Another common concern for organizations is blocking Personal Identifiable Information (PII) going in and out of their LLM systems. While mitigating the exposure of PII is typically the best practice all around, the two most common scenarios for teams choosing to block PII are:

Detecting PII in the Prompt - If your application uses a public or externally-hosted LLM, all data sent to that model may be fed back into the training data or shared across contexts with other users. In this case, you want to ensure that your user is not accidentally including their PII in the prompts to the LLM.
Detecting PII in the Response - Teams develop systems to add data that contains PII as context to LLMs (through fine-tuning or retrieval) to maximize the types of questions that the LLMs can answer. However, your end users may not have the right data permissions to view that PII data granularly. In this case, your application should not return information considered PII to that end user.

Types of PII

PII is information that can identify an individual when used alone or with other relevant data. PII can include:

Direct identifiers that can identify a person uniquely, such as SSN, Passport Information, Phone Number, etc.
Quasi-identifiers that can be combined with other quasi-identifiers to successfully recognize an individual, such as Name and Date of Birth.

The Arthur Approach

Arthur Engine checks prompts and responses for PII information via predefined PII recognizers leveraging Named Entity Recognition, regular expressions, rule based logic and checksum with relevant context. Out of the box we cover identification of the below with the option to customize it to your needs.

Currently Supported Entities

Entity	Description	Example
Credit card number	Credit card numbers are usually 15-16 numbers long, but can go up to 19.	`378282246310005`
Bitcoin wallet number	An address that a user uses to store Bitcoin. It is typically between 26 and 35 characters and consist of both letters and numbers.	`1Lbcfr7sAHTD9CgdQo3HTMTkV8LK4ZnX71`
Date Time	A specific date in time, past or present.	`March 5th, 2024` `03/05/2024`
Email address	An address that someone uses to send or receive emails.	`[email protected]`
IBAN Code	A code that is used to identify an international bank account and make or receive payments. <https://www.iban.com/structure>	`GB33BUKB20201555555555`
IP Address	Internet Protocol (IP) address. It can be either IPv4 or IPv6.	`138.137.11.243`
NRP	Nationality, religious or political group	`Catholic` `Democrat`
Location	Name of politically or geographically defined location	`New York, NY`
Name	Person's full name	`Jane Doe`
Phone number	A telephone number	`646-123-4567`
Medical license	Common medical license numbers.
URL	Used to access a website on the Internet.	`https://www.arthur.ai/` `google.com`
US Bank Number	Bank account number specific to US residents.	`23461679`
US Driver's License	Identification number for drivers in the US. Formats can be found at this site <https://ntsi.com/drivers-license-format/>	`A1234567`
US ITIN	The ITIN (Individual Taxpayer Identification Number) always begins with the number 9 and has a 7 or 8 in the fourth digit.	`9XX-7X-XXXX`
US Passport	A passport number with 9 digits.	`770022534`
US SSN	Contains 9 digits and identifies US citizens for income and benefits perspective. More information can be found here .	`123-45-6789

PII Customization

On top of the out of the box PII Rule users have the option to specify additional configuration for the following:

PII entities to exclude for evaluation
An allow list to explicitly allow certain string values that would otherwise be flagged as PII

Teams can also create custom regex-based rules for their unique PII (such as internal account IDs). Please contact Arthur Support if there are additional PII entities that you would like coverage for.

Requirements

Arthur Shield validates PII rules with either the Validate Prompt or Validate Response endpoint. While we typically recommend testing for PII in both prompt and response, there are situations where you would choose to check only one endpoint.

	Prompt	Response	Context
PII Data Rule	✅	✅

Enabling Governance

PII checks are some of the most common checks teams begin to enable themselves when implementing LLMs. One of the key differences we've seen with teams utilizing Shield is stronger governance into all of the blocked patterns across the organization (globally or by use-case).

Required Rule Configurations

No additional configuration is required for the default PII detection rule. For more information on how to add or enable/disable the PII Data Rule by default or for a specific Task, please refer to our Rule Configuration Guide.