AgentSkillsCN

Privacy Responsible Ai

负责任的人工智能

SKILL.md
--- frontmatter
applyTo: "**/*privacy*,**/*consent*,**/*data*,**/*PII*,**/*GDPR*,**/*responsible*,**/*ethical*,**/*bias*,**/*fairness*"

Privacy & Responsible AI Skill

Privacy by design, data protection, and responsible AI principles.

⚠️ Staleness Warning

Privacy regulations and AI ethics guidelines evolve continuously.

Refresh triggers:

  • New privacy laws (state, country, region)
  • AI regulation updates (EU AI Act, etc.)
  • Industry standard changes
  • Major incident learnings

Last validated: January 2026

Check current state: Microsoft RAI, GDPR, CCPA


Privacy by Design Principles

PrincipleImplementation
MinimizeCollect only what's needed
PurposeUse data only for stated purpose
ConsentGet explicit permission
AccessLet users see their data
DeletionLet users delete their data
SecurityProtect data at rest and in transit
TransparencyExplain what you collect and why

Data Classification

LevelExamplesHandling
PublicMarketing contentNo restrictions
InternalEmployee directoryInternal only
ConfidentialCustomer data, PIIEncrypted, access-controlled
RestrictedCredentials, health dataMaximum protection

PII Checklist

Personal Identifiable Information includes:

  • Names
  • Email addresses
  • Phone numbers
  • Physical addresses
  • IP addresses
  • Device IDs
  • Location data
  • Financial data
  • Health data
  • Biometric data

Responsible AI Principles

Microsoft's 6 Principles

PrincipleQuestion to Ask
FairnessDoes it treat all groups equitably?
ReliabilityDoes it work consistently and safely?
PrivacyDoes it protect user data?
InclusivenessDoes it work for everyone?
TransparencyCan users understand how it works?
AccountabilityWho is responsible for outcomes?

Bias Detection

text
Ask:
1. What data was the model trained on?
2. Are there underrepresented groups?
3. What are the failure modes?
4. Who might be harmed by errors?
5. Have we tested with diverse inputs?

AI Transparency

markdown
## How This AI Works

**What it does**: [Clear description]
**What it doesn't do**: [Limitations]
**Data used**: [What inputs, how stored]
**Human oversight**: [When humans review]
**How to appeal**: [Process for disputes]

Code Patterns

Don't Log PII

typescript
// Bad
console.log(`User ${email} logged in`);

// Good
console.log(`User ${hashUserId(userId)} logged in`);

Consent Before Collection

typescript
// Get explicit consent
const consent = await showConsentDialog({
    purpose: 'Improve recommendations',
    data: ['usage patterns', 'preferences'],
    retention: '90 days',
    optOut: 'Settings > Privacy'
});

if (!consent.granted) {
    return fallbackBehavior();
}

Data Minimization

typescript
// Bad: Store everything
saveUser({ ...fullUserObject });

// Good: Store only what's needed
saveUser({
    id: user.id,
    preferences: user.preferences
    // Don't store: email, name, location
});

Right to Deletion

typescript
async function deleteUserData(userId: string) {
    await db.users.delete(userId);
    await db.userPreferences.delete(userId);
    await db.userHistory.delete(userId);
    await analytics.purge(userId);
    await logs.redact(userId);

    return { deleted: true, timestamp: new Date() };
}

Regulatory Quick Reference

RegulationRegionKey Requirements
GDPREUConsent, access, deletion, breach notification
CCPA/CPRACaliforniaDisclosure, opt-out, deletion
LGPDBrazilSimilar to GDPR
PIPLChinaData localization, consent
HIPAAUS HealthcareHealth data protection

AI Incident Response

When AI causes harm:

  1. Stop — Disable the feature immediately
  2. Assess — Who was affected, how severely
  3. Notify — Inform affected users
  4. Fix — Root cause + prevention
  5. Document — Post-mortem for learning

Synapses

See synapses.json for connections.