38 lines
1.1 KiB
Markdown
38 lines
1.1 KiB
Markdown
# Governance, Privacy, and Policy
|
|
|
|
## Allowed Data
|
|
- Public information or approved internal content.
|
|
- Code that is already in approved repos.
|
|
|
|
## Handle With Care
|
|
- Customer data or identifiers.
|
|
- Security-sensitive configuration.
|
|
- Anything not explicitly approved by policy.
|
|
|
|
## Forbidden Data
|
|
- Secrets, credentials, or personal data.
|
|
- Non-approved proprietary information.
|
|
|
|
## Safe Prompt Examples
|
|
- "Summarize this public API and propose tests."
|
|
- "Refactor this function without changing behavior."
|
|
|
|
## Redaction Tips
|
|
- Remove secrets before pasting.
|
|
- Replace real identifiers with placeholders.
|
|
- Use minimal context required for the task.
|
|
|
|
### Example Redaction
|
|
Before: "User ID 928374 has email jane@company.com and token ABC123."
|
|
After: "User ID <USER_ID> has email <EMAIL> and token <TOKEN>."
|
|
|
|
## Compliance Expectations
|
|
- Follow org security policies and data handling rules.
|
|
- Use AI as assistance, not authority.
|
|
|
|
## Ownership
|
|
If you are unsure about data classification, escalate before using AI.
|
|
|
|
### Example Question
|
|
"Is it ok to share this log snippet with user IDs in Copilot?"
|