Skip to main content
a-sh0ts
Projects
guardrails-genie-pii-evaluation-demo
Reports
Understanding PII Detection Guardrails

Understanding PII Detection Guardrails

Anish Shah
Created on December 3|Last edited on December 3



Why PII Detection Matters

Personal Identifiable Information (PII) in text poses significant privacy and compliance risks. Organizations need reliable ways to:
  • Detect sensitive information before it's exposed
  • Protect user privacy in data processing
  • Comply with regulations like GDPR, HIPAA, and CCPA
  • Prevent data leaks in AI system outputs

Example Response


Example input
Example output

Available Detection Approaches

1. Pattern-Based Detection (Regex)


Best for: Quick scanning of structured data patterns
from guardrails_genie.guardrails.entity_recognition import RegexEntityRecognitionGuardrail

guardrail = RegexEntityRecognitionGuardrail(should_anonymize=True)
result = guardrail.guard("Contact me at john.doe@email.com")
Strengths:
  • Fast execution
  • No dependencies
  • Perfect for well-formatted data (emails, SSNs, phone numbers)
  • Easy to customize patterns
Limitations:
  • Prone to false positives
  • Misses contextual variations
  • Limited to exact pattern matches
Recent Benchmark Results:
  • High precision on structured data (emails: 1.0, phone numbers: 0.86)
  • Lower recall on variations (names: 0.0, addresses: 0.28)

2. Context-Aware Detection (Presidio)


Best for: Production environments needing balanced accuracy (based on default spaCy model)
from guardrails_genie.guardrails.entity_recognition import PresidioEntityRecognitionGuardrail

guardrail = PresidioEntityRecognitionGuardrail(should_anonymize=True)
result = guardrail.guard("""
    Patient: John Smith
    DOB: 05/15/1980
    SSN: 123-45-6789
""")
Strengths:
  • Combines patterns with contextual rules
  • Supports international formats
  • Built-in anonymization
  • Extensible with custom recognizers that are regex, spaCy, or Transformers based
Limitations:
  • Requires additional dependencies
  • Slower than pure regex
  • May need tuning for specific use cases

3. ML-Based Detection (Transformers)


Best for: Complex text analysis needing high accuracy
from guardrails_genie.guardrails.entity_recognition import TransformersEntityRecognitionGuardrail

guardrail = TransformersEntityRecognitionGuardrail(
    model_name="iiiorg/piiranha-v1-detect-personal-information",
    should_anonymize=True
)
result = guardrail.guard("""
    Please forward the documents to Sarah Wilson 
    at her new address: 123 Oak Street, Apt 4B
""")
Strengths:
  • Best contextual understanding
  • Handles informal text well
  • Detects subtle PII references
  • High recall on names and locations
Limitations:
  • Computationally intensive - especially when training
  • Requires GPU for optimal performance
  • Larger deployment footprint

Real-World Usage Examples

1. API Response Filtering

def get_user_profile(user_id: str) -> Dict:
    profile = database.get_profile(user_id)
    
    # Remove PII before returning
    guardrail = RegexEntityRecognitionGuardrail(should_anonymize=True)
    result = guardrail.guard(json.dumps(profile))
    
    return json.loads(result.anonymized_text)

2. Document Processing Pipeline

def process_medical_records(documents: List[str]):
    guardrail = PresidioEntityRecognitionGuardrail(
        selected_entities=["PERSON", "MEDICAL_LICENSE", "PHONE_NUMBER"],
        should_anonymize=True
    )
    
    for doc in documents:
        result = guardrail.guard(doc)
        if result.contains_entities:
            logger.warning(f"Found PII: {result.explanation}")
            doc = result.anonymized_text
        yield doc

3. Chat Bot Safety

def validate_bot_response(response: str) -> str:
    guardrail = TransformersEntityRecognitionGuardrail(should_anonymize=True)
    result = guardrail.guard(response)
    
    if result.contains_entities:
        logger.error(f"Bot leaked PII: {result.detected_entities}")
        return result.anonymized_text
    return response

Evaluation Results

Our benchmark tested diverse text samples containing various PII types.

AI4Privacy Dataset for PII Detection Benchmarking

The benchmark results were generated using the AI4Privacy PII Masking Dataset, which contains 400,000 text samples with annotated PII entities. This dataset is particularly valuable for evaluating PII detection systems because:

Dataset Characteristics

  • Contains real-world text samples with diverse PII types
  • Includes multiple languages and locales
  • Each sample is professionally annotated with:
    • Original source text
    • Masked version of the text
    • Detailed privacy mask annotations marking PII entities
    • Language and locale information

Setup

  • Used 100 randomly sampled validation set entries
  • Each sample contains multiple PII entities of varying types
  • Annotations include entity type, value, and position in text
  • Evaluation metrics track precision, recall, and F1 scores at both entity and overall levels
Here's how each approach performed:

Model Performance Summary

ModelSuccess RateOverall PrecisionOverall RecallOverall F1
Regex0.0%0.030.500.06
Presidio12.0%0.090.170.12
Transformers77.0%0.810.830.82


Detailed Entity-Level F1 Scores

Entity TypeRegexPresidioTransformers
EMAIL0.931.001.00
SURNAME0.050.000.86
TELEPHONENUM0.000.130.82
GIVENNAME0.080.000.90
CITY0.060.000.92
DRIVERLICENSENUM0.000.110.91
STREET0.000.000.89
TAXNUM0.000.031.00
USERNAME0.000.000.75
PASSWORD0.000.000.75
ZIPCODE0.420.000.53
ACCOUNTNUM0.240.200.77
DATEOFBIRTH0.000.001.00
IDCARDNUM0.000.130.67
CREDITCARDNUMBER0.400.330.80
BUILDINGNUM0.040.000.55
SOCIALNUM0.220.220.50


Key observations:

  1. The Transformers model significantly outperforms both Regex and Presidio across all metrics
  2. All models perform well on EMAIL detection (F1 ≥ 0.93)
  3. Regex and Presidio have many entity types with F1 scores of 0.00
  4. The Transformers model achieves perfect F1 scores (1.00) for EMAIL, TAXNUM, and DATEOFBIRTH
  5. The Transformers model shows strong performance (F1 > 0.80) on 9 entity types

Best Practices

  1. Layer Your Approach
    • Use regex for quick filtering
    • Apply deeper analysis on flagged content
    • Combine methods for critical applications
  2. Customize for Your Domain
    • Add industry-specific patterns
    • Train on your data formats
    • Tune confidence thresholds
  3. Monitor and Iterate
    • Track false positives/negatives
    • Update patterns based on misses
    • Regular model retraining

Getting Started

  1. Choose Your Guardrail:
    • Simple patterns → Regex
    • Production ready → Presidio
    • Complex text → Transformers
  2. (Coming soon?) Install Dependencies:
pip install guardrails-genie
  1. Basic Implementation:
from guardrails_genie.guardrails.entity_recognition import RegexEntityRecognitionGuardrail

def check_pii(text: str) -> bool:
    guardrail = RegexEntityRecognitionGuardrail(should_anonymize=True)
    result = guardrail.guard(text)
    return result.safe
This implementation provides a robust foundation for PII detection while allowing flexibility in choosing the right approach for your specific needs.


Created with ❤️ on Weights & Biases.

https://wandb.ai/a-sh0ts/guardrails-genie-pii-evaluation-demo/reports/Understanding-PII-Detection-Guardrails--VmlldzoxMDQzMjc5OQ
Made with Weights & Biases. Sign up or log in to create reports like this one.