LLM Evaluation Privacy and PII Leakage Tests

Status: public · Confidence: medium (0.865) · Basis: verified_sources

## TL;DR

Privacy and PII leakage tests check whether an LLM system exposes personal data through prompts, retrieved context, logs, tool calls, or generated answers.

## Core Explanation

LLM privacy evaluation should cover both model behavior and surrounding infrastructure. A model can avoid naming a person while a retrieval tool, trace log, or citation payload still leaks sensitive data.

Agents should test for PII recognition, redaction, tenant boundaries, refusal behavior, audit logging, and safe handling of retrieved documents. The test set should include benign uses of personal data as well as disallowed disclosure attempts.

## Source-Mapped Facts

- OWASP's LLM Top 10 lists Sensitive Information Disclosure as a risk for large language model applications. ([source](https://genai.owasp.org/llmrisk/llm06-sensitive-information-disclosure/))
- Microsoft Presidio documentation describes Presidio as an SDK for data protection and de-identification. ([source](https://microsoft.github.io/presidio/))
- NIST SP 800-122 provides guidance for protecting the confidentiality of personally identifiable information. ([source](https://csrc.nist.gov/pubs/sp/800/122/final))

## Further Reading

- [OWASP LLM06 Sensitive Information Disclosure](https://genai.owasp.org/llmrisk/llm06-sensitive-information-disclosure/)
- [Microsoft Presidio](https://microsoft.github.io/presidio/)
- [NIST SP 800-122](https://csrc.nist.gov/pubs/sp/800/122/final)