PII Leakage
Stopping the leaking of personal identifiable information
Another common concern for organizations is blocking Personal Identifiable Information (PII) going in and out of their LLM systems. While mitigating the exposure of PII is typically the best practice all around, the two most common scenarios for teams choosing to block PII are:
- Detecting PII in the Prompt - If your application uses a public or externally-hosted LLM, all data sent to that model may be fed back into the training data or shared across contexts with other users. In this case, you want to ensure that your user is not accidentally including their PII in the prompts to the LLM.
- Detecting PII in the Response - Teams develop systems to add data that contains PII as context to LLMs (through fine-tuning or retrieval) to maximize the types of questions that the LLMs can answer. However, your end users may not have the right data permissions to view that PII data granularly. In this case, your application should not return information considered PII to that end user.
Types of PII
PII is information that can identify an individual when used alone or with other relevant data. PII can include:
- Direct identifiers that can identify a person uniquely, such as SSN, Passport Information, Phone Number, etc.
- Quasi-identifiers that can be combined with other quasi-identifiers to successfully recognize an individual, such as Name and Date of Birth.
The Shield Approach
Arthur Shield checks prompts and responses for PII information via predefined PII recognizers leveraging Named Entity Recognition, regular expressions, rule based logic and checksum with relevant context. Out of the box we cover identification of the below with the option to customize it to your needs.
Currently supported entities:
| Entity | Description | Example |
|---|---|---|
| Credit card number | Credit card numbers are usually 15-16 numbers long, but can go up to 19. | 378282246310005 |
| Bitcoin wallet number | An address that a user uses to store Bitcoin. It is typically between 26 and 35 characters and consist of both letters and numbers. | 1Lbcfr7sAHTD9CgdQo3HTMTkV8LK4ZnX71 |
| Date Time | A specific date in time, past or present. | March 5th, 202403/05/2024 |
| Email address | An address that someone uses to send or receive emails. | [email protected] |
| IBAN Code | A code that is used to identify an international bank account and make or receive payments. https://www.iban.com/structure | GB33BUKB20201555555555 |
| IP Address | Internet Protocol (IP) address. It can be either IPv4 or IPv6. | 138.137.11.243 |
| NRP | Nationality, religious or political group | CatholicDemocrat |
| Location | Name of politically or geographically defined location | New York, NY |
| Name | Person's full name | Jane Doe |
| Phone number | A telephone number | 646-123-4567 |
| Medical license | Common medical license numbers. | |
| URL | Used to access a website on the Internet. | https://www.arthur.ai/google.com |
| US Bank Number | Bank account number specific to US residents. | 23461679 |
| US Driver's License | Identification number for drivers in the US. Formats can be found at this site https://ntsi.com/drivers-license-format/ | A1234567 |
| US ITIN | The ITIN (Individual Taxpayer Identification Number) always begins with the number 9 and has a 7 or 8 in the fourth digit. | 9XX-7X-XXXX |
| US Passport | A passport number with 9 digits. | 770022534 |
| US SSN | Contains 9 digits and identifies US citizens for income and benefits perspective. More information can be found here . | 123-45-6789 |
PII Customization
On top of the out of the box PII Rule users have the option to specify additional configuration for the following:
- PII entities to exclude for evaluation
- An allow list to explicitly allow certain string values that would otherwise be flagged as PII
Teams can also create custom regex-based rules for their unique PII (such as internal account IDs). Please contact Arthur Support if there are additional PII entities that you would like coverage for.
Requirements
Arthur Shield validates PII rules with either the Validate Prompt or Validate Response endpoint. While we typically recommend testing for PII in both prompt and response, there are situations where you would choose to check only one endpoint.
| Prompt | Response | Context | |
|---|---|---|---|
| PII Data Rule | ✅ | ✅ |
Enabling Governance
PII checks are some of the most common checks teams begin to enable themselves when implementing LLMs. One of the key differences we've seen with teams utilizing Shield is stronger governance into all of the blocked patterns across the organization (globally or by use-case).
Required Rule Configurations
No additional configuration is required for the default PII detection rule. For more information on how to add or enable/disable the PII Data Rule by default or for a specific Task, please refer to our Rule Configuration Guide.
Updated 11 months ago