data-classification

# Data Classification

Comprehensive guidance for data classification, handling requirements, and data lifecycle management.

## When to Use This Skill

- Establishing data classification policies
- Defining handling requirements for different data types
- Designing data protection controls by classification
- Implementing data labeling and tagging
- Creating data retention and disposal procedures

## Classification Framework

### Standard Sensitivity Levels

| Level | Description | Examples | Impact of Breach |
|-------|-------------|----------|------------------|
| **Public** | Intentionally public | Marketing, published docs | None |
| **Internal** | General business use | Policies, org charts | Minimal |
| **Confidential** | Business sensitive | Financial reports, contracts | Moderate |
| **Restricted** | Highly sensitive | PII, PHI, trade secrets | Severe |
| **Top Secret** | Critical/regulated | Encryption keys, M&A data | Catastrophic |

### Visual Labeling

```text
┌─────────────────────────────────────────┐
│ █ PUBLIC                                │  Green
├─────────────────────────────────────────┤
│ █ INTERNAL - For Internal Use Only     │  Blue
├─────────────────────────────────────────┤
│ █ CONFIDENTIAL - Authorized Only       │  Yellow
├─────────────────────────────────────────┤
│ █ RESTRICTED - Need-to-Know Only       │  Orange
├─────────────────────────────────────────┤
│ █ TOP SECRET - Strictly Controlled     │  Red
└─────────────────────────────────────────┘
```

## Handling Requirements Matrix

### By Classification Level

| Requirement | Public | Internal | Confidential | Restricted |
|-------------|--------|----------|--------------|------------|
| **Access Control** | None | Authentication | RBAC | Need-to-know + MFA |
| **Encryption at Rest** | Optional | Recommended | Required | Required + HSM |
| **Encryption in Transit** | HTTPS | TLS 1.2+ | TLS 1.2+ | TLS 1.3 + mTLS |
| **Backup** | Standard | Standard | Encrypted | Encrypted + geo-separa