BEGIN:VCALENDAR VERSION:2.0 X-WR-CALNAME:EventsCalendar PRODID:-//hacksw/handcal//NONSGML v1.0//EN CALSCALE:GREGORIAN BEGIN:VTIMEZONE TZID:America/New_York LAST-MODIFIED:20240422T053451Z TZURL:https://www.tzurl.org/zoneinfo-outlook/America/New_York X-LIC-LOCATION:America/New_York BEGIN:DAYLIGHT TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 DTSTART:19700308T020000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU END:DAYLIGHT BEGIN:STANDARD TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 DTSTART:19701101T020000 RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU END:STANDARD END:VTIMEZONE BEGIN:VEVENT CATEGORIES:College of Engineering,Thesis/Dissertations DESCRIPTION:Thesis Advisor: ÌýDr. Gokhan Kul - Computer & Information Scien ceÌýCommittee Members: Dr. Iren Valova - Computer & Information Science/A ssociate Dean, College of Engineering Dr. Joshua Carberry - Computer & Inf ormation Science Abstract: ÌýSurvey research depends on respondents discl osing information that is identifying by design. Health studies require di agnoses and medication histories, labor studies require employer names and income, and social science studies require demographic and immigration st atus. This necessity creates the protection problem. Virtually all federal ly funded human subjects research is governed by the Common Rule (45 CFR §46) and IRB oversight, with sector-specific statutes such as HIPAA, GDPR Article 9, CCPA, FERPA, GINA, GLBA, and others, layering additional oblig ations depending on institutional context. A single survey spanning health , financial, and demographic questions may trigger several frameworks at o nce, and even absent a specific statute, research ethics principles requir e protecting respondents from re-identification. Anonymization resolves th is by preserving the analytical utility while removing identifying element s, but existing tools force a poor choice between regex pattern matching t hat misses contextual and combinatorial risk, and cloud-hosted AI that can not legally or ethically process PHI-adjacent content. This thesis present s a database-agnostic anonymization pipeline that evaluates three detectio n methods under controlled, reproducible conditions: a regex-only detector , an AI-only detector using a locally hosted Ollama model for contextual r isk assessment, and a hybrid detector that merges both signals via an esca lation-only design, always selecting the higher-risk classification. Medic al and PHI-adjacent content is routed exclusively to local models; the pip eline operates uniformly across MongoDB, SQL, and file-based sources throu gh a shared interface; and every classification maps to a four-tier anonym ization-action framework (suppress, pseudonymize, generalize, keep) ground ed in U.S. privacy law rather than abstract sensitivity alone. Evaluated a gainst a 300-question ground-truth dataset spanning PII, medical, and beni gn content, and validated against two independent external AI annotators ( Claude and GPT, which agreed with each other on 88.3% of labels, kappa = 0 .850), the three pipeline detectors showed vastly different performance pr ofiles. The regex-only detector achieved the highest overall accuracy amon g pipeline strategies (57.0%) and near-perfect benign recall, but systemat ically under-classified RELAXED and MODERATE content and under-flagged 31. 5% of high-risk fields. The local AI-only detector (llama3.1:8b) reached 4 7.3% overall accuracy and under-flagged 57.5% of high-risk fields, the wor st of the three, but demonstrated complementary value by catching contextu al risk regex missed, including two STRICT financial identifiers regex sco red only MODERATE. The hybrid escalation only detector reached 46.7% overa ll accuracy while reducing high risk under-flagging to 26.0%, the lowest o f any pipeline detector, validating the escalation only design principle. External annotators substantially outperformed all three pipeline detector s (76.7% and 76.0% overall accuracy, with only 9.6% and 13.7% high-risk un der-flagging), with the largest gap concentrated in medical content (16– 20% versus 48–50%)—confirming that the models best suited to sensitive content are precisely the ones that cannot legally be used on it.The resu lting pipeline is intended for researchers, institutional review boards, a nd data stewards who must anonymize survey data before storage or sharing but cannot rely on cloud-hosted AI for regulatory or ethical reasons. Beca use detectors are interchangeable behind a common interface, institutions can adopt regex-only, AI-only, or hybrid mode as a configuration decision —trading speed and infrastructure cost against detection sensitivity—r ather than a redesign. For further information please contact Dr Gokhan Ku l at gkul@umassd.edu.\nEvent page: /events/cms/8-4-2 6-ai-powered-personal-identifying-information-anonymization.php\nEvent lin k: https://teams.microsoft.com/meet/225470078366318?p=4hWIV8w4Us9lVFoi5g X-ALT-DESC;FMTTYPE=text/html:

ÌÇÐÄlogoÈë¿Ú

Thesis Advisor: ÌýDr. Gokhan Ku l - Computer & Information Science
Ìý
Committee Members:

\n\n
  • Dr. Iren Valova - Computer & Information Science/Associate Dean\, College of Engineering
  • \n
  • Dr. Joshua Carberry - Computer & Informat ion Science
  • \n\n

    Abstract: ÌýSurvey research depends on respond ents disclosing information that is identifying by design. Health studies require diagnoses and medication histories\, labor studies require employe r names and income\, and social science studies require demographic and im migration status. This necessity creates the protection problem. Virtually all federally funded human subjects research is governed by the Common Ru le (45 CFR §46) and IRB oversight\, with sector-specific statutes such as HIPAA\, GDPR Article 9\, CCPA\, FERPA\, GINA\, GLBA\, and others\, layeri ng additional obligations depending on institutional context. A single sur vey spanning health\, financial\, and demographic questions may trigger se veral frameworks at once\, and even absent a specific statute\, research e thics principles require protecting respondents from re-identification. An onymization resolves this by preserving the analytical utility while remov ing identifying elements\, but existing tools force a poor choice between regex pattern matching that misses contextual and combinatorial risk\, and cloud-hosted AI that cannot legally or ethically process PHI-adjacent con tent.

    \n

    This thesis presents a database-agnostic anonymization pipel ine that evaluates three detection methods under controlled\, reproducible conditions: a regex-only detector\, an AI-only detector using a locally h osted Ollama model for contextual risk assessment\, and a hybrid detector that merges both signals via an escalation-only design\, always selecting the higher-risk classification. Medical and PHI-adjacent content is routed exclusively to local models\; the pipeline operates uniformly across Mong oDB\, SQL\, and file-based sources through a shared interface\; and every classification maps to a four-tier anonymization-action framework (suppres s\, pseudonymize\, generalize\, keep) grounded in U.S. privacy law rather than abstract sensitivity alone.

    \n

    Evaluated against a 300-question ground-truth dataset spanning PII\, medical\, and benign content\, and val idated against two independent external AI annotators (Claude and GPT\, wh ich agreed with each other on 88.3% of labels\, kappa = 0.850)\, the three pipeline detectors showed vastly different performance profiles. The rege x-only detector achieved the highest overall accuracy among pipeline strat egies (57.0%) and near-perfect benign recall\, but systematically under-cl assified RELAXED and MODERATE content and under-flagged 31.5% of high-risk fields. The local AI-only detector (llama3.1:8b) reached 47.3% overall ac curacy and under-flagged 57.5% of high-risk fields\, the worst of the thre e\, but demonstrated complementary value by catching contextual risk regex missed\, including two STRICT financial identifiers regex scored only MOD ERATE. The hybrid escalation only detector reached 46.7% overall accuracy while reducing high risk under-flagging to 26.0%\, the lowest of any pipel ine detector\, validating the escalation only design principle. External a nnotators substantially outperformed all three pipeline detectors (76.7% a nd 76.0% overall accuracy\, with only 9.6% and 13.7% high-risk under-flagg ing)\, with the largest gap concentrated in medical content (16–20% vers us 48–50%)—confirming that the models best suited to sensitive content are precisely the ones that cannot legally be used on it.
    The result ing pipeline is intended for researchers\, institutional review boards\, a nd data stewards who must anonymize survey data before storage or sharing but cannot rely on cloud-hosted AI for regulatory or ethical reasons. Beca use detectors are interchangeable behind a common interface\, institutions can adopt regex-only\, AI-only\, or hybrid mode as a configuration decisi on—trading speed and infrastructure cost against detection sensitivity —rather than a redesign.

    \n

    For further information please contact Dr Gokhan Kul at gkul@umassd.edu.

    Event page:
    Event link: htt ps://teams.microsoft.com/meet/225470078366318?p=4hWIV8w4Us9lVFoi5g

    DTSTAMP:20260717T023551 DTSTART;TZID=America/New_York:20260804T153000 DTEND;TZID=America/New_York:20260804T163000 LOCATION:Microsoft Teams SUMMARY;LANGUAGE=en-us:Database Agnostic Regex & AI Powered Personal Identi fying Information Anonymization Pipeline UID:697b1975168aef68d75e36bfddd0277b@www.umassd.edu END:VEVENT END:VCALENDAR