Personal data is everywhere in AI systems
PII flows through prompts, retrieved context, logs, training data, and outputs. Privacy law (GDPR and its global cousins) governs all of it, on principles engineers must implement:
- Lawful basis & consent — you need a legal reason to process personal data; for AI, be careful using customer data to train models without consent.
- Data minimization — collect and send only what's needed. Don't pipe full PII to the model if a redacted version works.
- Purpose limitation — use data only for the stated purpose.
- Right to erasure & access — users can demand their data be deleted or disclosed — which is hard if it's baked into a model or scattered across logs and vector stores. Design for deletion.
- Automated-decision rights — GDPR gives people rights around solely-automated decisions with significant effects (a human-review path).
PII handling controls (the engineering)
- Detect & redact — run a PII detector on inputs (and outputs) to redact names, emails, SSNs, health data before they reach the model or your logs. A standard input/output guardrail (AI Security course).
- Don't log raw PII — prompts/outputs logged for debugging are a top leak vector; redact, restrict access, and set retention limits.
- Watch the training-data risk — models can memorize and regurgitate training data (membership-inference / extraction attacks); don't train on sensitive data casually, and confirm your provider's data terms (do they train on your API data? usually not on enterprise/API tiers — verify).
- Tenant isolation — in multi-tenant RAG, filter retrieval by tenant so one customer's PII can't surface for another (AI Security course).
Regulated domains
Healthcare (HIPAA), finance, and children's data carry extra duties. In those domains, PII handling isn't best-practice — it's the law, and a leak is a reportable breach.