Skip to main content

PII Detection, Categorization, and Severity Assessment

Project description

alt text

PII Detection, Categorization, and Severity Assessment

made-with-python Maintenance codecov License Python 3.9 DOI status


Author: Eidan Rosado - @EdyVision
Affiliation: Nova Southeastern University, College of Computing and Engineering

Project Background

The PII Codex project was built as a core part of an ongoing research effort in Personal Identifiable Information (PII) detection and risk assessment (to be publicly released later in 2023). There was a need to not only detect PII in text, but also identify its severity, associated categorizations in cybersecurity research and policy documentation, and provide a way for others in similar research efforts to reproduce or extend the research. PII Codex is a combination of systematic research, conceptual frameworks, third-party open source software, and cloud service provider integrations. The categorizations are directly influenced by the research of Milne et al. (2016) while the ranking is a result of category severities on the scale provided by Schwartz and Solove (2012) from Non-Identifiable, Semi-Identifiable, and Identifiable.

The outputs of the primary PII Codex analysis and adapter functions are AnalysisResult or AnalysisResultSet objects that will provide a listing of detections, severities, mean risk scores for each string processed, and summary statistics on the analysis made. The final outputs do not contain the original texts but instead will provide where to find the detections should the end-user care for this information in their analysis.

Statement of Need

The general knowledge base of identifiable data, the usage restrictions of this data, and the associated policies surrounding it have shifted drastically over the years. The tech industry has had to adjust to many policy changes regarding the tracking of individuals, the usage of data from online profiles and platforms, and the right to be forgotten entirely from a service or platform (GDPR). While the shift has provided data protections around the globe, the majority of technology users continue to have little to no control over their personal information with third-party data consumers (Trepte, 2020).

Understanding if identifiable data types exist in a data set can prevent accidental sharing of such data by allowing its detection in the first place and, in the case of this software package, present sanitized strings, the reasons to why the token was considered to be PII, and permit for the results to be publishable.

Potential Usages

Potential usages include sanitizing of dataset strings (e.g. a collection of social media posts), presenting results to users for software examining their interactions (e.g. UX research on user-awareness in cybersecurity applications), etc.


Running Locally with Poetry

This project uses Poetry. To run this project, install poetry and proceed to follow the instructions under /docs/LOCAL_SETUP.md.

Note: This project has only been tested with Ubuntu and MacOS and with Python versions 3.9 and 3.10. You may need to upgrade pip ahead of installation.

Installing with PIP

Video capture of install provided in LOCAL_SETUP.md file. Make sure you set up a virtual environment with either python 3.9 or 3.10 and upgrade pip with:

pip install --upgrade pip
pip install -U pip setuptools wheel # only needed if you haven't already done so 

Before adding pii-codex on your project, download the spaCy en_core_web_lg model:

pip install -U spacy
python3 -m spacy download en_core_web_lg

For more details on spaCy installation and usage, refer to their docs.

The repository releases are hosted on PyPi and can be installed with:

pip install pii-codex
pip install "pii-codex[detections]"

Note: The extras installed with pii-codex[detections] are the spaCy, Micrisoft Presidio Analyzer, and Microsoft Anonymzer packages.

Using Poetry:

poetry update
poetry add pii-codex
poetry install pii-codex --extras="detections"

For those using Google Collab, check out the example notebook:

Open In Colab

Usage

Video capture of usage provided in LOCAL_SETUP.md.

Sample Input / Output

The built-in analyzer uses Microsoft Presidio. Feed in a collection of strings with analyze_collection() or just a single string with analyze_item(). Those analyzing a collection of strings will also be provided with statistics calculated on the risk scores for detected items.

from pii_codex.services.analysis_service import PIIAnalysisService
PIIAnalysisService().analyze_collection(
    texts=["your collection of strings"],
    language_code="en",
    collection_name="Data Set Label", # Optional Labeling
    collection_type="SAMPLE" # Defaults to POPULATION, used stats calculations
)

You can also pass in a data param (dataframe) instead of simple text array with a text column and a metadata column to be analyzed for those analyzing social media posts. Current metadata supported are URL, LOCATION, and SCREEN_NAME.

Sample output (results object converted to dict from notebook):

{
    "collection_name": "PII Collection 1",
    "collection_type": "POPULATION",
    "analyses": [
        {
            "analysis": [
                {
                    "pii_type_detected": "PERSON",
                    "risk_level": 3,
                    "risk_level_definition": "Identifiable",
                    "cluster_membership_type": "Financial Information",
                    "hipaa_category": "Protected Health Information",
                    "dhs_category": "Linkable",
                    "nist_category": "Directly PII",
                    "entity_type": "PERSON",
                    "score": 0.85,
                    "start": 21,
                    "end": 24,
                }
            ],
            "index": 0,
            "risk_score_mean": 3,
            "sanitized_text: "Hi! My name is <REDACTED>",
        },
        ...
    ],
    "detection_count": 5,
    "risk_scores": [3, 2.6666666666666665, 1, 2, 1],
    "risk_score_mean": 1.9333333333333333,
    "risk_score_mode": 1,
    "risk_score_median": 2,
    "risk_score_standard_deviation": 0.8273115763993905,
    "risk_score_variance": 0.6844444444444444,
    "detected_pii_types": {
        "LOCATION",
        "EMAIL_ADDRESS",
        "URL",
        "PHONE_NUMBER",
        "PERSON",
    },
    "detected_pii_type_frequencies": {
        "PERSON": 1,
        "EMAIL_ADDRESS": 1,
        "PHONE_NUMBER": 1,
        "URL": 1,
        "LOCATION": 1,
    },
}

Docs

For more information on usage, check out the respective documentation for guidance on using PII-Codex.

Topic Document Description
PII Type Mappings PII Mappings Overview of how to perform mappings between PII types and how to review store PII types.
PII Detections and Analysis PII Detection and Analysis Overview of how to detect and analyze strings
Local Repo Setup Local Repo Setup Instructions for local repository setup
Example Analysis Example Analysis Notebook Notebook with example analysis using MSFT Presidio
PII-Codex Docs docs/pii_codex/index.html Autogenerated docs on classes, services, and models

Attributions

This project benefited greatly from a number of PII research works like that from Milne et al (2016) with the definition of the types and categories, Schwartz and Solove (2012) with the severity levels of Non-Identifiable, Semi-Identifiable, and Identifiable, and the documentation by NIST, DHS (2012), and HIPAA (full list of foundational publications provided below). A special thanks to all the open source projects, and frameworks that made the setup and structuring of this project much easier like Poetry, Microsoft Presidio, spaCy (2017), Jupyter, and several others.

Foundational Publications

The following publications that inspired and provided a foundation for this repository:

Concept Document Description
PII Type Mappings Milne et al., (2016) PII token categories and NIST and DHS categorizations.
Risk Continuum Schwartz & Solove, (2011) Risk continuum concept and definition (what lead to the ranking in PII-Codex).
Privacy and Affordances Trepte, (2020) Third-Party data consumption and user control (lack thereof) background.
Social Media and Privacy Beigi & Liu, (2010) Privacy issues with social media and third-party data consumption.
Privacy Settings and Data Access Moura & Serrão, (2016) Privacy settings, data access, and unauthorized usage.
Information Privacy Review Bélanger & Crossler, (2011) Concept of aggregation of data to identify individuals.
Big Data and Third Party Data Consumption Tene & Polonetsky, (2013) Third-party data usage, user control, and privacy.
PII and Confidentiality McCallister et al., (2010) NIST guidance on PII confidentiality protections for federal agencies.
Data Capitalism and Privacy West, (2017) Data capitalism, surveillance, and privacy.

The remaining resources such as python library citations, cloud service provider docs, and cybersecurity guidelines are included in the paper.bib file.

Community Guidelines

For community guidelines and contribution instructions, please view the CONTRIBUTING.md file.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pii_codex-0.4.6.tar.gz (29.9 kB view details)

Uploaded Source

Built Distribution

pii_codex-0.4.6-py3-none-any.whl (34.3 kB view details)

Uploaded Python 3

File details

Details for the file pii_codex-0.4.6.tar.gz.

File metadata

  • Download URL: pii_codex-0.4.6.tar.gz
  • Upload date:
  • Size: 29.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.5.1 CPython/3.9.17 Linux/5.15.0-1039-azure

File hashes

Hashes for pii_codex-0.4.6.tar.gz
Algorithm Hash digest
SHA256 e28eafe5daa6429172616820cf37789df0541047f8689849da2c7393c413aa08
MD5 bb824990700cc7547e5e9a438072b801
BLAKE2b-256 e20cfc8f1be1e9b5f6c24b31805097ab227f7f58689f318f0162e328a78d98e9

See more details on using hashes here.

File details

Details for the file pii_codex-0.4.6-py3-none-any.whl.

File metadata

  • Download URL: pii_codex-0.4.6-py3-none-any.whl
  • Upload date:
  • Size: 34.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.5.1 CPython/3.9.17 Linux/5.15.0-1039-azure

File hashes

Hashes for pii_codex-0.4.6-py3-none-any.whl
Algorithm Hash digest
SHA256 8976b810a3ab933601d8ba8c65d60c6a3ee0f7dd4ecfd699ed984600b33a64e5
MD5 321055c99940c08dcf6fb192bbebcdad
BLAKE2b-256 54985fb31b050c69ce7bcd9e1a4800571f4ee8b06e4d7dcd34b77f66d3907db4

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page