Assistant Level PII Redaction Configuration

Overview:

The Assistant Level PII Redaction Configuration feature introduces enhanced control over Personally Identifiable Information (PII) redaction within the Chat App. This feature enables bot creators to manage how their assistants handle PII, ensuring data privacy and compliance by default while allowing flexibility for specific workflows that require PII access.

Key Features:

• Assistant-Level Control:

• A new Settings & Privacy section has been added to the Create/Update Assistant panel, featuring a toggle for PII redaction.

• The default setting is "Force ON" to ensure data privacy by default. This enables automatic redaction of PII, aligning with platform compliance policies.

• Users who opt to disable redaction must provide a written justification (10-250 characters) before proceeding. This supports auditability and ensures compliance with data protection standards.

• Current Challenge:

• Platform-wide PII redaction via the LLM Gateway can be overly aggressive for workflows that require PII, such as benefits enrollment, claims lookup, and shipping tracking. This feature provides a safe, auditable method to override redaction per assistant, facilitating necessary workflow operations without compromising on compliance.

• Goals:

• Empower bot creators to decide how their assistants handle PII without requiring intervention from platform operations.

• Maintain the default behavior to uphold compliance with platform policies.

• Ensure auditability, enforce least-privilege controls, and maintain risk management guardrails.

• Scopes & Roles:

• Configuration changes can be made by Org Admins, Team Admins, and Assistant Owners, configurable through Role-Based Access Control (RBAC).

• Visibility is granted to Org Admins, Team Admins, Assistant Owners, Support Admins, and Super Admins, also configurable via RBAC.

• Product Behavior:

• Modes (Single-Select):

• Default ON (Redact PII): Redacts PII by default, even if platform settings are less strict. A default notification indicates that PII redaction is enabled for the assistant’s model calls.

• Force OFF (Allow PII): Disables redaction for the assistant’s inference traffic. A warning message informs users they are responsible for complying with their organization’s data policies. All activity is logged and monitored.

• A justification field titled “Access Justification” is required when "Force OFF" is selected. The field provides instructions and accepts free-text entries between 10 and 250 characters, explaining the reason for enabling PII.

• UX Behavior:

• Toggle button for user to Turn Off redaction:

• When turned OFF, user need to capture justification:

Benefits:

• Enhances privacy and compliance controls at the assistant level.

• Provides flexibility for workflows that need PII, while ensuring comprehensive logging and monitoring.

• Supports organizational policies and user accountability, ensuring a secure and compliant environment for handling sensitive information.

This feature empowers users to customize PII handling per assistant, aligning with organizational needs while upholding data privacy and compliance standards.