Which assistants can handle personal data?
Introduction
Section titled โIntroductionโ๐ฏ Learning goals
- Understand what security classification means and how to read it
- Know which classification level is appropriate for different types of data
- Know what to do when youโre unsure whether an assistant is cleared for a task
Not all assistants in your organizationโs Intric environment are set up the same way. Assistants can be configured with different security classifications, reflecting the type of data they are approved to process.
What security classification means
Section titled โWhat security classification meansโA security classification on an assistant signals what kind of information is appropriate to bring into it. Think of it like the physical spaces in your office: some rooms are open to everyone, some require an access card, and some are for authorized personnel only. The same logic applies here.
Your organizationโs IT or security team sets these classifications when the assistants are built. Typical levels might look like:
- Open / Public โ Intended for tasks that donโt involve personal data or internal sensitive information. Suitable for general drafting, public information, or research tasks.
- Internal โ For internal documents and discussions, but not for personal data about citizens or employees.
- Confidential โ Approved for working with personal data within the bounds of your normal work tasks. The underlying model and infrastructure must support this.
- Strictly confidential โ For sensitive personal data (special categories) or particularly sensitive organizational information. Requires extra steps such as a DPIA, and will often run on a private or on-prem deployment.
Deep dive: classification and deployment
The classification doesnโt just reflect what data you put in โ it also reflects how the assistant is deployed. Intric supports EU cloud, private cloud, and on-prem installations. A strictly confidential assistant will typically run on infrastructure that doesnโt connect to external systems. See Intricโs security documentation for specifics on deployment and data handling.
How to know whatโs approved
Section titled โHow to know whatโs approvedโCheck the assistant description or ask your administrator. If youโre not sure whether an assistant is cleared for the data you want to work with, assume it isnโt and check first. It is always better to ask than to retroactively discover a mismatch.
Example: You work in social services. A colleague has set up an assistant to help draft internal memos. The assistant is marked as โinternal use.โ You want to use it to summarize a case involving a clientโs health status. You shouldnโt โ this type of assistant isnโt configured for special category health data. You would need a โconfidentialโ or โstrictly confidentialโ assistant that has been specifically approved for that purpose.
Test your knowledge
5 questions ยท 100% correct to pass ยท Review your answers when done