PII Masking

Overview

PII Masking is the process of obscuring Personally Identifiable Information (such as names, IDs, and phone numbers) within a text. In the context of Generative AI, this is critical for preventing sensitive user data from being exposed to third-party LLM providers or leaking into training data, ensuring compliance with data privacy regulations.

At GDP Labs, we use the gllm-privacy library to handle this workflow.

gllm-privacy is designed to robustly detect and anonymize sensitive data. It provides standard detection for global entities (Email, Phone, etc.) and specialized support for Indonesian entities (KTP, NPWP, BPJS, etc.). Additionally, it integrates Named Entity Recognition (NER) models to detect unstructured entities such as Names, Organizations, and Locations, allowing you to integrate comprehensive privacy protection seamlessly into your GenAI applications.

Prerequisites

Before installing, make sure you have:

Python 3.11+
Pip or Poetry
gcloud CLI - required because gllm-privacy is a private library hosted in a GDPLabs private Google Cloud repository.

After installing, please run:

gcloud auth login

to authorize gcloud to access the Cloud Platform with Google user credentials.

You need to authenticate via gcloud CLI to access and download the package during installation.

Installation

Step 1: Install keyring for authentication

pip install keyring keyrings.gl-artifactregistry-auth

Step 2: Install the package

pip install gllm-privacy-binary --index-url https://glsdk.gdplabs.id/gen-ai/simple

Step 1: Add the gen-ai source to your pyproject.toml

poetry source add --priority=explicit gen-ai https://glsdk.gdplabs.id/gen-ai/simple

Step 2: Configure the authentication

poetry config http-basic.gen-ai oauth2accesstoken "$(gcloud auth print-access-token)"

Step 3: Add to projects

poetry add --source gen-ai gllm-privacy-binary

Running Your First Anonymization

In this tutorial, we will detect and anonymize sensitive data using the default recognizers (Regex-based).

Create a script called privacy_quickstart.py.

import asyncio
from gllm_privacy.pii_detector import TextAnalyzer, TextAnonymizer
from gllm_privacy.pii_detector.constants import Entities
from gllm_privacy.pii_detector.anonymizer import Operation

async def main():
    # 1. Initialize the Analyzer & Anonymizer
    text_analyzer = TextAnalyzer()
    text_anonymizer = TextAnonymizer(text_analyzer)

    # 2. Define input text containing mixed PII
    text = "Halo, nama saya Budi. Nomor KTP saya 3525011212941001. Hubungi budi@example.com atau +628123456789"

    # 3. Define target entities
    entities = [Entities.KTP, Entities.EMAIL_ADDRESS, Entities.PHONE_NUMBER]

    # 4. Run Anonymization
    print("--- Anonymizing ---")
    anonymized_text = await text_anonymizer.run(
        text=text,
        entities=entities,
        operation=Operation.ANONYMIZE
    )
    print(anonymized_text)

    # 5. Run Deanonymization (Restore original values)
    print("\n--- Deanonymizing ---")
    deanonymized_text = await text_anonymizer.run(
        text=anonymized_text,
        operation=Operation.DEANONYMIZE
    )
    print(deanonymized_text)

if __name__ == "__main__":
    asyncio.run(main())

Run the script

python privacy_quickstart.py

The script will output the anonymized text with replaced values, and then restore the original values.

--- Anonymizing ---
Halo, nama saya Budi. Nomor KTP saya <ID_KTP_1>. Hubungi <EMAIL_ADDRESS_1> atau <PHONE_NUMBER_1>.

--- Deanonymizing ---
Halo, nama saya Budi. Nomor KTP saya 3525011212941001. Hubungi budi@example.com atau +628123456789.

Default Behavior: gllm-privacy uses reversible placeholders (e.g., <ID_KTP_1>) by default. This ensures that the same entity is always replaced by the same placeholder, allowing for accurate deanonymization later. To use Fake Data (e.g., generating a fake KTP number instead of a placeholder), initialize the anonymizer with: TextAnonymizer(text_analyzer, add_default_faker_operators=True)\

Anonymizer with NER

While regex patterns are efficient for certain data like IDs or Phone Numbers, they cannot effectively detect unstructured entities like Names, Organizations, and Locations.

For these use cases, you can use the GDP Labs NER Service integrated directly into gllm-privacy. This uses the GDPLabsNerApiRemoteRecognizer to send text to a remote endpoint. In this tutorial we will use the GDP Labs NER Service in the staging environment.

Prerequisites

API Key: For authenticating with the NER Endpoint (passed via the x-api-key header). Ask your manager or Infra team for the key.

Import the Remote Recognizer

from gllm_privacy.pii_detector.recognizer.gdplabs_ner_api_remote_recognizer import GDPLabsNerApiRemoteRecognizer
from gllm_privacy.pii_detector import TextAnalyzer, TextAnonymizer
from gllm_privacy.pii_detector.constants import Entities

Configure the Recognizer

Initialize the recognizer with the API URL and credentials. We will create recognizers for both Indonesian (id) and English (en).

# Define the URL and the credential
api_url = "https://stag-api-gdplabs-ner-api.obrol.id/analyze"
headers = {
    "X-API-Key": "sk-client-..."
}

# Create remote recognizer for both Bahasa Indonesia and English
remote_recognizer_id = GDPLabsNerApiRemoteRecognizer(
    api_url=api_url, 
    supported_language="id", 
    api_headers=headers
)
remote_recognizer_en = GDPLabsNerApiRemoteRecognizer(
    api_url=api_url, 
    supported_language="en", 
    api_headers=headers
)

Run Analysis

Inject the remote recognizers into the TextAnalyzer and run detection to see what entities are found.

# Create TextAnalyzer with the remote recognizers
text_analyzer = TextAnalyzer(additional_recognizers=[remote_recognizer_en, remote_recognizer_id])

# Define text with entities
text = "Budi Santoso adalah Lead Engineer di PT Samudra Raya yang berkantor pusat di Jalan Merpati No. 33 Bandung."

# Run analysis
results = text_analyzer.analyze(text=text)

# Inspect Detected Entities
print("--- Detected Entities ---")
for res in results:
    # Extract the actual text using the start/end indices
    detected_word = text[res.start : res.end]
    print(f"[{res.entity_type}] {detected_word} (Score: {res.score})")

Example Output:

--- Detected Entities ---
[PERSON] Budi Santoso (Score: 1.0)
[ORGANIZATION] PT Samudra Raya (Score: 1.0)
[LOCATION] Jalan Merpati No. 33 Bandung (Score: 1.0)

Run Anonymization

Once detection is confirmed, use the TextAnonymizer to mask the sensitive data.

# Initialize the Anonymizer
text_anonymizer = TextAnonymizer(text_analyzer)

# Run Anonymization
anonymized_text = text_anonymizer.anonymize(text=text)

print("\n--- Anonymized Text ---")
print(anonymized_text)

Example Output:

--- Anonymized Text ---
<PERSON_1> adalah Lead Engineer di <ORGANIZATION_1> yang berkantor pusat di <LOCATION_1>.

Supported Entities

gllm-privacy comes with built-in support for the following entities:

Indonesia Specific:
- ID_KTP (Kartu Tanda Penduduk)
- ID_NPWP (Tax ID)
- ID_BPJS_NUMBER (Social Security)
- FAMILY_CARD_NUMBER (Kartu Keluarga)
- BANK_ACCOUNT (Local Bank Accounts)
- PHONE_NUMBER (+62 format)
Global:
- EMAIL_ADDRESS
- CREDIT_CARD
- IP_ADDRESS
- URL
- IBAN_CODE
AI-Detected (via Transformers or Remote NER):
- PERSON
- LOCATION
- ORGANIZATION

PreviousNeMo Engine NextMultimodality

Last updated 1 month ago