Overview

The PII policy is designed to protect sensitive information by detecting and preventing the disclosure of Personally Identifiable Information (PII) in user interactions. Its primary function is to ensure the privacy and security of user data by identifying and managing PII.
User: “My phone number is 123-456-7890.” LLM Response: “Aporia detected a phone number in the message, so this message has been blocked.”
This example demonstrates how the guardrail effectively detects sharing of sensitive information, ensuring user privacy.

Policy Details

The policy includes multiple categories of sensitive data that can be chosen as relevant:
  • Phone number
  • Email
  • Credit card
  • IBAN
  • Person’s Name
  • SSN
  • Currency
If a message or response includes any of these PII categories, the guardrail will detect and carry out the chosen action to maintain the confidentiality and security of user data. One of the suggested actions is PII masking action, which means that when PII is detected, this action replaces sensitive data with corresponding tags before the message is processed or sent. This ensures that sensitive information is not exposed while allowing the conversation to continue.
Example Before Masking: Please send the report to john.doe@example.com and call me at 123-456-7890. Example After Masking: Please send the report to <EMAIL> and call me at <PHONE_NUMBER>.

Security Standards

  1. OWASP LLM Top 10 Mapping: LLM06 - Sensitive Information Disclosure.
  2. NIST Mapping: Privacy Compromise.
  3. MITRE ATLAS Mapping: AML.T0057 - LLM Data Leakage.