Back to course overview
Module 3Guardrails & safety 13 min

PII & compliance

Customers will paste everything at your agent: minimization, redaction-before-logging, retention, and the disclosure/consent floor that varies by jurisdiction but never by mood.

Customers treat chat boxes like confessionals: card numbers, home addresses, health details, other people's information — pasted unprompted into your transcript logs. The agent didn't ask; you're still holding it. Here's the reframe for a no-code learner: you won't build the redaction pipeline or retention system — you'll make sure they exist. PII discipline for customer agents is four habits, all boring, all load-bearing — and below, each is written as a demand to put to your engineering and legal teams, not a system you code yourself. Here's what to require:

  • Require minimization. Specify that the agent requests the least identifying datum that does the job — order number beats email beats name+address — and that it never asks for payment card data in chat, full stop; payments have their own rails for exactly this reason. This part you own directly: write the 'may ask for' list into the brief.
  • Require redaction before logging. Transcripts are gold for improvement (Module 5) and radioactive raw. Demand of engineering a pipeline between conversation and storage that scrubs card-number patterns, government IDs, and unneeded contact details — automatically, before write, not in a quarterly cleanup. What was never stored can't leak, be subpoenaed, or end up in a fine-tuning set by accident. Your job is to make this a stated requirement and verify it holds (the transcript test below).
  • Require a retention clock. Ask legal to define a lifetime tied to purpose (quality review: 90 days is a common posture; disputes: per your legal hold rules), then have engineering make transcripts age out automatically. 'We keep everything forever' is not a policy; it's a liability schedule.
  • Require that deletion rights reach transcripts. A customer's 'delete my data' request must reach chat transcripts too — which means transcripts must be indexed by customer where authenticated, and your data-subject-request process must know this store exists. Confirm both with the teams that own them. (If you took Data Foundations, this is entity resolution again; if you didn't, the whole idea fits in the line that follows — you can't delete what you can't find.)

The compliance floor (know it, then delegate the ceiling)

  • Disclosure: multiple jurisdictions now require bots that talk to consumers to say they're bots. You did this in Module 1 for product reasons; the law agrees. Keep it unmissable.
  • Consent & recording notices: transcript retention may trigger the same notice obligations as call recording in some places — one banner line, cleared with counsel, covers it.
  • Sector rules ride along: an agent touching health, finance, kids, or employment inherits that sector's rules no matter how casual the chat feels. If your agent is anywhere near these, the scope contract shrinks and counsel joins the review — this is the 'regulate the use, not the tech' pattern from the leadership courses (if you haven't taken them, the one-sentence version is right here: the law follows what the AI is used for, not the fact that it's AI, so a chatbot in a regulated domain inherits that domain's rules).
  • Vendor terms matter twice: the model provider processes customer PII → data-processing agreement, retention terms, no-training flags. Procurement did this for approved tools; your agent must actually use the approved configuration.
The transcript test

Quarterly, pull 20 random (redacted) transcripts and read them as a privacy regulator: What did we collect? Did we need it? Did the redaction hold? Would any exchange embarrass us in a filing? Twenty minutes, and it catches drift the dashboards can't — like the agent that started asking for emails 'to be helpful' after a prompt edit nobody flagged as a privacy change. (Config changes are control changes. Finance course students may now nod.)