Data Classification

Don’t Paste That Into AI, Before Asking One Question.

By The 1938 Group | 28 May 2026 | Johannesburg


‘If this information became public tomorrow, what would happen?’

That single question is the foundation of responsible AI use in any professional environment. Because the moment you paste something into ChatGPT, Copilot, Gemini, or any public AI tool, you have made a data disclosure decision, whether you intended to or not.

The 1938Group Data Classification Guide introduces you to the RED/AMBER/GREEN (RAG) framework: a simple, memorable system for knowing what you can use with AI, what you can use with precautions, and what must never touch an external AI tool.


Why This Is Not About Being Cautious. It's About Being Professional.

In 2023, Samsung engineers pasted sensitive source code and internal meeting notes into ChatGPT. The company subsequently banned the tool across the organisation entirely. In one case involving legal research, a lawyer used ChatGPT to find supporting cases, which the AI fabricated. When the fake citations appeared in court filings, the lawyer was sanctioned.

These are not edge cases. They are the predictable result of using powerful AI tools without a classification framework. The question is never whether AI is useful. It is whether the person using it understood what they were putting in.


Classification takes seconds. The consequences of getting it wrong could include regulatory fines, client loss, personal liability, and reputational damage that can take years to fix if even at all.


Take into consideration what is at risk when sensitive information enters an external AI system:

  • Data may be stored by the provider, used for model training, or accessed by provider staff

  • A security breach at the AI company exposes everything you have input

  • Breaching POPIA, GDPR, or professional confidentiality obligations creates legal liability

  • Confidentiality breaches with clients destroy trust in ways that cannot be repaired commercially

  • Trade secrets or strategic information becomes accessible to competitors

  • Individuals whose data is exposed may suffer identity theft, harassment, or personal harm

 

The accountability rests with your organisation. Not the AI agent.


The RAG Framework: Three Classifications, Three Rules

The RED/AMBER/GREEN framework is deliberately simple. It is designed to be remembered under pressure, applied in seconds, and embedded into daily habits without friction. Here is the complete picture:



Every piece of information your team considers putting into an AI tool falls into one of these three categories. The decision process starts with one question and follows a clear path from there.

🔴 RED: The Line That Cannot Be Crossed

RED information must never be input into any external AI tool. No exceptions. No workarounds. No 'just this once' for a quick summary.

The RED classification covers information where disclosure without authorization would cause severe harm. From legal liability, regulatory action, significant financial loss, serious reputational damage, or harm to individuals. No business efficiency argument can be used to justify the use.


CATEGORY

WHAT IT INCLUDES

Personal Identifiable Information (PII)

Names + ID numbers, contact info, bank accounts, biometrics, passwords

Client/Customer Confidential

Any information shared in confidence, covered by NDA, or client-owned

Unpublished Financial Information

Unreleased earnings, budget details, transaction records, contract pricing

Legal Information

Legal advice, litigation documents, and contracts with confidential terms

Health Information

Medical records, health status, disability, genetic data, and mental health

Security Information

Passwords, API keys, network diagrams, vulnerability assessments

Trade Secrets & Proprietary IP

Source code, formulas, unpublished research, proprietary processes

Board/Executive Materials

Board papers, M&A activity, and executive communications are not yet public.


South African professionals should be mindful of two categories in particular:


Personal Identifiable Information (PII) and POPIA

POPIA establishes strict obligations for any organisation that processes the personal information of South African data subjects. 'Processing' includes collection, storage, use, transmission, and input into an AI system. The moment an employee pastes a client's name alongside their ID number, contact details, or financial information into a public AI tool, the organisation has made a POPIA-relevant processing decision without a lawful basis.

Special categories of personal information, health data, biometric data, criminal history, political views, religious beliefs, carry heightened protection under POPIA and are always RED without exception.


Client Confidential Information

Confidentiality is a professional obligation before it is a data protection one. The Information shared by a client in the context of a professional relationship carries an implicit (and often explicit) expectation of confidence. That obligation does not end because you are asking an AI agent to help you summarise it.

The rule is unambiguous: when in doubt about client information, treat it as RED. The cost of over-caution is a more carefully thought-out workflow, checklist. The cost of under-caution is a damaged relationship, potential litigation and professional consequences.


Even partial PII is dangerous when combined with other information. A name alone may be GREEN. A name plus an employer plus a medical condition is RED. Always consider what the combination reveals.


🟡 AMBER: Proceed, But Not Without a Process

AMBER information can be used with AI, but only once you have either obtained approval from the data owner or manager or sanitised the information to remove all the sensitive elements. This is not an optional step. It’s not a formality. It is the control that prevents AMBER from becoming RED in practice.

AMBER categories include: internal communications and meeting notes, strategic information not yet public, operational details and procedures, draft documents not yet approved, and aggregated or anonymised data.

The key principle: mixed content takes the highest classification present. An internal meeting summary that references a client by name is not AMBER, the PII element makes it RED. You cannot average down. You can only classify up.

🟢 GREEN: The Space Where AI Works for You

GREEN information is where AI tools earn their productivity value. Publicly available information, generic queries, hypothetical scenarios, original drafting without confidential inputs, and template and format requests are all generally acceptable for use with approved AI tools.

Two important constraints apply even within GREEN:

1.    AI outputs from GREEN inputs still require verification. Clean inputs do not guarantee accurate outputs. The hallucination risk from Module 1 applies regardless of classification.

2.    Hypotheticals based on real situations may still reveal confidential context. 'Imagine a company that processes payments and is facing a regulatory investigation' may be thinly veiled enough to identify a real client to anyone familiar with your work.

Sanitisation: Turning AMBER Into Safe

When AMBER information can be used with AI after removing sensitive elements, five techniques are available. The right technique depends on what the AI needs to do and what sensitivity exists in the original.

 

TECHNIQUE

WHAT IT DOES

EXAMPLE

Anonymisation

Replace identifying info with placeholders

"John Smith, ABC Corp" → "[PERSON A], [CLIENT]"

Generalisation

Replace specific details with categories

"R2,450,000" → "approximately R2–3M"; "15 March" → "Q1"

Hypothetical Situation

Reframe as a fictional scenario

"Our client ABC is facing..." → "Imagine a company experiencing..."

Aggregation

Use summary statistics instead of individual records

"Employee salary data" → "Average salary in dept is R..."

Selective Extraction

Extract only the non-sensitive portion needed

Take 1–2 style paragraphs from a confidential report for editing help

 

The most important step in any sanitisation process is the final check: could someone who knows the organisation identify the individuals or entities from the remaining details? If yes, the sanitisation is insufficient, what the 1938Group framework calls false anonymisation.


"[EMPLOYEE] is a 47-year-old software engineer in our 5-person Cape Town office who joined in 2019 and leads our mobile development." No name. Completely identifiable. Sanitisation that leaves this level of context in place provides no protection.


The test for real anonymisation: remove the information, then ask someone familiar with the organisation whether they could still identify the individual or entity. If yes, it is not anonymised. Treat it at its original classification.


Practical Scenarios: What Does This Look Like on Monday?

Classification frameworks earn their value in practice, not in policy documents. Here is the framework applied to the most common AI use cases in professional environments:



Three scenarios deserve specific attention because they trip people up most often:

Drafting a Client Email

The temptation: paste in your email thread with the client, ask AI to draft a response. The reality: that thread contains the client's name, contact details, project specifics, and commercial context. That is RED information. The correct approach is to describe what you need generically: 'Draft a professional email to a client explaining a two-week project delay due to technical integration challenges.' The AI gets enough context. The client's information stays protected.

Summarising a Meeting

Internal meeting notes frequently contain a mix of classifications, colleague names (personal data if linked to performance or sensitive topics), client references, and strategic decisions. Pasting the full notes is almost always AMBER at minimum, often RED. The better approach: use AI to generate a meeting summary template, then populate it yourself. You get the format and structure benefits without the exposure risk.

Analysing Customer Feedback

Customer names, email addresses, and verbatim feedback that might identify individuals are RED. The path forward is rigorous anonymisation and aggregation before any AI use, and the false anonymisation test must be applied before the data goes anywhere near an external tool.

The Classification Habit: Building It into Every AI Interaction

Classification is not a pre-task audit. It is a moment of conscious awareness that precedes every AI input. Before your hand reaches the paste command, your team needs to have already answered the question.

These are the eight prompts from the 1938Group AI Usage Policy that form the pre-AI checklist:

  • Is AI appropriate for this task?

  • What data classification applies? (RED = stop immediately)

  • Is this tool on the approved list for this data tier?

  • Have I sanitised sensitive information if AMBER?

  • Is my prompt clear and constrained enough to minimise unnecessary disclosure?

  • Am I prepared to verify the output?

  • Do I need approval for this use case?

  • Will I take professional responsibility for the result?

 

If the answer to any of these is unclear, stop and ask before proceeding. The instinct to slow down is correct.


Follow 1938Group on LinkedIn for the weekly module updates or visit the1938.com to book for the full workshop.

https://www.linkedin.com/company/the1938group/


Does your team know what they are feeding into AI tools?

The 1938Group AI Safety Workshop trains your people on the RED/AMBER/GREEN classification framework, sanitisation techniques, and the accountability principles that keep your organisation protected. Half-day and full-day formats available.

Book your workshop: info@the1938group.co.za