Skip to main content
This is an interactive notebook. You can run it locally or use the links below:
In this guide, you learn how to use W&B Weave while ensuring your Personally Identifiable Information (PII) data remains private. Protecting PII helps you meet privacy and compliance requirements while still benefiting from LLM tracing and evaluation. This guide is intended for developers integrating Weave into LLM applications that process sensitive user data. The guide demonstrates the following methods to identify, redact, and anonymize PII data:
  1. Regular expressions to identify PII data and redact it.
  2. Microsoft’s Presidio, a Python-based data protection SDK. This tool provides redaction and replacement functionality.
  3. Faker, a Python library to generate fake data, combined with Presidio to anonymize PII data.
Additionally, you learn how to use weave.op input/output logging customization and autopatch_settings to integrate PII redaction and anonymization into the workflow. For more information, see Customize logged inputs and outputs. To get started, do the following:
  1. Review the Overview section.
  2. Complete the prerequisites.
  3. Review the available methods for identifying, redacting, and anonymizing PII data.
  4. Apply the methods to Weave calls.

Overview

The following section provides an overview of input and output logging using weave.op, as well as best practices for working with PII data in Weave.

Customize input and output logging using weave.op

Weave Ops let you define input and output postprocessing functions. With these functions, you can modify the data that is passed to your LLM call or logged to Weave. The following example defines two postprocessing functions and passes them as arguments to weave.op().

Best practices for Weave with PII data

Before using Weave with PII data, review the following best practices. They are grouped by stage of the development lifecycle, with additional guidance on encryption.

During testing

  • Log anonymized data to check PII detection.
  • Track PII handling processes with Weave Traces.
  • Measure anonymization performance without exposing real PII.

In production

  • Never log raw PII.
  • Encrypt sensitive fields before logging.

Encryption tips

  • Use reversible encryption for data you need to decrypt later.
  • Apply one-way hashing for unique IDs that you don’t need to reverse.
  • Consider specialized encryption for data you need to analyze while encrypted.

Prerequisites

Before applying any of the redaction methods, complete the following setup steps to install dependencies, configure API keys, initialize your Weave project, and load the sample data.
  1. First, install the required packages.
  1. Create API keys at:
  1. Initialize your Weave project.
  1. Load the demo PII dataset, which contains 10 text blocks.

Redaction methods overview

After you complete the Prerequisites, you can choose one of the following methods to detect and protect PII data. Each method identifies and redacts PII, and optionally anonymizes it:
  1. Regular expressions to identify PII data and redact it.
  2. Microsoft Presidio, a Python-based data protection SDK that provides redaction and replacement functionality.
  3. Faker, a Python library for generating fake data.

Method 1: Filter using regular expressions

Regular expressions (regex) are a straightforward method to identify and redact PII data. Regex lets you define patterns that can match various formats of sensitive information like phone numbers, email addresses, and social security numbers. With regex, you can scan through large volumes of text and replace or redact information without the need for more complex NLP techniques.
To test the function, run the following with a sample text:

Method 2: Redact using Microsoft Presidio

The next method involves complete removal of PII data using Microsoft Presidio. Presidio redacts PII and replaces it with a placeholder representing the PII type. For example, Presidio replaces Alex in "My name is Alex" with <PERSON>. Presidio comes with built-in support for common entities. The following example redacts all entities that are a PHONE_NUMBER, PERSON, LOCATION, EMAIL_ADDRESS, or US_SSN. The Presidio process is encapsulated in a function.
To test the function, run the following with a sample text:

Method 3: Anonymize with replacement using Faker and Presidio

Instead of redacting text, you can anonymize it by using MS Presidio to swap PII like names and phone numbers with fake data generated by the Faker Python library. For example, suppose you have the following data: "My name is Raphael and I like to fish. My phone number is 212-555-5555" After Presidio and Faker process the data, it might look like: "My name is Katherine Dixon and I like to fish. My phone number is 667.431.7379" To use Presidio and Faker together, you must supply references to your custom operators. These operators direct Presidio to the Faker functions responsible for swapping PII with fake data.
To consolidate the code into a single class and expand the list of entities to include the additional ones identified earlier, run the following:
To test the function, run the following with a sample text:

Method 4: Use autopatch_settings

You can use autopatch_settings to configure PII handling directly during initialization for one or more of the supported LLM integrations. W&B recommends this approach when you want centralized PII handling across all calls to a given integration. The advantages of this method are:
  1. PII handling logic is centralized and scoped at initialization, reducing the need for scattered custom logic.
  2. You can customize or disable PII processing workflows entirely for specific integrations.
To use autopatch_settings to configure PII handling, define postprocess_inputs or postprocess_output in op_settings for any one of the supported LLM integrations.

Apply the methods to Weave calls

Now that you’ve seen each redaction method in isolation, the following examples show how to integrate them into Weave Models and preview the results in Weave Traces. First, create a Weave Model. A Weave Model is a combination of information like configuration settings, model weights, and code that defines how the model operates. The model includes a predict function where the Anthropic API is called. Anthropic’s Claude Sonnet performs sentiment analysis while tracing LLM calls using Traces. Claude Sonnet receives a block of text and outputs one of the following sentiment classifications: positive, negative, or neutral. The model also includes the postprocessing functions to ensure that PII data is redacted or anonymized before it’s sent to the LLM. Once you run this code, you receive links to the Weave project page, as well as the specific trace (LLM calls) you ran. Use these links to verify that the postprocessing functions redacted or anonymized the input as expected before it reached the LLM.

Regex method

As a starting point, you can use regex to identify and redact PII data from the original text.

Presidio redaction method

Next, use Presidio to identify and redact PII data from the original text.
Presidio PII redaction process with identified PII entities and redacted text output

Faker and Presidio replacement method

In this example, you use Faker to generate anonymized replacement PII data and use Presidio to identify and replace the PII data in the original text.
Faker and Presidio PII replacement process with original text, identified PII, and anonymized replacement values

autopatch_settings method

In the following example, postprocess_inputs for anthropic is set to the postprocess_inputs_regex() function at initialization. The postprocess_inputs_regex function applies the redact_with_regex method defined in Method 1: Filter using regular expressions. As a result, redact_with_regex is applied to all inputs to any anthropic models.

Optional: Encrypt your data

PII data encryption process with encrypted text output and encryption key management
In addition to anonymizing PII, you can add an extra layer of security by encrypting your data with the cryptography library’s Fernet symmetric encryption. This approach ensures that even if the anonymized data is intercepted, it remains unreadable without the encryption key. The following example shows how to encrypt input text before it’s logged and decrypt it inside the model’s predict method.