The CISA Automated Personally Identifiable Information (PII) Detection and Human Review Process incorporates descriptive, predictive, and prescriptive analytics. Automated PII Detection leverages natural language processing tasks including named entity recognition coupled with Privacy guidance thresholds to automatically detect potential PII from within Automated Indicator Sharing submissions. If submissions are flagged for possible PII, the submission will be queued for human review where the analysts will be provided with the submission and artificial intelligence-assisted guidance to the specific PII concerns. Within human review, analysts can confirm/deny proper identification of PII and redact the information (if needed). Privacy experts are also able to review the actions of the system and analysts to ensure proper performance of the entire process along with providing feedback to the system and analysts for process improvements (if needed). The system learns from feedback from the analysts and Privacy experts.
Through the incorporation of the automated PII detection, CISA complies with Privacy, Civil Rights and Civil Liberties requirements of CISA 2015 and scaled analyst review of submissions by removing false positives and providing guidance to submission to be reviewed. Through continual audits CISA will maintain integrity and trust in system and human processes. For more information, please visit: https://www.cisa.gov/ais.