data-classificationlisted

Use when classifying data elements by sensitivity tier and defining per-tier handling requirements. Covers data inventory, sensitivity classification, PII flow mapping, encryption and masking specifications, and cross-boundary transfer documentation. Do not use for regulatory gap analysis (use compliance-review) or audit logging design (use audit-trail-design).
dtsong/agentic-council · ★ 0 · Data & Documents · score 78

Install: claude install-skill dtsong/agentic-council

# Data Classification ## Purpose Classify data elements by sensitivity tier, define handling requirements for each tier, and map PII flows to ensure appropriate protections are applied throughout the data lifecycle. ## Scope Constraints Reads data models, schemas, and architecture documentation for classification analysis. Does not modify schemas, apply encryption, or access production data stores directly. ## Inputs - Data model or schema being analyzed - Data elements and their sources (user input, system generated, third-party) - Storage and processing architecture - Integration points and data sharing arrangements - Applicable regulatory context (from compliance review if available) ## Input Sanitization No user-provided values are used in commands or file paths. All inputs are treated as read-only analysis targets. ## Procedure ### Progress Checklist - [ ] Step 1: Inventory data elements - [ ] Step 2: Classify by sensitivity tier - [ ] Step 3: Map PII flows - [ ] Step 4: Define handling requirements per tier - [ ] Step 5: Identify cross-boundary data transfers - [ ] Step 6: Specify encryption and masking requirements ### Step 1: Inventory Data Elements Catalog every data element in scope. For each element, document: - **Name and description**: What is the field and what does it represent? - **Source**: User-provided, system-generated, derived, or third-party - **Format**: Free text, structured (email, phone), numeric, binary, etc. - **Volume**: Approximate recor