Argmin AIArgmin AI
About usOptimize your agent
RLHFBasic RAGPrompt OptimizationAgentic RAGQuantizationSafety BenchmarksLLM-as-a-JudgeChain-of-ThoughtMulti-Agent SystemsFunction CallingEfficient InferenceHallucination Detection

Adaptive system that detects and masks personal data to meet GDPR and CCPA rules

LLM EvaluationSafety BenchmarksData FilteringSystem
January 21, 20256 min

Overview

Decision SnapshotNeeds Validation

Benchmarks and a small human study show strong detection for several PII types, but key evaluations use an internal dataset and limited human tests, so broader generalization needs more validation.

Citations1

Evidence Strength0.60

Confidence0.85

Risk Signals11

Trust Signals

Findings with numeric evidence: 3/3

Findings with evidence refs: 3/3

Results with explicit delta: 3/4

Reproducibility

Status: No open assets linked

Open source: Partial

At A Glance

Cost impact: 60%

Production readiness: 70%

Novelty: 45%

Authors

Shubhi Asthana, Ruchi Mahindru, Bing Zhang, Jorge Sanz

Links

Abstract / PDF / Data

Why It Matters For Business

Automated, policy-aware PII detection reduces legal risk and audit effort while preserving data utility for ML pipelines.

Who Should Care

CTOProduct ManagerML EngineerData ScientistEngineering Lead

Summary TLDR

This paper presents OneShield, an adaptive pipeline that detects personally identifiable information (PII) in text with context-aware scoring and applies regulation-aware masking strategies. Benchmarks on an in-house set (~1,500 points) and a Kaggle PII dataset show strong F1 scores (e.g., passport numbers 0.95–1.0). A 20-person study rated perceived protection 4.6/5. The system integrates a policy engine to map laws (GDPR/CCPA) into actionable masking rules and logs actions for audits.

Problem Statement

LLMs consume large public text corpora but legal rules (GDPR, CCPA, PIPEDA) vary by jurisdiction. Static redaction or pattern rules either miss sensitive cases or remove useful context. Enterprises need a scalable, updatable system that detects PII with context and applies jurisdiction-specific remediation without wrecking downstream model utility.

Main Contribution

Adaptive Risk Mitigation Framework: a policy-driven system that converts laws into executable masking rules.

Contextual PII Detection: multi-step detector that scores entity sensitivity using local semantics and metadata.

Key Findings

Passport number detection outperforms other tools on evaluated benchmarks.

NumbersOneShield F1=0.95 (Bench1); Presidio 0.33; Comprehend 0.54

Practical UseUse the OneShield detector where accurate passport masking matters; it reduces leakage risk compared to common open tools on these datasets.

Evidence RefTable 2 (PassportNumber row, Benchmark1)

Person name detection is near-perfect on evaluated data.

NumbersOneShield Person F1=1.00 (Bench1); StarPII 0.99; Comprehend 0.88

Practical UseExpect very few missed names on similar text types; you can rely on it to automatically mask or pseudonymize names with low manual review.

Evidence RefTable 2 (Person row, Benchmark1)

Results

MetricValueBaselineDeltaSplit / DatasetEvidenceEvidence Ref
PassportNumber F1 (Benchmark1)0.95Presidio 0.33; Comprehend 0.54OneShield +0.62 vs PresidioBenchmark1 (in-house)Table 2 passport rowTable 2
Person name F1 (Benchmark1)1.00StarPII 0.99; Comprehend 0.88Comparable to best open-source NERBenchmark1 (in-house)Table 2 person rowTable 2

What To Try In 7 Days

Run OneShield or a contextual PII detector over a small training slice and compare F1 on known PII

Map your GDPR/CCPA must-rules into a policy table and test masking behaviors

Enable audit logging for remediation actions for one model pipeline and review outputs

Reproducibility

Code AvailableNo
Data AvailableNo
Open Source StatusPartial
LicenseUnknown

Data URLs

https://www.kaggle.com/datasets/pjmathematician/pii-detection-dataset-gpt

Risks & Boundaries

Limitations

Evaluation relies on an internal in-house dataset (~1,500 points) and one public Kaggle set; generalization to other domains is unproven

Human trust study is small (n=20) and subjective

When Not To Use

When legal audit requires fully auditable, certified third-party tools without internal customization

Where latency must be minimal and complex contextual scoring cannot be afforded

Failure Modes

False negatives on nested or obfuscated PII (e.g., email inside URLs) as noted for other tools

False positives on public organizations or names without contextual disambiguation

Core Entities

Models

OneShield PII detectorStarPII

Metrics

F1User trust score

Datasets

Benchmark1 (in-house, ~1500 examples)Kaggle PII detection dataset (pii-detection-dataset-gpt)

Benchmarks

Benchmark1 in-houseBenchmark2 Kaggle PII dataset

You May Also Want to Read

ThaiSafetyBench: 1,954 Thai malicious prompts reveal cultural blind spots in LLM safety

0.60
0.50
0.60
0

If you deploy Thai-language LLM features, culture-specific attacks raise failure rates; use ThaiSafetyBench and the classifier to find gaps fast and prioritize alignment or safer model choices.

Key finding

Dataset size and composition

Numbers: 1,954 samples total; public subset 1,889 samples

Model judges reward ethics-based refusals; human users penalize them

0.60
0.50
0.40
0

If you use automated LLM judges for benchmarking, training, or model selection, they will tend to reward ethics-based refusals more than real users do; that can produce models that prioritize safety signals over user satisfaction.

Key finding

LLM judges give ethics-based refusals much higher win rates than humans do.

Numbers: User win rate 8% → GPT-4o 31% → Llama 3 70B 27%

A 300k-case, 22-language benchmark that tests how jailbreak prompts make LLMs write fake news

0.60
0.70
0.70
0

Multilingual and region-specific fake news is a practical risk: many deployed LLMs can be nudged by jailbreak prompts to produce plausible, harmful news across languages. This undermines trust, harms platforms and user safety, and can create legal and reputational exposure if not tested and mitigated.

Key finding

Jailbreak attacks can succeed at high rates.

Numbers: Max ASR = 86.3% (Qwen3-4B, Jailbreak setting)

MEDIC: a practical framework to test clinical LLM safety, hallucinations, and operational utility

0.60
0.60
0.40
6

MEDIC gives practical, faster checks for clinical readiness: it flags operational failures and hallucinations that standard exams miss, reducing deployment risk before costly pilots.

Key finding

Static knowledge benchmarks are saturated, but operational tasks lag far behind.

Numbers: Knowledge median >75% vs operational median <40% (Fig.4a)

A balanced 44-class benchmark (440 prompts + 8.8K mutations) for testing whether LLMs refuse unsafe requests, plus a fast judge design.

0.85
0.42
0.65
4

SORRY-Bench lets product and risk teams measure whether a model will refuse harmful requests across many specific topics and prompt styles; this helps set provider and model selection policy and reduces surprise from prompt variants.

Key finding

SORRY-Bench provides balanced coverage across 44 fine-grained safety categories.

Numbers: 44 categories; 440 base instructions (10 per class).