mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-15 23:44:56 +03:00

Files

T

mukul975 d833f0eab9 Add 30 new production-grade cybersecurity skills: AI security, supply chain, firmware, cloud-native, compliance, deception, crypto, threat hunting, purple team, OT, privacy

2026-03-19 19:14:25 +01:00

7.4 KiB

Raw Blame History

API Reference: Performing Privacy Impact Assessment

PrivacyImpactAssessmentEngine

Core engine for automated PIA/DPIA workflows.

Initialization

from agent import PrivacyImpactAssessmentEngine

engine = PrivacyImpactAssessmentEngine(
    organization_name="Acme Corp",
    dpo_email="dpo@acme.com",
)

register_processing_activity()

activity = engine.register_processing_activity(
    name="Customer Analytics",                    # Required
    description="Behavioral analytics pipeline",  # Required
    data_controller="Acme Corp",                  # Controller name
    data_processor="CloudAnalytics Inc",          # Processor name
    data_categories=["email", "ip_address"],      # List of data types
    data_subjects=["customers"],                  # Affected individuals
    legal_basis="consent",                        # consent|contract|legal_obligation|
                                                  # vital_interests|public_task|legitimate_interest
    retention_period_days=365,                    # Days before deletion
    cross_border_transfer=True,                   # International transfer
    transfer_destinations=["US", "IN"],           # ISO country codes
    automated_decision_making=False,              # Profiling/auto-decisions
)
# Returns: dict with activity_id, sensitivity_profile, etc.

Supported data_categories:

Category	Sensitivity	Weight
health_data, biometric_data, genetic_data	special_category	5
ssn, financial_account, credit_card, login_credentials	high	4
email, phone_number, ip_address, geolocation	medium	3
name, job_title, browsing_history, device_id	low	2
cookie_id, public_profile	low	1

map_data_flows()

Map data flows through the processing lifecycle.

flow_map = engine.map_data_flows(
    activity_id="PA-XXXXXXXX",
    flows=[
        {
            "stage": "collection",       # collection|processing|storage|sharing|deletion
            "source": "Web form",
            "destination": "API server",
            "data_elements": ["email", "name"],
            "encryption_in_transit": True,
            "encryption_at_rest": False,
            "protocol": "TLS 1.3",
            "cross_border": False,
            "data_processing_agreement": False,
        },
    ],
)

assess_privacy_risks()

Run risk assessment with scoring matrix.

risk_report = engine.assess_privacy_risks(
    activity_id="PA-XXXXXXXX",
    assessment_type="full_dpia",  # full_dpia|screening|targeted
)

Risk Scoring Matrix:

Score	Severity
20-25	CRITICAL
15-19	HIGH
10-14	MEDIUM
5-9	LOW
1-4	INFORMATIONAL

Score = Likelihood (1-5) x Impact (1-5)

Risk Categories Evaluated:

ID	Category	Description
RISK-001	Data Minimization	Excessive collection beyond purpose
RISK-002	Purpose Limitation	Undefined or exceeded purposes
RISK-003	Cross-Border Transfer	Transfer without safeguards
RISK-004	Automated Decision Making	No human oversight
RISK-005	Data Subject Rights	Missing DSR mechanisms
RISK-006	Third-Party Risk	Processor compliance gaps
RISK-007	Security Controls	Encryption/access gaps
RISK-008	Retention	Over-retention or no policy
RISK-009	Consent Management	Ambiguous consent
RISK-010	Breach Notification	No 72-hour capability
RISK-011	Special Category Data	Missing Art. 9 basis
RISK-012	Transparency	Incomplete privacy notice
RISK-013	Vulnerable Data Subjects	Missing extra safeguards
RISK-014	Data Quality	No accuracy measures

run_screening_checklist()

ICO DPIA screening to determine if full DPIA is required.

result = engine.run_screening_checklist(
    uses_special_category_data=False,
    large_scale_processing=True,
    systematic_monitoring=True,
    automated_decision_making=False,
    cross_border_transfer=True,
    vulnerable_data_subjects=False,
    innovative_technology=False,
    denial_of_service_or_rights=False,
    evaluation_or_scoring=False,
    matching_or_combining_datasets=False,
)
# Returns: {"dpia_required": True, "triggers": [...], ...}

check_gdpr_compliance()

Article-level GDPR compliance checks.

gdpr_report = engine.check_gdpr_compliance(activity_id="PA-XXXXXXXX")
# Returns: compliance_score (0-100), findings per article

GDPR Articles Checked:

Article	Title
Art. 5	Principles (lawfulness, minimization, retention, etc.)
Art. 6	Lawfulness of processing
Art. 7	Conditions for consent
Art. 13	Information at collection
Art. 22	Automated decision-making
Art. 25	Data protection by design
Art. 28	Processor obligations
Art. 30	Records of processing
Art. 32	Security of processing
Art. 33	Breach notification
Art. 35	DPIA requirements
Art. 44	Transfer safeguards

check_ccpa_compliance()

CCPA/CPRA section-level compliance checks.

ccpa_report = engine.check_ccpa_compliance(activity_id="PA-XXXXXXXX")
# Returns: compliance_score (0-100), findings per section

CCPA Sections Checked:

Section	Title
1798.100	Right to know
1798.105	Right to delete
1798.106	Right to correct
1798.110	Right to specific PI
1798.115	Right to know about selling/sharing
1798.120	Right to opt-out
1798.121	Limit use of sensitive PI
1798.125	Non-discrimination
1798.130	Notice and request handling
1798.135	Do Not Sell link
1798.185	CPRA risk assessment

generate_nist_privacy_profile()

Map activity against NIST Privacy Framework functions.

profile = engine.generate_nist_privacy_profile(
    activity_id="PA-XXXXXXXX",
    target_tier="tier_3",  # tier_1|tier_2|tier_3|tier_4
)
# Returns: coverage per function (ID-P, GV-P, CT-P, CM-P, PR-P)

generate_remediation_plan()

Prioritized remediation action items.

plan = engine.generate_remediation_plan(
    activity_id="PA-XXXXXXXX",
    risk_report=risk_report,
    gdpr_report=gdpr_report,
    ccpa_report=ccpa_report,
)

Priority Levels:

Priority	Severity	Deadline
P1	CRITICAL	14 days
P2	HIGH	30 days
P3	MEDIUM	60 days
P4	LOW	90 days

generate_dpia_report()

Generate formal DPIA report document.

engine.generate_dpia_report(
    activity_id="PA-XXXXXXXX",
    output_path="dpia_report.json",
    format="json",
)

CLI Usage

# Run demonstration workflow
python agent.py --action demo --org "Acme Corp" --output report.json

# Run screening checklist
python agent.py --action screening

# Specify DPO email
python agent.py --action demo --dpo-email dpo@acme.com --output dpia.json

References

ICO DPIA Guidance: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/data-protection-impact-assessments-dpias/
NIST Privacy Framework: https://www.nist.gov/privacy-framework
NIST PRAM: https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space/privacy-risk-assessment
GDPR Full Text: https://gdpr-info.eu/
CCPA Full Text: https://oag.ca.gov/privacy/ccpa
IAPP PIA Template: https://iapp.org/resources/article/private-sector-privacy-impact-assessment-template/

7.4 KiB Raw Blame History