Hi Proton Team,

Could I please suggest the addition of Data Sensitivity labels within the Proton ecosystem, applicable to both personal and business accounts.

The value of this would be that users could apply specific, tailored security controls against these sensitivity labels where appropriate. These controls would provide additional security through the data lifecycle without creating unnecessary additional friction. This would be a significant market differentiator, as far as I am aware only enterprise licenses provide these sorts of features. This would be a similar model that Microsoft and Google already implement with their zero trust initiatives.

As default there could be 3 sensitivity tiers, with the option for users or admins to create additional ones if needed. The security controls applied to each tier should be visible in a single dashboard, enabling easy comparison, with simple tickboxes to enable customisation of different security controls across tiers.

Sensible default controls should be available to support uptake. One way to do this would be to enable users to choose from 3 default “modes” depending on their threat model, helping them easily tailor security controls to their use case. Eg. a Journalist could pick a “High security” mode: High sensitivity documents would only be available in a timebound manner via the browser, following additional authentication using a physical security key. Documents would not be able to be shared, exported or emailed.

Tagging Data
- Sensitivity labels should be applicable to Folders/vaults as well as individual documents/passwords within those folders.
- Labels should be inheritable within the document hierarchy and should stay with that data object if it is relocated or shared, unless expressly changed by the document owner.
- Data Type Labels could be applied to different documentation types in order to underpin future ABAC controls, eg. HR, Financial, PII.
- There should be colour coded visual indicators for different sensitivity tiers

These sensitivity labels and their corresponding controls would enable a number of further features. The Security controls below are NOT additional feature requests but are examples of the capabilities that could be enabled by implementing this feature dependency to help voting and prioritisation.

• Elevated privileges or additional authentication confidence required to gain access to high sensitivity folders, individual documents or passwords, either through re-authentication with the users master password, or additional MFA eg: Security Keys, Proton Auth push notification, Timed Proton Auth Sessions, OTP, designated additional Pin.
• Similar additional authentication required to enable certain actions against sensitive documentation eg. Viewing, Exporting, Changing, Deleting, Moving, Sharing, Sending externally via ProtonMail.
• Similar additional authentication could be required to enable certain actions against even low sensitivity documents when done in bulk or rapid succession.
• Automated retention or archival of documentation depending on data type.
• Automated deletion of sensitive documents with repeated authentication fails.
• Multi-party approval requirements for access to high-sensitivity documents.
• Some Folders or files could be made unavailable through certain platforms eg. High sensitivity documents may only be viewable through the browser after specific authentication requirements.
• Toast Notifications could pop up when users are attempting to achieve actions that are viewed as potentially risky against sensitive documents or folders.
• Authentication could be combined with any other Identity or Account Health telemetry available to Proton within their current privacy model and combined with Proton Sentinel.

Linked to feature request:
https://protonmail.uservoice.com/forums/953584-proton-pass-authenticator/suggestions/50621498-vault-security
https://protonmail.uservoice.com/forums/932839-proton-drive/suggestions/50374503-secure-folders-without-synchronization-to-windows