47 lines
1.1 KiB
Markdown
47 lines
1.1 KiB
Markdown
# Governance, Privacy, and Policy
|
|
|
|
## Allowed Data
|
|
- Public information or approved internal content.
|
|
- Code that is already in approved repos.
|
|
|
|
## Handle With Care
|
|
- Customer data or identifiers.
|
|
- Security-sensitive configuration.
|
|
- Anything not explicitly approved by policy.
|
|
|
|
## Forbidden Data
|
|
- Secrets, credentials, or personal data.
|
|
- Non-approved proprietary information.
|
|
|
|
## Safe Prompt Examples
|
|
Example prompts:
|
|
```text
|
|
Summarize this public API and propose tests.
|
|
Refactor this function without changing behavior.
|
|
```
|
|
|
|
## Redaction Tips
|
|
- Remove secrets before pasting.
|
|
- Replace real identifiers with placeholders.
|
|
- Use minimal context required for the task.
|
|
|
|
### Example Redaction
|
|
Example:
|
|
```text
|
|
Before: User ID 928374 has email jane@company.com and token ABC123.
|
|
After: User ID <USER_ID> has email <EMAIL> and token <TOKEN>.
|
|
```
|
|
|
|
## Compliance Expectations
|
|
- Follow org security policies and data handling rules.
|
|
- Use AI as assistance, not authority.
|
|
|
|
## Ownership
|
|
If you are unsure about data classification, escalate before using AI.
|
|
|
|
### Example Question
|
|
Example prompt:
|
|
```text
|
|
Is it ok to share this log snippet with user IDs in Copilot?
|
|
```
|