Skip to main content

Data anonymization with Microsoft Presidio

Open In Collab

Use case

Data anonymization is crucial before passing information to a language model like GPT-4 because it helps protect privacy and maintain confidentiality. If data is not anonymized, sensitive information such as names, addresses, contact numbers, or other identifiers linked to specific individuals could potentially be learned and misused. Hence, by obscuring or removing this personally identifiable information (PII), data can be used freely without compromising individuals' privacy rights or breaching data protection laws and regulations.

Overview

Anonynization consists of two steps:

  1. Identification: Identify all data fields that contain personally identifiable information (PII).
  2. Replacement: Replace all PIIs with pseudo values or codes that do not reveal any personal information about the individual but can be used for reference. We're not using regular encryption, because the language model won't be able to understand the meaning or context of the encrypted data.

We use Microsoft Presidio together with Faker framework for anonymization purposes because of the wide range of functionalities they provide. The full implementation is available in PresidioAnonymizer.

Quickstart

Below you will find the use case on how to leverage anonymization in LangChain.

# Install necessary packages
# ! pip install langchain langchain-experimental openai presidio-analyzer presidio-anonymizer spacy Faker
# ! python -m spacy download en_core_web_lg

\ Let's see how PII anonymization works using a sample sentence:

from langchain_experimental.data_anonymizer import PresidioAnonymizer

anonymizer = PresidioAnonymizer()

anonymizer.anonymize(
    "My name is Slim Shady, call me at 313-666-7440 or email me at real.slim.shady@gmail.com"
)
    'My name is Laura Ruiz, call me at +1-412-982-8374x13414 or email me at javierwatkins@example.net'

Using with LangChain Expression Language

With LCEL we can easily chain together anonymization with the rest of our application.

# Set env var OPENAI_API_KEY or load from a .env file:
# import dotenv

# dotenv.load_dotenv()
text = f"""Slim Shady recently lost his wallet. 
Inside is some cash and his credit card with the number 4916 0387 9536 0861. 
If you would find it, please call at 313-666-7440 or write an email here: real.slim.shady@gmail.com."""
from langchain.prompts.prompt import PromptTemplate
from langchain.chat_models import ChatOpenAI

anonymizer = PresidioAnonymizer()

template = """Rewrite this text into an official, short email:

{anonymized_text}"""
prompt = PromptTemplate.from_template(template)
llm = ChatOpenAI(temperature=0)

chain = {"anonymized_text": anonymizer.anonymize} | prompt | llm
response = chain.invoke(text)
print(response.content)
    Dear Sir/Madam,
    
    We regret to inform you that Richard Fields has recently misplaced his wallet, which contains a sum of cash and his credit card bearing the number 30479847307774. 
    
    Should you happen to come across it, we kindly request that you contact us immediately at 6439182672 or via email at frank45@example.com.
    
    Thank you for your attention to this matter.
    
    Yours faithfully,
    
    [Your Name]

Customization

We can specify analyzed_fields to only anonymize particular types of data.

anonymizer = PresidioAnonymizer(analyzed_fields=["PERSON"])

anonymizer.anonymize(
    "My name is Slim Shady, call me at 313-666-7440 or email me at real.slim.shady@gmail.com"
)
    'My name is Adrian Fleming, call me at 313-666-7440 or email me at real.slim.shady@gmail.com'

As can be observed, the name was correctly identified and replaced with another. The analyzed_fields attribute is responsible for what values are to be detected and substituted. We can add PHONE_NUMBER to the list:

anonymizer = PresidioAnonymizer(analyzed_fields=["PERSON", "PHONE_NUMBER"])
anonymizer.anonymize(
    "My name is Slim Shady, call me at 313-666-7440 or email me at real.slim.shady@gmail.com"
)
    'My name is Justin Miller, call me at 761-824-1889 or email me at real.slim.shady@gmail.com'

\ If no analyzed_fields are specified, by default the anonymizer will detect all supported formats. Below is the full list of them:

['PERSON', 'EMAIL_ADDRESS', 'PHONE_NUMBER', 'IBAN_CODE', 'CREDIT_CARD', 'CRYPTO', 'IP_ADDRESS', 'LOCATION', 'DATE_TIME', 'NRP', 'MEDICAL_LICENSE', 'URL', 'US_BANK_NUMBER', 'US_DRIVER_LICENSE', 'US_ITIN', 'US_PASSPORT', 'US_SSN']

Disclaimer: We suggest carefully defining the private data to be detected - Presidio doesn't work perfectly and it sometimes makes mistakes, so it's better to have more control over the data.

anonymizer = PresidioAnonymizer()
anonymizer.anonymize(
    "My name is Slim Shady, call me at 313-666-7440 or email me at real.slim.shady@gmail.com"
)
    'My name is Dr. Jennifer Baker, call me at (508)839-9329x232 or email me at ehamilton@example.com'

\ It may be that the above list of detected fields is not sufficient. For example, the already available PHONE_NUMBER field does not support polish phone numbers and confuses it with another field:

anonymizer = PresidioAnonymizer()
anonymizer.anonymize("My polish phone number is 666555444")
    'My polish phone number is NRGN41434238921378'

\ You can then write your own recognizers and add them to the pool of those present. How exactly to create recognizers is described in the Presidio documentation.

# Define the regex pattern in a Presidio `Pattern` object:
from presidio_analyzer import Pattern, PatternRecognizer


polish_phone_numbers_pattern = Pattern(
    name="polish_phone_numbers_pattern",
    regex="(?<!\w)(\(?(\+|00)?48\)?)?[ -]?\d{3}[ -]?\d{3}[ -]?\d{3}(?!\w)",
    score=1,
)

# Define the recognizer with one or more patterns
polish_phone_numbers_recognizer = PatternRecognizer(
    supported_entity="POLISH_PHONE_NUMBER", patterns=[polish_phone_numbers_pattern]
)

\ Now, we can add recognizer by calling add_recognizer method on the anonymizer:

anonymizer.add_recognizer(polish_phone_numbers_recognizer)

\ And voilà! With the added pattern-based recognizer, the anonymizer now handles polish phone numbers.

print(anonymizer.anonymize("My polish phone number is 666555444"))
print(anonymizer.anonymize("My polish phone number is 666 555 444"))
print(anonymizer.anonymize("My polish phone number is +48 666 555 444"))
    My polish phone number is <POLISH_PHONE_NUMBER>
    My polish phone number is <POLISH_PHONE_NUMBER>
    My polish phone number is <POLISH_PHONE_NUMBER>

\ The problem is - even though we recognize polish phone numbers now, we don't have a method (operator) that would tell how to substitute a given field - because of this, in the outpit we only provide string <POLISH_PHONE_NUMBER> We need to create a method to replace it correctly: 

from faker import Faker

fake = Faker(locale="pl_PL")


def fake_polish_phone_number(_=None):
    return fake.phone_number()


fake_polish_phone_number()
    '511 622 683'

\ We used Faker to create pseudo data. Now we can create an operator and add it to the anonymizer. For complete information about operators and their creation, see the Presidio documentation for simple and custom anonymization.

from presidio_anonymizer.entities import OperatorConfig

new_operators = {
    "POLISH_PHONE_NUMBER": OperatorConfig(
        "custom", {"lambda": fake_polish_phone_number}
    )
}
anonymizer.add_operators(new_operators)
anonymizer.anonymize("My polish phone number is 666555444")
    'My polish phone number is +48 734 630 977'

Future works

  • instance anonymization - at this point, each occurrence of PII is treated as a separate entity and separately anonymized. Therefore, two occurrences of the name John Doe in the text will be changed to two different names. It is therefore worth introducing support for full instance detection, so that repeated occurrences are treated as a single object.