Bird
Raised Fist0
Prompt Engineering / GenAIml~8 mins

PII detection and redaction in Prompt Engineering / GenAI - Model Metrics & Evaluation

Choose your learning style10 modes available
LearnWhyDeepModelTryChallengeExperimentRecallMetrics

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Metrics & Evaluation - PII detection and redaction
Which metric matters for PII detection and redaction and WHY

For PII detection, Recall is very important because we want to find as many personal details as possible to protect privacy. Missing a PII means sensitive data leaks. Precision also matters because marking too many words as PII causes unnecessary redaction, making text hard to read. So, we balance both using the F1 score, which combines precision and recall into one number.

Confusion matrix for PII detection
      | Predicted PII | Predicted Non-PII |
      |---------------|-------------------|
      | True Positive (TP)  | False Positive (FP) |
      | False Negative (FN) | True Negative (TN)  |

      Example:
      TP = 80 (correctly found PII)
      FP = 10 (wrongly marked non-PII as PII)
      FN = 20 (missed PII)
      TN = 890 (correctly ignored non-PII)

      Total samples = 80 + 10 + 20 + 890 = 1000

From this, we calculate:

  • Precision = 80 / (80 + 10) = 0.89
  • Recall = 80 / (80 + 20) = 0.80
  • F1 score = 2 * (0.89 * 0.80) / (0.89 + 0.80) ≈ 0.84
Precision vs Recall tradeoff with examples

If we focus too much on precision, we only mark PII when very sure. This means fewer false alarms but we might miss some PII (low recall). For example, a system that only redacts very obvious phone numbers but misses nicknames or emails.

If we focus too much on recall, we catch almost all PII but also mark many normal words as PII (low precision). This makes the text hard to read because too many words are redacted.

Good PII detection balances both. For example, a system that finds 90% of PII (high recall) and keeps false alarms below 10% (high precision).

What good vs bad metric values look like for PII detection
  • Good: Precision ≥ 0.85, Recall ≥ 0.85, F1 ≥ 0.85. This means most PII is found and few false redactions.
  • Bad: Precision < 0.5 or Recall < 0.5. This means many false alarms or many missed PII, both harmful.
  • Accuracy is less useful here because most text is non-PII, so a model that marks nothing can have high accuracy but is useless.
Common pitfalls in PII detection metrics
  • Accuracy paradox: Since most text is non-PII, a model that never detects PII can have high accuracy but zero recall.
  • Data leakage: If test data contains PII seen during training, metrics look better but model fails on new data.
  • Overfitting: Model memorizes specific PII patterns but misses new types, causing low recall in real use.
  • Ignoring context: Some words are PII only in certain contexts; metrics must consider this to avoid false positives.
Self-check question

Your PII detection model has 98% accuracy but only 12% recall on PII. Is it good for production? Why or why not?

Answer: No, it is not good. The high accuracy is misleading because most text is non-PII. The very low recall means it misses 88% of PII, risking privacy leaks. For PII detection, recall must be high to protect sensitive data.

Key Result
High recall is critical to catch most PII, balanced with precision to avoid excessive false redactions.

Practice

(1/5)
1. What is the main purpose of PII detection in text data?
easy
A. To increase the size of the dataset
B. To improve the speed of text processing
C. To find personal information to protect privacy
D. To translate text into different languages

Solution

  1. Step 1: Understand PII detection

    PII detection is about finding personal information like names, emails, or phone numbers in text.

  2. Step 2: Identify the purpose

    The goal is to protect privacy by recognizing sensitive data that should not be shared openly.

  3. Final Answer:

    To find personal information to protect privacy -> Option C

  4. Quick Check:

    PII detection = find personal info [OK]
Hint: PII detection means finding personal info to keep it safe [OK]
Common Mistakes:
  • Confusing PII detection with data translation
  • Thinking it speeds up processing
  • Believing it increases dataset size
2. Which of the following is the correct way to redact an email address in text?
easy
A. Replace the email with <EMAIL_REDACTED>
B. Delete the entire sentence containing the email
C. Change the email to a random number
D. Highlight the email in bold

Solution

  1. Step 1: Understand redaction

    Redaction means hiding sensitive info by replacing it with a placeholder, not deleting or changing it randomly.

  2. Step 2: Choose the correct method

    Replacing the email with a clear placeholder like <EMAIL_REDACTED> keeps the text readable and safe.

  3. Final Answer:

    Replace the email with <EMAIL_REDACTED> -> Option A

  4. Quick Check:

    Redaction = replace sensitive info with placeholder [OK]
Hint: Redact by replacing sensitive info with clear placeholders [OK]
Common Mistakes:
  • Deleting whole sentences instead of redacting
  • Replacing emails with unrelated data
  • Highlighting instead of hiding
3. Given this Python code snippet for PII redaction:
import re
text = 'Contact me at john.doe@example.com or 123-456-7890.'
redacted = re.sub(r'\S+@\S+\.\S+', '<EMAIL_REDACTED>', text)
print(redacted)

What will be the output?
medium
A. Contact me at john.doe@example.com or 123-456-7890.
B. Contact me at john.doe@example.com or <EMAIL_REDACTED>.
C. Contact me at <EMAIL_REDACTED> or <EMAIL_REDACTED>.
D. Contact me at <EMAIL_REDACTED> or 123-456-7890.

Solution

  1. Step 1: Understand the regex pattern

    The pattern '\S+@\S+\.\S+' matches email addresses (non-space chars @ non-space chars . non-space chars).

  2. Step 2: Apply substitution

    The code replaces the email with '<EMAIL_REDACTED>' but leaves the phone number unchanged.

  3. Final Answer:

    Contact me at <EMAIL_REDACTED> or 123-456-7890. -> Option D

  4. Quick Check:

    Email replaced, phone unchanged = Contact me at <EMAIL_REDACTED> or 123-456-7890. [OK]
Hint: Regex replaces emails only, phone stays same [OK]
Common Mistakes:
  • Thinking phone number is replaced
  • Misreading regex pattern
  • Assuming no replacement happens
4. You wrote this code to redact phone numbers:
import re
text = 'Call 555-1234 or 555-5678.'
redacted = re.sub(r'\d{3}-\d{4}', '<PHONE_REDACTED>', text)
print(redacted)

But the output is:
'Call 555-1234 or 555-5678.'
What is the likely error?
medium
A. The regex pattern is incorrect and does not match the phone numbers
B. The re.sub function is missing the text argument
C. The print statement is missing parentheses
D. The text variable is empty

Solution

  1. Step 1: Check regex pattern against phone format

    The pattern '\d{3}-\d{4}' matches numbers like '555-1234', but the phone numbers might have different formats or extra spaces.

  2. Step 2: Confirm if pattern matches text

    If the phone numbers have area codes or spaces, the pattern won't match, so no replacement occurs.

  3. Final Answer:

    The regex pattern is incorrect and does not match the phone numbers -> Option A

  4. Quick Check:

    Regex mismatch causes no replacement [OK]
Hint: Check regex matches exact phone format in text [OK]
Common Mistakes:
  • Assuming re.sub syntax error
  • Forgetting parentheses in print (Python 3+)
  • Thinking text is empty without checking
5. You want to redact both emails and phone numbers in a text using Python. Which combined regex pattern correctly matches emails and US phone numbers like '123-456-7890'?
hard
A. r'\d{3}-\d{4}|\S+@\S+\.\S+'
B. r'\S+@\S+\.\S+|\d{3}-\d{3}-\d{4}'
C. r'\S+@\S+\.\S+\d{3}-\d{3}-\d{4}'
D. r'\S+@\S+\.\S+&\d{3}-\d{3}-\d{4}'

Solution

  1. Step 1: Understand regex for emails and phones

    The email pattern '\S+@\S+\.\S+' matches emails; '\d{3}-\d{3}-\d{4}' matches US phone numbers like '123-456-7890'.

  2. Step 2: Combine patterns with OR operator

    Using '|' between patterns matches either emails or phone numbers separately.

  3. Step 3: Evaluate options

    r'\S+@\S+\.\S+|\d{3}-\d{3}-\d{4}' correctly uses '|' to combine patterns; r'\d{3}-\d{4}|\S+@\S+\.\S+' reverses order but still works; r'\S+@\S+\.\S+\d{3}-\d{3}-\d{4}' concatenates patterns (wrong); r'\S+@\S+\.\S+&\d{3}-\d{3}-\d{4}' uses '&' which is invalid in regex.

  4. Final Answer:

    r'\S+@\S+\.\S+|\d{3}-\d{3}-\d{4}' -> Option B

  5. Quick Check:

    Use '|' to combine regex patterns [OK]
Hint: Use '|' to combine email and phone regex patterns [OK]
Common Mistakes:
  • Concatenating patterns without '|'
  • Using invalid regex operators like '&'
  • Mixing order but forgetting OR operator