ccpa
Adaptive PII Mitigation Framework for Large Language Models
Asthana, Shubhi, Mahindru, Ruchi, Zhang, Bing, Sanz, Jorge
Artificial Intelligence (AI) faces growing challenges from evolving data protection laws and enforcement practices worldwide. Regulations like GDPR and CCPA impose strict compliance requirements on Machine Learning (ML) models, especially concerning personal data use. These laws grant individuals rights such as data correction and deletion, complicating the training and deployment of Large Language Models (LLMs) that rely on extensive datasets. Public data availability does not guarantee its lawful use for ML, amplifying these challenges. This paper introduces an adaptive system for mitigating risk of Personally Identifiable Information (PII) and Sensitive Personal Information (SPI) in LLMs. It dynamically aligns with diverse regulatory frameworks and integrates seamlessly into Governance, Risk, and Compliance (GRC) systems. The system uses advanced NLP techniques, context-aware analysis, and policy-driven masking to ensure regulatory compliance. Benchmarks highlight the system's effectiveness, with an F1 score of 0.95 for Passport Numbers, outperforming tools like Microsoft Presidio (0.33) and Amazon Comprehend (0.54). In human evaluations, the system achieved an average user trust score of 4.6/5, with participants acknowledging its accuracy and transparency. Observations demonstrate stricter anonymization under GDPR compared to CCPA, which permits pseudonymization and user opt-outs. These results validate the system as a scalable and robust solution for enterprise privacy compliance.
C3PA: An Open Dataset of Expert-Annotated and Regulation-Aware Privacy Policies to Enable Scalable Regulatory Compliance Audits
Musa, Maaz Bin, Winston, Steven M., Allen, Garrison, Schiller, Jacob, Moore, Kevin, Quick, Sean, Melvin, Johnathan, Srinivasan, Padmini, Diamantis, Mihailis E., Nithyanand, Rishab
The development of tools and techniques to analyze and extract organizations data habits from privacy policies are critical for scalable regulatory compliance audits. Unfortunately, these tools are becoming increasingly limited in their ability to identify compliance issues and fixes. After all, most were developed using regulation-agnostic datasets of annotated privacy policies obtained from a time before the introduction of landmark privacy regulations such as EUs GDPR and Californias CCPA. In this paper, we describe the first open regulation-aware dataset of expert-annotated privacy policies, C3PA (CCPA Privacy Policy Provision Annotations), aimed to address this challenge. C3PA contains over 48K expert-labeled privacy policy text segments associated with responses to CCPA-specific disclosure mandates from 411 unique organizations. We demonstrate that the C3PA dataset is uniquely suited for aiding automated audits of compliance with CCPA-related disclosure mandates.
From Open Access to Guarded Trust
In the golden age of software engineering, data was an open book. Engineers had almost unlimited access to the information, enabling them to glean insights, refine products, and optimize system performance with relative ease. Consider the rise of platforms such as Facebook and Google, which in their early stages benefited significantly from vast datasets and harnessing user information to improve experiences, refine algorithms, and even predict user behaviors. For companies such as Amazon, customer data was not just for user experience; it was central to building recommendation systems that, to this day, account for a significant percentage of its sales. This access, however, was a double-edged sword. While data-driven insights propelled tech giants to unprecedented heights, they also led to privacy debacles.
Prompt Tuning Pushes Farther, Contrastive Learning Pulls Closer: A Two-Stage Approach to Mitigate Social Biases
Li, Yingji, Du, Mengnan, Wang, Xin, Wang, Ying
As the representation capability of Pre-trained Language Models (PLMs) improve, there is growing concern that they will inherit social biases from unprocessed corpora. Most previous debiasing techniques used Counterfactual Data Augmentation (CDA) to balance the training corpus. However, CDA slightly modifies the original corpus, limiting the representation distance between different demographic groups to a narrow range. As a result, the debiasing model easily fits the differences between counterfactual pairs, which affects its debiasing performance with limited text resources. In this paper, we propose an adversarial training-inspired two-stage debiasing model using Contrastive learning with Continuous Prompt Augmentation (named CCPA) to mitigate social biases in PLMs' encoding. In the first stage, we propose a data augmentation method based on continuous prompt tuning to push farther the representation distance between sample pairs along different demographic groups. In the second stage, we utilize contrastive learning to pull closer the representation distance between the augmented sample pairs and then fine-tune PLMs' parameters to get debiased encoding. Our approach guides the model to achieve stronger debiasing performance by adding difficulty to the training process. Extensive experiments show that CCPA outperforms baselines in terms of debiasing performance. Meanwhile, experimental results on the GLUE benchmark show that CCPA retains the language modeling capability of PLMs.
Data governance platform Collibra raises $250M
Collibra, a data governance and intelligence platform that helps businesses unlock insights from disparate data sources, has raised $250 million in a series G round of funding at a $5.25 billion valuation. Founded out of Belgium in 2008, Collibra develops various products that constitute part of what Collibra calls its data intelligence cloud, allowing both technical and business users to collaborate and combine data silos to find hidden meaning in their wealth of information. This includes data catalog, which is for discovering and classifying data; data privacy, which serves centralized tooling to address regulatory requirements; data lineage, which maps relationships between applications and systems; data quality, and data governance. "Collibra is a new approach to the [data] complexity problem, offering a single system of data engagement that supports data modernization, digital transformation, compliance and privacy," Collibra CEO Felix Van de Maele told VentureBeat. "Collibra makes sure everyone in an organization is working with the same set of information -- we offer the only platform that can unite an entire organization by delivering accurate data for every use, for every user and across every source."
Building Legal Datasets
Data-centric AI calls for better, not just bigger, datasets. As data protection laws with extra-territorial reach proliferate worldwide, ensuring datasets are legal is an increasingly crucial yet overlooked component of ``better''. To help dataset builders become more willing and able to navigate this complex legal space, this paper reviews key legal obligations surrounding ML datasets, examines the practical impact of data laws on ML pipelines, and offers a framework for building legal datasets.
GDPR, CCPA, and the AI Explainability Question - DATAVERSITY
In most large organizations, artificial intelligence (AI) and machine learning (ML) are powering key business functions, from big data analytics and customer service to fraud detection and personalized marketing. Insights that AI and ML can produce are powerful, but it's often difficult, if not impossible, to explain how these algorithms arrived at them. This limitation could pose significant problems for compliance with the EU's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other laws governing data and privacy. Let's look at GDPR first. When an automated process such as AI or ML makes a decision about an individual based on personal data, GDPR requires the organization to supply an explanation if requested.
Americans are getting really creeped out by devices eavesdropping on them and tracking them
You've heard it a million times: Americans don't care about our online privacy. Turns out that's not really true. Anxiety levels over privacy and security are peaking as the relentless collection of online data and the steady drumbeat of data incursions and breaches take a toll. People are worried like never before about eavesdropping by smart home devices such as Google Home and the Amazon Echo or having their microphone tapped to target them with personalized ads and increasingly they want a say over how their personal information gets used, according to a survey released Tuesday to observe Data Privacy Day. More than 8 in 10 American adults expect to have control over how a business handles their data, the survey released by privacy firm DataGrail found.
CCPA, PII and NLP
NER is the task of identifying things like names, organizations, locations, dates/times etc. NER is can used to identify some of the personal information contained within text data. So one can train a deep learning model to classify each word in a sentence either as one of the named entities or not. However, there are several libraries which come with pre-trained models for NER task. Identifying the PII information is very important as it can help in fast retrieval of such information, properly securing the information (by encryption etc) and also controlling access to such information. The Stanford core NLP is a popular NLP library written in Java and comes with pre-trained for various NLP tasks like POS (Part of Speech), NER etc for English and several other languages.
Was anyone ever so young? What 10 years of my Instagram data revealed
In the 10 days leading up to Christmas this year, I searched on Instagram for three of my exes, an acquaintance I met on a trip to Cuba four years ago, an account dedicated to astrology memes, a past roommate, my own dog's account (@lucythetherapypup), my best friend's sweater-wearing poodle, a famous Pomeranian who lives in New York, a bird named Parfait I recently met at a San Francisco market, 10 contestants of the reality TV show Love Island, and the hashtag #wienerdog. I know all of this because Instagram told me. That's because this month, I submitted a data request under California's new privacy law to see just how much information the company has on me. What I got was a wide-ranging look at how my life has changed in the last 10 years since I first logged on to Instagram, and a window into what the company is willing to share about what it knows about me. Under the California Consumer Privacy Act, I have the right to demand companies disclose "any personal information" they collect about me and request a copy of that information.