PII Leakage

Another common concern for organizations is blocking Personal Identifiable Information (PII) going in and out of their LLM systems. While mitigating the exposure of PII is typically the best practice all around, the two most common scenarios for teams choosing to block PII are:

  1. Detecting PII in the Prompt - If your application uses a public or externally-hosted LLM, all data sent to that model may be fed back into the training data or shared across contexts with other users. In this case, you want to ensure that your user is not accidentally including their PII in the prompts to the LLM.
  2. Detecting PII in the Response - Teams develop systems to add data that contains PII as context to LLMs (through fine-tuning or retrieval) to maximize the types of questions that the LLMs can answer. However, your end users may not have the right data permissions to view that PII data granularly. In this case, your application should not return information considered PII to that end user.

Types of PII

PII is information that can identify an individual when used alone or with other relevant data. PII can include:

  • Direct identifiers that can identify a person uniquely, such as SSN, Passport Information, Phone Number, etc.
  • Quasi-identifiers that can be combined with other quasi-identifiers to successfully recognize an individual, such as Name and Date of Birth.

The Arthur Approach

Arthur Engine checks prompts and responses for PII information via predefined PII recognizers leveraging Named Entity Recognition, regular expressions, rule based logic and checksum with relevant context. Out of the box we cover identification of the below with the option to customize it to your needs.

Currently Supported Entities

Entity

Description

Example

Credit card number

Credit card numbers are usually 15-16 numbers long, but can go up to 19.

378282246310005

Bitcoin wallet number

An address that a user uses to store Bitcoin. It is typically between 26 and 35 characters and consist of both letters and numbers.

1Lbcfr7sAHTD9CgdQo3HTMTkV8LK4ZnX71

Date Time

A specific date in time, past or present.

March 5th, 2024 03/05/2024

Email address

An address that someone uses to send or receive emails.

[email protected]

IBAN Code

A code that is used to identify an international bank account and make or receive payments. <https://www.iban.com/structure>

GB33BUKB20201555555555

IP Address

Internet Protocol (IP) address. It can be either IPv4 or IPv6.

138.137.11.243

NRP

Nationality, religious or political group

Catholic Democrat

Location

Name of politically or geographically defined location

New York, NY

Name

Person's full name

Jane Doe

Phone number

A telephone number

646-123-4567

Medical license

Common medical license numbers.

URL

Used to access a website on the Internet.

https://www.arthur.ai/ google.com

US Bank Number

Bank account number specific to US residents.

23461679

US Driver's License

Identification number for drivers in the US. Formats can be found at this site <https://ntsi.com/drivers-license-format/>

A1234567

US ITIN

The ITIN (Individual Taxpayer Identification Number) always begins with the number 9 and has a 7 or 8 in the fourth digit.

9XX-7X-XXXX

US Passport

A passport number with 9 digits.

770022534

US SSN

Contains 9 digits and identifies US citizens for income and benefits perspective. More information can be found here .

`123-45-6789

PII Customization

On top of the out of the box PII Rule users have the option to specify additional configuration for the following:

  • PII entities to exclude for evaluation
  • An allow list to explicitly allow certain string values that would otherwise be flagged as PII

Teams can also create custom regex-based rules for their unique PII (such as internal account IDs). Please contact Arthur Support if there are additional PII entities that you would like coverage for.

Requirements

Arthur Shield validates PII rules with either the Validate Prompt or Validate Response endpoint. While we typically recommend testing for PII in both prompt and response, there are situations where you would choose to check only one endpoint.

PromptResponseContext
PII Data Rule

Enabling Governance

PII checks are some of the most common checks teams begin to enable themselves when implementing LLMs. One of the key differences we've seen with teams utilizing Shield is stronger governance into all of the blocked patterns across the organization (globally or by use-case).

Required Rule Configurations

No additional configuration is required for the default PII detection rule. For more information on how to add or enable/disable the PII Data Rule by default or for a specific Task, please refer to our Rule Configuration Guide.