Enabling PII

Luma Virtual Agent allows administrators to enable PII detection at the tenant level to enhance data security and privacy compliance. This setting ensures that PII information are identified and managed effectively within conversations and stored data.

Steps to Enable PII Detection

Follow the steps below to enable PII detection for a tenant:

1. Navigate to Tenant Settings

   • Log in to Luma VA as an administrator.

   • Go to the Tenant settings page.

2. Access Tenant Information

   • On the Tenant Settings screen, select the Tenant Information tab.

3. Edit Tenant Settings

   • Click on the Edit button on the Tenant Information page.

4. Enable PII Detection

   • In the Settings section, locate the 'Enable PII' option.

   • Enable the setting.

5. Save Changes

   • Click Save to apply the changes.

Open

Once enabled, Luma VA starts detecting and handling PII information as per the available PII recognizers configured in the system.

Detecting PII

Once PII is enabled, Luma VA automatically detects and masks configured PII information in the following scenarios to ensure compliance and protect sensitive information:

1. Conversation History
   Luma masks PII in Conversation History and Debug Logs to ensure the administrators cannot view user PII information while debugging issues. This prevents accidental exposure of sensitive data during troubleshooting or analysis.

2. Luma AI Services- LLM Prompts
   Luma ensures that NO PII information is included in prompts sent to Large Language Models (LLMs). This guarantees that customer information remains secure within Luma’s environment and is not shared externally, maintaining data privacy and compliance.

3. User and Bot Conversations
   During live interactions, Luma automatically masks any PII data displayed to the user. This prevents accidental exposure of sensitive information, ensuring that both users and administrators only see masked or redacted data.

4. Conversation Reports:
   PII entities are masked in all conversation reports generated from the Luma Dashboard. When administrators or analysts view or download these reports, any detected PII (e.g., email addresses, phone numbers, or SSN) is replaced with masked identifiers such as [EMAIL_ADDR], [PHONE_NUMBER], or [US_SSN]. This ensures that sensitive information is not exposed in reports, even when shared with internal or external stakeholders.

By implementing these measures, Luma VA ensures that PII is protected across all touchpoints, maintaining compliance with global privacy standards and fostering trust among users. For more information on available PII recognizers configured in the tenant, refer to:

• Out-of-the-box PII Recognizers

• Custom PII Recognizers

Masking PII

Luma Virtual Agent identifies and masks PII in real-time during user and bot conversations based on the configured PII identifiers. During a conversation, if Luma detects a configured PII (e.g., SSN, Email Address), it replaces the actual data with a masked version. For example:

Original Text: Please contact me at john.doe@example.com
Masked Text: Please contact me at [EMAIL_ADDR]

The masked text shows the type of PII identifier matched (e.g., [EMAIL_ADDR], [PHONE_NUMBER], [US_SSN]), ensuring that sensitive information is not exposed. In conversation logs, Luma marks PII entities with a lock icon (🔒) to indicate that the data has been identified and masked. Administrators can view the logs for debugging purposes but will only see the masked data, ensuring that sensitive information remains protected.

The masked data is encrypted and securely stored in the database. While only the masked information is visible on the user interface (UI), Luma retains the ability to use the actual data for integrations and task executions when necessary. This ensures that sensitive information is protected from unauthorized access while still enabling seamless functionality for critical workflows.

This ensures that PII is consistently masked across all interactions, maintaining compliance and safeguarding user privacy.

Open