Cookies on the Defra digital service manual

We use some essential cookies to make this service work.

We'd also like to use analytics cookies so we can understand how you use the service and make improvements.

View cookies
Skip to main content
Department for Environment, Food and Rural Affairs: AI digital toolkit
Deliver with AI

Keeping data safe

Two things decide whether you can use Defra data with AI: how it is classified, and whether it contains personal data. The rules on personal data are mandatory.

Use AI tools on OFFICIAL data only by default

The default position is that you only use AI tools on source material classified as OFFICIAL.

OFFICIAL-SENSITIVE and personal data are permitted only in specific tools, and only with the approvals on this page. The Using data with AI matrix shows exactly what you can put where.

Do not use AI tools with SECRET or TOP SECRET material.

If you are unsure about the classification of your source material, stop and ask your information asset owner before proceeding.

Where your data goes

Generative AI tools send your prompts and content to models hosted by external providers. Depending on the tool, that data may be routed to:

  • Anthropic
  • OpenAI
  • Microsoft, including Microsoft 365 Copilot and Azure OpenAI
  • Google
  • Amazon, through Bedrock
  • another provider

Some tools can be configured to use approved cloud platforms, for example AWS Bedrock or Azure AI Foundry. These keep data in regions and tenancies that meet UK government requirements.

For what you can put into a specific tool, see Using data with AI.

Remove personal data from anything you put in

You must remove all personal data from anything you put into an AI tool to help you work. This is non-negotiable. Personal data is sometimes called personally identifiable information (PII).

That includes:

  • transcripts of interviews or user research sessions
  • screenshots and screen recordings
  • log files and diagnostic data
  • emails, tickets and free-text fields
  • test data taken from production
  • configuration files and connection strings

The one exception is a service you are building to process personal data as a designed feature. That needs a Data Protection Impact Assessment (DPIA), completed and signed off before any processing begins.

It is not a shortcut to pasting personal data into an everyday tool.

What counts as personal data

Personal data is any data that could identify a specific individual, alone or in combination with other data. That includes:

  • names
  • email addresses, phone numbers and physical addresses
  • usernames and customer IDs that link to a person
  • IP addresses and device identifiers
  • date of birth and other identifiers
  • photographs of identifiable people

Some types are sensitive personal data, for example health, biometric or financial data, and need extra protection on top of the general rules.

Removing personal data is your team's responsibility

Whichever tool or process you use to remove personal data, someone on the team must verify the output before it enters the pipeline or gets committed to version control.

If you process screenshots, replace real names and identifiers with fake equivalents before the screenshot is shared with the model.

Some assistants offer plugins that do this automatically. Treat them as a best effort. The team is still responsible for checking that no real personal data remains.

Verify that no personal data remains in:

  • curated transcripts
  • HTML mockups generated from screenshots
  • test data and fixtures
  • any file you commit to a public or shared repository

Source code can contain personal data too

It is not just transcripts and screenshots. Source code itself can contain personal data through:

  • configuration files with real email addresses or names
  • connection strings with usernames
  • test data hard-coded into tests
  • sample payloads in API documentation

Review source code before committing it to a repository the AI will read.

If you find personal data in an output

Remove it immediately and do not commit the affected file. Then follow Report an AI incident, which sets out the steps and the deadline for reporting a personal data breach.

When in doubt, stop

If you are not sure about a classification or how to handle data, do not proceed. Ask the AI Capability and Enablement team (AICE).

Where this guidance and wider Defra policy seem to conflict, Defra policy takes precedence.

Get help with this

Ask the AI Capability and Enablement team for advice or hands-on support.