PII Redaction & Logging Policy Builder
Protect user privacy in application logs.
PII Redaction
const PII_PATTERNS = { email: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+.[A-Z|a-z]{2,}\b/g, ssn: /\b\d{3}-\d{2}-\d{4}\b/g, phone: /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g, creditCard: /\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b/g, };
function redactPII(message: string): string {
let redacted = message;
Object.entries(PII_PATTERNS).forEach(([type, pattern]) => {
redacted = redacted.replace(pattern, [REDACTED_${type.toUpperCase()}]);
});
return redacted;
}
// Safe logging logger.info(redactPII(`User registered: ${email}`)); // Output: "User registered: [REDACTED_EMAIL]"
Logging Policy
Logging Policy
✅ DO Log
- Request IDs
- User IDs (hashed)
- HTTP status codes
- Response times
- Error types
- Feature flags
❌ DON'T Log
- Passwords
- Credit card numbers
- SSNs
- API keys
- Full emails (hash first)
- Full names
- Addresses
Output Checklist
-
Redaction rules defined
-
Logging policy documented
-
Safe logger wrapper
-
Team trained
-
Log monitoring ENDFILE