id: https://nde.nl/ontology/hc/class/DataSensitivityLevel name: data_sensitivity_level_class title: DataSensitivityLevel Class description: >- Data sensitivity classification level for records and information assets. Used to categorize the confidentiality requirements and access restrictions for administrative records, documents, and data systems. Based on common information classification schemes including: - ISO 27001 information security standards - GDPR special category data requirements - Dutch government classification (Rijksoverheid) prefixes: linkml: https://w3id.org/linkml/ hc: https://nde.nl/ontology/hc/ dcterms: http://purl.org/dc/terms/ schema: http://schema.org/ imports: - linkml:types - ../slots/has_or_had_label - ../slots/has_or_had_description - ../slots/has_or_had_short_code default_prefix: hc classes: DataSensitivityLevel: class_uri: hc:DataSensitivityLevel description: >- Data sensitivity classification level. **Standard Classification Levels**: | Level | Short Code | Description | Access | |-------|------------|-------------|--------| | Public | PUBLIC | No restrictions on disclosure | Anyone | | Internal | INTERNAL | For internal use only | Staff only | | Confidential | CONFIDENTIAL | Need-to-know basis | Authorized staff | | Strictly Confidential | STRICTLY_CONFIDENTIAL | Highly restricted | Named individuals | | Personal Data | PERSONAL_DATA | Contains PII (GDPR Article 6) | Data subjects + authorized | | Special Category | SPECIAL_CATEGORY | Sensitive personal data (GDPR Article 9) | Strictly controlled | **GDPR Alignment**: - PERSONAL_DATA: Covers GDPR Article 6 personal data - SPECIAL_CATEGORY: Covers GDPR Article 9 special categories (health, religion, ethnicity, political opinions, trade union membership, genetic/biometric data, sexual orientation) **Dublin Core**: Maps to dcterms:accessRights for access classification. exact_mappings: - dcterms:accessRights close_mappings: - schema:accessMode slots: - has_or_had_label - has_or_had_short_code - has_or_had_description slot_usage: has_or_had_label: description: Human-readable name for the sensitivity level. range: string required: true examples: - value: "Public" description: No access restrictions - value: "Strictly Confidential" description: Highest restriction level has_or_had_short_code: description: >- Short code identifier for the sensitivity level. Standard codes: PUBLIC, INTERNAL, CONFIDENTIAL, STRICTLY_CONFIDENTIAL, PERSONAL_DATA, SPECIAL_CATEGORY range: string required: true pattern: "^[A-Z][A-Z0-9_]*$" examples: - value: "PUBLIC" description: No restrictions - value: "CONFIDENTIAL" description: Need-to-know basis - value: "SPECIAL_CATEGORY" description: GDPR Article 9 sensitive data has_or_had_description: description: Detailed description of what this sensitivity level means and when to apply it. range: string required: false examples: - value: "Contains employee health records - requires explicit consent and strict access controls" description: SPECIAL_CATEGORY example annotations: specificity_score: 0.45 specificity_rationale: >- Data sensitivity levels are moderately specific - used primarily in records management and information governance contexts. custodian_types: '["A", "O", "R"]' custodian_types_rationale: >- Most relevant for Archives (A), Official institutions (O), and Research centers (R) that manage sensitive records. examples: - value: has_or_had_label: "Confidential" has_or_had_short_code: "CONFIDENTIAL" has_or_had_description: "Need-to-know basis - restricted to authorized personnel" description: Standard confidential classification - value: has_or_had_label: "Special Category Data" has_or_had_short_code: "SPECIAL_CATEGORY" has_or_had_description: "GDPR Article 9 sensitive personal data - health records, religious affiliation" description: GDPR special category classification - value: has_or_had_label: "Personnel Data" has_or_had_short_code: "PERSONAL_DATA" has_or_had_description: "Contains employee personal information subject to GDPR" description: Personal data classification for HR records