Overview: What is Data Shield Detect?
Data Shield Detect is an advanced privacy feature on the GovAI platform. Designed specifically with public sector in mind, it quickly identifies, classifies, and manages personal and sensitive data within user's threads.
With Data Shield Detect, you can:
Scan data sources for personal information (e.g., addresses, credit card details, driver IDs, license plates).
Automatically label, review, substitute, or redact sensitive information based on your organizational policies.
Set customized rules for how each data type should be handled.
Main Dashboard: Managing Data Categories
From the Data Shield page, you’ll see an overview of data categories and their current protection status (Enabled/Disabled):
Examples of detectable categories:
Address
Age
Credit or Debit CVV
Credit or Debit Card Number
Credit or Debit Expiry
Driver ID
Email
License Plate
International Bank Account Number (IBAN)
MAC Address
(Overall there are 24 unique elements that can be detected by Data Shield)
For each category, you’ll find:
Status (Enabled or Disabled)
Action buttons: Manage
A brief description of how the data type is being managed (Review, Redact, Substitute, Risk indicators)
To customize how GovAI handles a category, click Manage for that entity.
Customizing Protection for Each Data Category
When managing a specific category (e.g., Address), you’ll be presented with several configuration options:
1. User Action Required
When a user enters their prompt the Data Shield runs a scan of the prompt against the Data Shield settings. The User Action Requires configuration determines what should happen if a user tries to submit a prompt containing this type of data:
Allow: The prompt is submitted with no intervention.
Notify: The user is notified about the presence of sensitive data, the user then decides whether or not to proceed with processing the prompt
Block: The prompt cannot be submitted if it includes this data type.
2. System Action To Complete
Once the User Action is completed, the System then performs an action determined by the setting described below. These settings control how GovAI will handle the detected data within prompts. Choose from:
Keep: Leave the detected data unchanged.
Substitute: Replace detected data with a placeholder.
Redact: Completely replace the detected data with asterisks.
You may also click on Apply Recommendations to configure the Data Category based on best practices observed by GovAI’s team across numerous public sector organizations.
3. Risk Flagging
Optionally, you can instruct Data Shield to flag this kind of detection as a risk. Flagging a Data Shield element as 'Risk' does two things:
a) Send an alert email to pre-configured users to notify them of Data Shield's detection
b) Update the Risk Centre dashboard showing the Data Shield element detected and the user who entered it
Example: 'Credit or Debit Card Number' Entity Configuration
For the Credit or Debit Card Number category, you might choose:
User Action: Review (user gets notified if an address is detected).
System Action: Substitute (replace address with a generic placeholder in outputs).
Risk: Flag if detected, for alerting and reporting.
Based on these settings if a user inputs a Credit or Debit Card Number Data Shield will notify the user of the presence of sensitive data in the prompt. The user can then edit or keep their prompt unchanged, and then submit their prompt.
Once the user submits the prompt, Data Shield will run another scan. If Credit or Debit Card Number is detected, Data Shield will then Substitute the number with the token [Credit or Debit Card Number]. After the Substitution is made, the prompt is then sent to GovAI for processing.
Saving and Applying Changes
Don’t forget to click Save after configuring each category.
Use Apply Recommendations to quickly set the most the system-recommended configurations.
How Data Shield Scans Prompts and Files
Data Shield scans the text within a user prompt to identify any potential risks based on its configured settings.
For file attachments, scanning behavior depends on the size of the file:
Smaller files (typically a few pages) are scanned immediately.
Larger files are first sampled and scanned against the current Data Shield settings. The user is notified of the presence of any Data Shield findings within the sample, and they can then proceed with processing their prompt. At the same time the file is queued for full scanning.
Once the full scan is complete, the results are made available in the Risk Centre and any relevant Data Shield Alerts are sent.
This approach ensures efficient risk analysis while maintaining performance, especially for large or complex documents.