PII, short for Personally Identifiable Information, is often tricky to manage. Many countries have legislation around it. How much can you store, how can you store it, what is your procedure to wipe out all data about a given person? In some regards, the best way to deal with it is to view it as toxic waste. You want as few as possible, and you want guard rails around it not to get intoxicated.
In the case of logging, it’s best to just not log it. This way, you will never have to go back and figure out a way to prune your logs of PII. In this post, we will explore how to leverage pydantic models to avoid logging PII by accident. This post will use FastAPI for its examples, but it’s not required at all. It will take some input (including PII), log it, and return it.
Continue reading “Leveraging pydantic to avoid logging PII”