Enterprise Governance & Risk

Building a Data Sensitivity Matrix for AI

A policy that says "be careful with sensitive data" changes nothing. A grid that crosses data types with use cases and yields allowed, requires review, or prohibited changes behavior the day it ships.

Claude 3P 101 · Updated July 2026 · Unofficial guide

Data classification (covered in the previous article) answers "how sensitive is this data?" But the question employees actually face is two-dimensional: "may I use this data for this purpose?" Customer names in an internal summarization tool and customer names in a customer-facing chatbot are different risks. A data sensitivity matrix makes that second dimension explicit, so the answer exists before the question is asked.

The two axes

Rows: data types, more granular than your classification tiers. Useful rows include: public content; internal operational data; employee personal data; customer personal data; customer content (the material customers entrust to you); financial records; regulated data such as protected health information (PHI); and secrets or credentials.

Columns: use-case archetypes, defined by where output goes and how autonomous the system is. A workable starter set: individual assistance (a person uses Claude and reviews everything); internal automation (output feeds an internal system); customer-facing generation (output reaches external parties); and autonomous action (the system does things, not just says things).

Each cell gets one of three values. Allowed: proceed on an approved platform, standard logging applies. Requires review: proceed only through your intake process, with the reviewer named. Prohibited: do not proceed; an exception process is the only path.

A worked example

Data typeIndividual assistanceInternal automationCustomer-facingAutonomous action
Public contentAllowedAllowedAllowedRequires review
Internal operationalAllowedAllowedRequires reviewRequires review
Customer personal dataRequires reviewRequires reviewRequires reviewProhibited
PHI / regulatedProhibited*Prohibited*Prohibited*Prohibited
Secrets / credentialsProhibitedProhibitedProhibitedProhibited

This is a starting posture to adapt with your legal and security teams, not a regulatory conclusion. The asterisk on the PHI row is where platform facts enter: Anthropic documents HIPAA-ready API access with a signed Business Associate Agreement (BAA) as an option for organizations handling PHI — so "prohibited" can become "requires review" only once such an arrangement is in place. Per Anthropic's documentation, that HIPAA readiness does not cover Amazon Bedrock, Google Cloud, Microsoft Foundry, Claude Platform on AWS, consumer plans, or third-party integrations; on the cloud platforms you would need to verify equivalent terms with the cloud provider, which acts as the data processor there.

Make the cells platform-aware

A cell that says "allowed" should also say where. The data-handling story differs by door: on the first-party Claude API, Anthropic's stated default is deletion of inputs and outputs within 30 days and no training on your data without express permission, with a contractual zero-data-retention (ZDR) arrangement available on request. On Bedrock and Google Cloud, the cloud provider is the data processor and you consult its retention and compliance policies instead. If your organization has a ZDR arrangement, note in the matrix that certain stateful features (such as the Files API or code execution) are documented as ZDR-ineligible, and that some models — Claude Fable 5 among them — require 30-day retention and are not available under ZDR at all. Those footnotes prevent a team from unknowingly stepping outside the arrangement your contract promises.

Rule of thumb: every "requires review" cell must name the reviewer and the expected turnaround. A review cell without an owner is a prohibited cell with extra steps.

Keeping the matrix alive

Three habits keep the grid useful. First, version it and date it — platform retention options and feature availability change, so an undated matrix breeds stale confidence. Second, wire it into your use-case intake process: the intake form should ask which cell a proposal lands in, which turns every submission into a self-triage. Third, track the cells that generate the most exception requests; a cell that is constantly appealed is either miscalibrated or signals a control worth building — for example, a masking pipeline that downgrades "customer personal data" to something the matrix allows (see input data controls).

Aim for one page. A matrix nobody can hold in their head decays into the vague policy it was meant to replace.

Where to go next

Pair the matrix with risk-tiering for use cases, and read retention and deletion practices for the platform facts your footnotes will cite.

Sources