glam/schemas/20251121/linkml/modules/classes/DataSensitivityLevel.yaml

id: https://nde.nl/ontology/hc/class/DataSensitivityLevel
name: data_sensitivity_level_class
title: DataSensitivityLevel Class
description: >-
  Data sensitivity classification level for records and information assets.
  
  Used to categorize the confidentiality requirements and access restrictions
  for administrative records, documents, and data systems.
  
  Based on common information classification schemes including:
  - ISO 27001 information security standards
  - GDPR special category data requirements
  - Dutch government classification (Rijksoverheid)  

prefixes:
  linkml: https://w3id.org/linkml/
  hc: https://nde.nl/ontology/hc/
  dcterms: http://purl.org/dc/terms/
  schema: http://schema.org/

imports:
- linkml:types
- ../slots/has_or_had_code
- ../slots/has_or_had_description
- ../slots/has_or_had_label
default_prefix: hc

classes:
  DataSensitivityLevel:
    class_uri: hc:DataSensitivityLevel
    description: >-
      Data sensitivity classification level.
      
      **Standard Classification Levels**:
      
      | Level | Short Code | Description | Access |
      |-------|------------|-------------|--------|
      | Public | PUBLIC | No restrictions on disclosure | Anyone |
      | Internal | INTERNAL | For internal use only | Staff only |
      | Confidential | CONFIDENTIAL | Need-to-know basis | Authorized staff |
      | Strictly Confidential | STRICTLY_CONFIDENTIAL | Highly restricted | Named individuals |
      | Personal Data | PERSONAL_DATA | Contains PII (GDPR Article 6) | Data subjects + authorized |
      | Special Category | SPECIAL_CATEGORY | Sensitive personal data (GDPR Article 9) | Strictly controlled |
      
      **GDPR Alignment**:
      - PERSONAL_DATA: Covers GDPR Article 6 personal data
      - SPECIAL_CATEGORY: Covers GDPR Article 9 special categories (health, religion, 
        ethnicity, political opinions, trade union membership, genetic/biometric data,
        sexual orientation)
      
      **Dublin Core**: Maps to dcterms:accessRights for access classification.      
    exact_mappings:
      - dcterms:accessRights
    close_mappings:
      - schema:accessMode
    slots:
      - has_or_had_label
      - has_or_had_code
      - has_or_had_description
    slot_usage:
      has_or_had_label:
        range: string
        required: true
        examples:
          - value: "Public"
          - value: "Strictly Confidential"
      has_or_had_code:
        range: string
        required: true
        pattern: "^[A-Z][A-Z0-9_]*$"
        examples:
          - value: "PUBLIC"
          - value: "CONFIDENTIAL"
          - value: "SPECIAL_CATEGORY"
      has_or_had_description:
        range: string
        required: false
        examples:
          - value: "Contains employee health records - requires explicit consent and strict access controls"
    annotations:
      specificity_score: 0.45
      specificity_rationale: >-
        Data sensitivity levels are moderately specific - used primarily in
        records management and information governance contexts.        
      custodian_types: '["A", "O", "R"]'
      custodian_types_rationale: >-
        Most relevant for Archives (A), Official institutions (O), and 
        Research centers (R) that manage sensitive records.        
    examples:
      - value:
          has_or_had_label: "Confidential"
          has_or_had_code: "CONFIDENTIAL"
          has_or_had_description: "Need-to-know basis - restricted to authorized personnel"
      - value:
          has_or_had_label: "Special Category Data"
          has_or_had_code: "SPECIAL_CATEGORY"
          has_or_had_description: "GDPR Article 9 sensitive personal data - health records, religious affiliation"
      - value:
          has_or_had_label: "Personnel Data"
          has_or_had_code: "PERSONAL_DATA"
          has_or_had_description: "Contains employee personal information subject to GDPR"