View a markdown version of this page

RAIRC03-BP05 Measure privacy protection - Responsible AI Lens

RAIRC03-BP05 Measure privacy protection

Measure how well your system protects each type of confidential or personal information that your risk assessment identified as at risk. This may include detecting privacy leaks, unauthorized data access patterns, or inappropriate data retention issues your risk assessment determined to be most likely or impactful. Assess private data identification and redaction capabilities for the data types that your risk assessment prioritized and consult with your legal team on the specific privacy regulations relevant to your use case.

Level of risk exposed if this best practice is not established: High

Implementation considerations

  1. Build privacy attack tests that target the vulnerabilities your RAIBR02 risk assessment found, using both automated tools such as Promptfoo and manual testing to check for membership inference, data extraction, and prompt injections. Create standard test cases with clear success measures and document your testing methods so you can repeat them across different system versions.

  2. Set up automated detection tests that check your system's ability to find and remove the types of confidential and personal information that your risk assessment prioritized. Build testing pipelines that measure how accurately your system detects these data types.

Resources

Related documents:

Related tools: