Cultural Review Skill
This skill provides comprehensive guidance for reviewing code, features, and content for cultural sensitivity and Indigenous data sovereignty compliance.
OCAP Framework Reference
Ownership
Requirement: Storytellers maintain ownership of their narratives
Check for:
- [ ] Story ownership tracked via
author_idandstoryteller_id - [ ] Both author and storyteller have control rights
- [ ] Ownership cannot be transferred without consent
- [ ] Community collective ownership respected
Control
Requirement: Users decide who accesses their stories
Check for:
- [ ] Privacy levels properly enforced (public/community/org/private)
- [ ] Users can revoke access at any time
- [ ] Distribution requires explicit consent
- [ ] Bulk revocation available ("Pull All")
Access
Requirement: Tiered access based on cultural sensitivity
Check for:
- [ ] Sensitivity levels correctly implemented
- [ ] Elder approval workflow for high/sacred content
- [ ] Community membership verification where required
- [ ] Access audit trail maintained
Possession
Requirement: Data can be exported or deleted anytime
Check for:
- [ ] Data export functionality (GDPR Article 20)
- [ ] Full deletion/anonymization (GDPR Article 17)
- [ ] No data lock-in or artificial barriers
- [ ] Portable data format (JSON)
Sensitivity Level Guidelines
Standard
- General stories, no restrictions
- Can be embedded externally
- Public sharing allowed
Medium
- Some cultural context important
- May require community membership
- External sharing needs approval
High
- Significant cultural value
- Elder review before sharing
- Limited distribution options
- No unauthorized embedding
Sacred/Restricted
- Protected traditional knowledge
- Elder approval mandatory
- NO external distribution ever
- May have viewing time/place restrictions
Code Review Checklist
API Endpoints
□ Authentication required (unless public embed)
□ Authorization checks ownership/permissions
□ Sensitivity level verified before action
□ Elder approval status checked for high/sacred
□ Audit log created for significant actions
□ Consent verified before distribution
□ Revocation cascades properly
UI Components
□ Cultural indicators are respectful
□ Sensitivity badges are clear
□ Elder approval status prominent
□ Consent status visible
□ Privacy level clearly shown
□ Revocation controls accessible
□ Trauma-informed animations (gentle)
□ Language is inclusive
Database Operations
□ Tenant isolation maintained
□ Ownership fields populated
□ Consent fields checked
□ Audit trail created
□ Soft delete preferred over hard delete
□ Anonymization preserves audit trail
Red Flags
Immediate Action Required
- External distribution of sacred content
- Missing consent verification
- Broken revocation cascade
- Elder approval bypassed
- Tenant isolation breached
Needs Improvement
- Missing audit logging
- Hard delete without anonymization
- Unclear sensitivity indicators
- Missing ownership checks
- No bulk revocation option
Approval Workflow
Standard Content
- Author creates story
- Consent captured
- Ready for distribution
Medium Sensitivity
- Author creates story
- Cultural context added
- Consent captured
- Community review (optional)
- Ready for limited distribution
High Sensitivity
- Author creates story
- Cultural context added
- Consent captured
- Elder review requested
- Elder approves/requests changes
- Limited distribution (no embedding)
Sacred Content
- Author creates story
- Cultural context added
- Consent captured
- Elder review mandatory
- Elder approval required
- Platform-only access
- Never distributed externally