|
| 1 | +# Baseline Data Sensitivity Classification |
| 2 | +# |
| 3 | +# A single label template with sensitivity categories for classifying data |
| 4 | +# based on Microsoft Purview sensitivity labels (Public, Internal, Confidential, |
| 5 | +# Highly Confidential). Uses the gpt-oss-safeguard Harmony prompt format. |
| 6 | +# |
| 7 | +# See: https://learn.microsoft.com/en-us/purview/sensitivity-labels |
| 8 | + |
| 9 | +[[labels]] |
| 10 | +name = "DATA_SENSITIVITY" |
| 11 | +description = "Data sensitivity classification aligned with Microsoft Purview sensitivity labels." |
| 12 | +instructions = """\ |
| 13 | +Evaluate the content for data sensitivity. \ |
| 14 | +Classify into one of the sensitivity categories below. \ |
| 15 | +If the content is sensitive, return: {"sensitive": 1, "sensitivity_category": "<label>"} \ |
| 16 | +If the content is public, return: {"sensitive": 0, "sensitivity_category": "public"}""" |
| 17 | + |
| 18 | +# -- Categories --------------------------------------------------------------- |
| 19 | + |
| 20 | +[[labels.categories]] |
| 21 | +label = "public" |
| 22 | +definition = """\ |
| 23 | +Information that can be freely shared externally without restrictions. \ |
| 24 | +Marketing materials, press releases, public documentation, published content, \ |
| 25 | +public announcements, open-source code, and publicly available data.""" |
| 26 | + |
| 27 | +[[labels.categories]] |
| 28 | +label = "internal" |
| 29 | +definition = """\ |
| 30 | +Internal information not intended for public sharing but not highly sensitive. \ |
| 31 | +Internal communications, meeting notes, general business documents, company \ |
| 32 | +policies, procedures, internal announcements, project updates, and team \ |
| 33 | +discussions. For internal use only.""" |
| 34 | + |
| 35 | +[[labels.categories]] |
| 36 | +label = "confidential" |
| 37 | +definition = """\ |
| 38 | +Sensitive business information requiring protection and access control. \ |
| 39 | +Business strategies, financial reports, customer lists, internal projects, \ |
| 40 | +vendor agreements, pricing information, competitive analysis, unpublished \ |
| 41 | +product roadmaps, and partnership discussions. Should be shared only with \ |
| 42 | +authorized personnel.""" |
| 43 | + |
| 44 | +[[labels.categories]] |
| 45 | +label = "highly_confidential" |
| 46 | +definition = """\ |
| 47 | +Most sensitive data requiring strict access control, encryption, and audit \ |
| 48 | +logging. PII (SSN, financial account numbers, passport numbers), PHI (medical \ |
| 49 | +records, diagnoses), credentials (passwords, API keys, tokens, certificates, \ |
| 50 | +private keys), trade secrets, M&A information, executive communications, \ |
| 51 | +legal holds, and board materials. Unauthorized disclosure could cause \ |
| 52 | +significant harm to individuals or the organization.""" |
| 53 | + |
| 54 | +# -- Examples ----------------------------------------------------------------- |
| 55 | + |
| 56 | +# Public |
| 57 | +[[labels.examples]] |
| 58 | +content = "Our company was founded in 2010 and is headquartered in San Francisco." |
| 59 | +sensitive = false |
| 60 | +label = "public" |
| 61 | + |
| 62 | +[[labels.examples]] |
| 63 | +content = "The product launch event is scheduled for March 15th at 10 AM PST." |
| 64 | +sensitive = false |
| 65 | +label = "public" |
| 66 | + |
| 67 | +[[labels.examples]] |
| 68 | +content = "MIT License - Permission is hereby granted, free of charge..." |
| 69 | +sensitive = false |
| 70 | +label = "public" |
| 71 | + |
| 72 | +# Internal |
| 73 | +[[labels.examples]] |
| 74 | +content = "Team standup notes: We discussed sprint planning for Q2." |
| 75 | +sensitive = true |
| 76 | +label = "internal" |
| 77 | + |
| 78 | +[[labels.examples]] |
| 79 | +content = "Internal memo: The holiday schedule for this year has been updated." |
| 80 | +sensitive = true |
| 81 | +label = "internal" |
| 82 | + |
| 83 | +[[labels.examples]] |
| 84 | +content = "Meeting with engineering to review the architecture decisions." |
| 85 | +sensitive = true |
| 86 | +label = "internal" |
| 87 | + |
| 88 | +# Confidential |
| 89 | +[[labels.examples]] |
| 90 | +content = "Q3 revenue was $12.5M with a 15% increase over Q2." |
| 91 | +sensitive = true |
| 92 | +label = "confidential" |
| 93 | + |
| 94 | +[[labels.examples]] |
| 95 | +content = "Customer list includes: Acme Corp ($500K ARR), TechStart Inc ($250K ARR)." |
| 96 | +sensitive = true |
| 97 | +label = "confidential" |
| 98 | + |
| 99 | +[[labels.examples]] |
| 100 | +content = "Pricing strategy: Enterprise tier at $50K/year, mid-market at $15K/year." |
| 101 | +sensitive = true |
| 102 | +label = "confidential" |
| 103 | + |
| 104 | +[[labels.examples]] |
| 105 | +content = "Vendor contract terms: 3-year agreement at $200K annually." |
| 106 | +sensitive = true |
| 107 | +label = "confidential" |
| 108 | + |
| 109 | +# Highly Confidential - PII |
| 110 | +[[labels.examples]] |
| 111 | +content = "Employee SSN: 123-45-6789" |
| 112 | +sensitive = true |
| 113 | +label = "highly_confidential" |
| 114 | + |
| 115 | +[[labels.examples]] |
| 116 | +content = "John Smith, DOB: 1985-03-15, Address: 123 Main St, Anytown, USA 12345" |
| 117 | +sensitive = true |
| 118 | +label = "highly_confidential" |
| 119 | + |
| 120 | +[[labels.examples]] |
| 121 | +content = "Passport number: AB1234567, Expiry: 2028-05-20" |
| 122 | +sensitive = true |
| 123 | +label = "highly_confidential" |
| 124 | + |
| 125 | +[[labels.examples]] |
| 126 | +content = "Credit card: 4111-1111-1111-1111, Exp: 12/25, CVV: 123" |
| 127 | +sensitive = true |
| 128 | +label = "highly_confidential" |
| 129 | + |
| 130 | +# Highly Confidential - Credentials |
| 131 | +[[labels.examples]] |
| 132 | +content = "API_KEY=sk-live-abc123def456ghi789" |
| 133 | +sensitive = true |
| 134 | +label = "highly_confidential" |
| 135 | + |
| 136 | +[[labels.examples]] |
| 137 | +content = "DB_PASSWORD=MyS3cur3P@ssw0rd!" |
| 138 | +sensitive = true |
| 139 | +label = "highly_confidential" |
| 140 | + |
| 141 | +[[labels.examples]] |
| 142 | +content = "aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" |
| 143 | +sensitive = true |
| 144 | +label = "highly_confidential" |
| 145 | + |
| 146 | +[[labels.examples]] |
| 147 | +content = "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEA..." |
| 148 | +sensitive = true |
| 149 | +label = "highly_confidential" |
| 150 | + |
| 151 | +# Highly Confidential - Healthcare |
| 152 | +[[labels.examples]] |
| 153 | +content = "Patient diagnosis: Type 2 Diabetes, prescribed Metformin 500mg." |
| 154 | +sensitive = true |
| 155 | +label = "highly_confidential" |
| 156 | + |
| 157 | +[[labels.examples]] |
| 158 | +content = "Medical record #12345: Blood pressure 140/90, cholesterol 220." |
| 159 | +sensitive = true |
| 160 | +label = "highly_confidential" |
| 161 | + |
| 162 | +# Highly Confidential - Business Critical |
| 163 | +[[labels.examples]] |
| 164 | +content = "M&A target: Acquiring CompetitorCo for $500M, announcement in 2 weeks." |
| 165 | +sensitive = true |
| 166 | +label = "highly_confidential" |
| 167 | + |
| 168 | +[[labels.examples]] |
| 169 | +content = "Board resolution: CEO compensation package approved at $2.5M annually." |
| 170 | +sensitive = true |
| 171 | +label = "highly_confidential" |
| 172 | + |
| 173 | +[[labels.examples]] |
| 174 | +content = "Trade secret: Our proprietary algorithm uses XYZ compression with custom entropy coding." |
| 175 | +sensitive = true |
| 176 | +label = "highly_confidential" |
0 commit comments