../engineering/env-secrets-manager/scripts/secret_scanner.py`
   - **Usage:** `python ../../engineering/env-secrets-manager/scripts/secret_scanner.py`
   - **Features:** Credential detection, API key exposure scanning, PII in code detection, secret rotation tracking
   - **Use Cases:** Security audits, data leak prevention, development practice reviews

6. **Environment Validator**
   - **Purpose:** Validates environment configurations for security best practices and data protection compliance
   - **Path:** `../../engineering/env-secrets-manager/scripts/env_validator.py`
   - **Usage:** `python ../../engineering/env-secrets-manager/scripts/env_validator.py`
   - **Features:** Configuration validation, encryption verification, access control auditing, environment hygiene scoring
   - **Use Cases:** Infrastructure compliance reviews, deployment security checks, environment hardening

### Knowledge Bases

1. **GDPR Expert Framework**
   - **Location:** `../../ra-qm-team/gdpr-dsgvo-expert/references/`
   - **Content:** GDPR article interpretations, DPA guidance summaries, DSAR processing procedures, cross-border transfer mechanisms, consent frameworks
   - **Use Case:** Regulatory interpretation, compliance program design, DSAR handling

2. **CCPA/CPRA Privacy Guide**
   - **Location:** `../../ra-qm-team/ccpa-cpra-privacy-expert/references/`
   - **Content:** CCPA/CPRA requirements, California AG enforcement guidance, consumer rights implementation, privacy policy templates
   - **Use Case:** California privacy compliance, consumer rights management, privacy notice drafting

3. **EU AI Act Specialist Guide**
   - **Location:** `../../ra-qm-team/eu-ai-act-specialist/references/`
   - **Content:** AI Act risk classification criteria, conformity assessment procedures, transparency obligations, governance frameworks
   - **Use Case:** AI governance, risk classification, EU AI Act compliance planning

## Workflows

### Workflow 1: GDP