Consumer-facing AI product concepts frequently introduce and exacerbate privacy risks, yet practitioners lack efficient tools for identifying and mitigating such risks. Method: We propose a dual-mode structured Privacy Impact Assessment (PIA) tool that integrates large language model (LLM)-driven intelligent reasoning with reusable, template-guided workflows to support systematic risk identification and generation of actionable mitigation strategies. Contribution/Results: Evaluated through formative research, controlled user studies, and expert privacy review, the tool significantly improves the completeness of risk identification and the quality of mitigation recommendations. The LLM mode specifically overcomes three key barriers—awareness, motivation, and capability—in privacy practice. Practitioners’ generated PIA reports were rated high-quality by domain experts, and the tool received positive feedback regarding its practicality, usability, and capacity to enhance privacy competencies.

AI creates and exacerbates privacy risks, yet practitioners lack effective resources to identify and mitigate these risks. We present Privy, a tool that guides practitioners through structured privacy impact assessments to: (i) identify relevant risks in novel AI product concepts, and (ii) propose appropriate mitigations. Privy was shaped by a formative study with 11 practitioners, which informed two versions -- one LLM-powered, the other template-based. We evaluated these two versions of Privy through a between-subjects, controlled study with 24 separate practitioners, whose assessments were reviewed by 13 independent privacy experts. Results show that Privy helps practitioners produce privacy assessments that experts deemed high quality: practitioners identified relevant risks and proposed appropriate mitigation strategies. These effects were augmented in the LLM-powered version. Practitioners themselves rated Privy as being useful and usable, and their feedback illustrates how it helps overcome long-standing awareness, motivation, and ability barriers in privacy work.