Case Privacy
The case-privacy policy focuses on case-number-like identifiers. Its validated action is redact, and it also adds the same case-number pattern to output redaction when this policy is present in the chain.
Phase and verdicts
- Input phase:
alloworredact - Output behavior: adds regex-based redaction for the same case-number pattern
Configuration
pack:
name: case-privacy-example
version: 1.0.0
enabled: true
policies:
chain:
- case-privacy
policy:
case-privacy:
action: redact
Supported fields
| Field | Type | Default | Notes |
|---|---|---|---|
action | string | redact | The only accepted value is redact. |
detect_patterns | string[] | [] | Accepted by the schema, but the current input and output paths use the fixed case-number regex below. |
What the detector matches
The detector looks for identifiers shaped like:
Case No. ABC-1234incident # XYZ-9001report number 2024-CV-00123
It does not parse party names or dedicated docket-name categories.
How it works
- The input phase joins the request messages and checks a single regex for
case|incident|reportidentifiers. - If the regex matches, the input verdict is
redact. - Independently, when
case-privacyis present in the chain, the gateway adds the same regex to the output redaction configuration. - If the model response contains a matching identifier, the gateway records an output-phase redaction result.
Important behavior notes
- The schema accepts
detect_patterns, but the detector uses the fixed case-number pattern above; changing that list does not customize matching. - Party-name and docket-specific detection are not separate supported categories.
- Output handling uses the same case-number pattern and redacts matching text.
Example scenarios
Redact matching identifiers
policy:
case-privacy:
action: redact
Best practices
- Use
action: redactwhen case identifiers must not reach the provider or caller unchanged. - Pair
case-privacywithpii-detectorwhen requests can also contain personal data beyond case IDs. - Test against the actual regex pattern you expect to see in prompts and responses.
Next steps
- CJIS Mode policy — authentication and audit controls for sensitive law-enforcement workflows
- PII Detector policy — broader personal-data protection
- Policies overview — policy chain architecture