Evaluation Using Interface

Input:

  • Required Inputs:
    • input: The content column to be evaluated for privacy compliance.
  • Configuration Parameters:
    • Check Internet: Whether to check if the content contains any privacy violations using internet sources.

Output:

  • Result: Passed / Failed

Interpretation:

  • Passed: Indicates that the content fully complies with privacy requirements and regulations.
  • Failed: Signifies the presence of privacy violations, such as unauthorised data exposure or non-compliance with regulatory guidelines, requiring remediation.

Evaluation Using Python SDK

Click here to learn how to setup evaluation using the Python SDK.


InputParameterTypeDescription
Required InputsinputstringThe content to be evaluated for privacy compliance.
Configuration Parameterscheck_internetboolWhether to check internet sources for privacy violations.

OutputTypeDescription
ResultboolReturns 1 (indicating full compliance with privacy regulations) or 0 (indicating privacy violations that require remediation).
from fi.testcases import TestCase
from fi.evals.templates import DataPrivacyCompliance

test_case = TestCase(
    input=(
        "Patient John Doe (SSN: 123-45-6789) was admitted on 01/15/2024. "
        "Contact details: john.doe@email.com, (555) 123-4567. "
        "Credit card ending in 4321 was charged $500 for services."
    )
)

template = DataPrivacyCompliance(
    config={
        "check_internet": False
    }
)

response = evaluator.evaluate(eval_templates=[template], inputs=[test_case])
response.eval_results[0].metrics[0].value[0]


What to do when Data Privacy Compliance Failed

Identify specific privacy violations in the output and take immediate action to remove or redact any exposed sensitive data. Strengthening data handling and processing protocols can help prevent similar issues, while enhancing anonymisation and pseudo-anonymisation techniques ensures better data protection.

Regular privacy audits and assessments should be conducted to identify potential risks and maintain compliance.

Finally, integrating privacy-by-design principles into system development and operations ensures that data protection measures are embedded at every stage, minimising the risk of future compliance failures.


Differentiating Data Privacy Compliance with PII

Data Privacy Compliance assesses adherence to multiple privacy regulations and principles, ensuring legal and regulatory alignment. While PII Detection focuses specifically on identifying personally identifiable information (PII) to prevent exposure.

Data Privacy Compliance is ideal for organisations conducting privacy audits, while PII detection is suited for general-purpose data anonymisation and protection efforts.