Decision Guide: Data Sensitivity

Use this guide when you are unsure whether data is appropriate for AI experimentation.

Simple rule

Use the least sensitive data that can answer the question.

Good experiment data:

1. synthetic data;
2. public data;
3. approved non-sensitive internal data.

If you are unsure whether data is sensitive, ask Dev before using it in an AI tool or prototype.

Practical examples of sensitive data

Sensitive data includes more than passwords and customer records.

Examples include:

• customer names, emails, messages, tickets, account details, or transaction details;
• employee records, performance notes, compensation, HR conversations, or personal employee information;
• screenshots of internal tools that show customer, employee, operational, financial, or confidential information;
• production logs or monitoring output;
• API keys, tokens, passwords, certificates, session cookies, or other credentials;
• security findings, vulnerabilities, incident details, or threat intelligence;
• unreleased pricing, strategy, roadmap, financial data, or product plans;
• vendor-confidential or partner-confidential information;
• legal, compliance, audit, or regulatory material.

Usually acceptable for experimentation

These are usually acceptable when used with approved company tools:

• public documentation;
• public websites;
• synthetic examples;
• mock data;
• fake customer records;
• non-sensitive drafts;
• general brainstorming notes that do not include confidential information.

Start handoff

Start handoff when an AI prototype needs sensitive data to be useful.

That means the idea may be valuable, but it needs the right ownership and controls before the work continues.