6.1 Module 6 · AI Confidentiality & Privacy

Data Handling Protocols

Classify HR data into the correct sensitivity tier and build step-by-step handling procedures that keep your organisation compliant and your people protected.

Data Classification Matrix Handling Procedure Builder

Data Classification Matrix

Click each tier to explore its definition, HR-specific data examples, and the handling requirements that apply at that classification level.

Classify-It Exercise

For each HR data item below, select the correct classification tier. Test how well you understand the sensitivity levels that apply to everyday HR information across recruitment, employee records, and workforce planning.

0 of 14 classified

Handling Procedure Builder

Select a data classification tier to generate step-by-step handling procedures covering the full data lifecycle -- from collection through to disposal.

Each procedure set covers six lifecycle phases: collection (how data enters your systems), storage (where and how it is kept), access (who can see it), sharing (how it moves between people), retention (how long you keep it), and disposal (how you destroy it). Higher-tier data requires more rigorous procedures at every phase.

Key Insight: The Classification-Compliance Gap

Most organisations have a data classification scheme on paper, but the gap between having a framework and actually following it is where breaches happen. When an HR officer pastes salary data into an AI chat tool without checking the classification tier, the policy has failed -- not because it was wrong, but because it was not embedded into daily workflows.

Close this gap by making classification visible at the point of action: labelling documents with their tier, building classification prompts into AI tool interfaces, and running quarterly spot-checks where you audit a random sample of AI interactions against the classification matrix.