PII Handling in AI Systems
Establish controls governing how personally identifiable information is handled when it flows through AI inputs, outputs, training pipelines, and logs.
Objective
Protect individuals' privacy rights and comply with data protection regulations by ensuring PII in AI systems is handled with appropriate safeguards.
Maturity Levels
Initial
PII handling in AI systems is uncontrolled; no policies or technical measures exist.
Developing
Privacy awareness exists but PII handling controls are inconsistent across AI use cases.
Defined
Documented PII handling rules apply to all AI use cases, specifying permitted uses, retention limits, and required safeguards.
Managed
PII flows through AI systems are mapped and monitored; incidents are tracked.
Optimizing
Automated PII detection and enforcement reduce reliance on manual controls; privacy impact assessments are standard for new AI deployments.
Evidence Requirements
What an auditor or assessor would expect to see for this control.
- —Data processing inventory documenting where PII enters, is processed, and is stored across AI systems
- —Technical controls configuration (PII detection, pseudonymization, access controls) with sample test results
- —DPIA or privacy impact assessment for AI systems processing significant volumes of personal data
- —Subject access and erasure request records showing personal data was located and deleted appropriately
- —DPO review or sign-off records for AI systems assessed as high personal data processing risk
Implementation Notes
Key steps
- Map PII flows before deploying any AI system: what personal data enters the prompt, is processed by the model, appears in the output, and is stored in logs?
- Implement data minimization at the prompt level — many AI use cases can be satisfied with anonymized or pseudonymized inputs.
- Review vendor data processing terms: understand whether your AI provider processes prompts as a data processor under GDPR and ensure a DPA is in place.
- Conduct a DPIA for AI systems that process sensitive personal data at scale.
Example Implementation
HR platform using AI to summarize candidate interview notes and flag potential issues
PII Handling Controls — Candidate Summarization System
PII data flow map:
| Stage | PII Present | Control Applied |
|---|---|---|
| Input (interview notes) | Name, contact info, age indicators | Names replaced with [CANDIDATE] before sending to model API |
| Model API call | Pseudonymized input | Zero-retention API tier; no training data use; DPA in place |
| Output (summary) | May contain inferred sensitive info | Output reviewed by recruiter before storage |
| Log storage | Session ID, pseudonymized input hash | No raw PII in logs; 30-day TTL |
| Fine-tuning | Historical summaries | Not used; dedicated opt-out documented |
DPIA status: Completed 2026-01-15 for this use case — identifies residual risk as Low after controls applied
Data processor agreement: Signed DPA with model API provider on file (executed 2025-11-01)
Deletion requests: Recruiter can trigger deletion of all summaries for a candidate via HR system; deletion propagated within 48 hours
Control Details
- Control ID
- DGC-002
- Domain
- Data Governance
- Typical owner
- Privacy / Compliance / AI Engineering
- Implementation effort
- Medium effort
- Agent-relevant
- Yes