We recently rolled out a data classification policy to support federal and regulatory guidelines in the financial services industry. This requires us to clarify each document or page and report on those classifications.

We recently added this in our sharepoint instance and are looking to see if Atlassian could support this function in confluence. We were thinking something like page labels but with the following requirements:

1. at the site or space level, require all content, attachments, etc to be classified. Similar to page labels but users can't remove a classification once added.
2. Report on classifications by type, space, etc.
3. support for attachments and other elements.

Examples classifications:
Public: Information that is available to the general public and/or is created with the intention for broad distribution outside the company. This information may be freely disseminated inside and outside the company without exposing the company, its customers or employees to financial loss or embarrassment, or jeopardizing the security of the company’s assets.

Internal: Information belonging to the company that is created in the normal course of business with the intention of broad, general distribution within (but not outside) the company. The disclosure, alteration or destruction of such information would create minimal risk of harm to the company, its customers or employees. Information classified as Internal should not be shared publicly or outside the company, unless there is a legitimate business need.

Confidential: Information that is sensitive to the company or a third party, such as a customer, and that should only be shared with individuals on a “need to know” basis, meaning that an individual needs access to the information to perform his or her assigned job functions. Improper loss, corruption or disclosure of the information could significantly harm or adversely impact the company, its customers or employees or could result in a breach of our legal obligations.

Highly Sensitive: Information where the unauthorized internal or external access to, alteration or inappropriate destruction of, the information could have a catastrophic impact to the company, its customers or employees. For this information, data integrity is extremely vital and the highest possible levels of confidentiality, restricted access and security measures are essential.