# Work AI Data Hygiene Checklist

Run this before pasting work content into any AI tool.

## 1. Identify The Tool

- Tool name:
- Account type:
- Approved by company? Yes / No
- Training disabled or contractually excluded? Yes / No / Unknown

If approval or training status is unknown, do not paste confidential or customer data.

## 2. Classify The Data

| Bucket | Examples | Rule |
| --- | --- | --- |
| Public | Public website text, public docs, published job ads | Usually fine |
| Internal | Process notes, anonymized examples, generic templates | Work-approved tool preferred |
| Confidential | Customer data, source code, contracts, financials, strategy | Approved enterprise tool only |
| Restricted | HR investigations, legal privilege, health, regulated data | Ask legal/security first |

## 3. Remove What The Model Does Not Need

- Replace real names with placeholders.
- Remove emails, phone numbers, addresses, IDs, and account numbers.
- Replace exact financial values with ranges if exact values are not needed.
- Remove credentials, tokens, URLs with secrets, and internal hostnames.
- Strip comments or metadata from uploaded files if not needed.

## 4. Decide The Review Level

- Draft only: human edits before use.
- Internal use: human checks factual claims.
- Customer-facing: human reviews every word unless the workflow is approved for automation.
- Legal, HR, finance, medical, or regulated: specialist review required.

## 5. Log The Decision For Repeat Work

- Use case:
- Approved data bucket:
- Approved tool:
- Human owner:
- Review rule:
- Recheck date: