BEGIN:VCALENDAR
VERSION:2.0
X-WR-CALNAME:EventsCalendar
PRODID:-//hacksw/handcal//NONSGML v1.0//EN
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:America/New_York
LAST-MODIFIED:20240422T053451Z
TZURL:https://www.tzurl.org/zoneinfo-outlook/America/New_York
X-LIC-LOCATION:America/New_York
BEGIN:DAYLIGHT
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
CATEGORIES:College of Engineering,Thesis/Dissertations
DESCRIPTION:Thesis Advisor:  Dr. Gokhan Kul - Computer & Information Scien
 ce Committee Members:  Dr. Iren Valova - Computer & Information Science/A
 ssociate Dean, College of Engineering Dr. Joshua Carberry - Computer & Inf
 ormation Science  Abstract:  Survey research depends on respondents discl
 osing information that is identifying by design. Health studies require di
 agnoses and medication histories, labor studies require employer names and
  income, and social science studies require demographic and immigration st
 atus. This necessity creates the protection problem. Virtually all federal
 ly funded human subjects research is governed by the Common Rule (45 CFR 
 §46) and IRB oversight, with sector-specific statutes such as HIPAA, GDPR
  Article 9, CCPA, FERPA, GINA, GLBA, and others, layering additional oblig
 ations depending on institutional context. A single survey spanning health
 , financial, and demographic questions may trigger several frameworks at o
 nce, and even absent a specific statute, research ethics principles requir
 e protecting respondents from re-identification. Anonymization resolves th
 is by preserving the analytical utility while removing identifying element
 s, but existing tools force a poor choice between regex pattern matching t
 hat misses contextual and combinatorial risk, and cloud-hosted AI that can
 not legally or ethically process PHI-adjacent content. This thesis present
 s a database-agnostic anonymization pipeline that evaluates three detectio
 n methods under controlled, reproducible conditions: a regex-only detector
 , an AI-only detector using a locally hosted Ollama model for contextual r
 isk assessment, and a hybrid detector that merges both signals via an esca
 lation-only design, always selecting the higher-risk classification. Medic
 al and PHI-adjacent content is routed exclusively to local models; the pip
 eline operates uniformly across MongoDB, SQL, and file-based sources throu
 gh a shared interface; and every classification maps to a four-tier anonym
 ization-action framework (suppress, pseudonymize, generalize, keep) ground
 ed in U.S. privacy law rather than abstract sensitivity alone. Evaluated a
 gainst a 300-question ground-truth dataset spanning PII, medical, and beni
 gn content, and validated against two independent external AI annotators (
 Claude and GPT, which agreed with each other on 88.3% of labels, kappa = 0
 .850), the three pipeline detectors showed vastly different performance pr
 ofiles. The regex-only detector achieved the highest overall accuracy amon
 g pipeline strategies (57.0%) and near-perfect benign recall, but systemat
 ically under-classified RELAXED and MODERATE content and under-flagged 31.
 5% of high-risk fields. The local AI-only detector (llama3.1:8b) reached 4
 7.3% overall accuracy and under-flagged 57.5% of high-risk fields, the wor
 st of the three, but demonstrated complementary value by catching contextu
 al risk regex missed, including two STRICT financial identifiers regex sco
 red only MODERATE. The hybrid escalation only detector reached 46.7% overa
 ll accuracy while reducing high risk under-flagging to 26.0%, the lowest o
 f any pipeline detector, validating the escalation only design principle. 
 External annotators substantially outperformed all three pipeline detector
 s (76.7% and 76.0% overall accuracy, with only 9.6% and 13.7% high-risk un
 der-flagging), with the largest gap concentrated in medical content (16–
 20% versus 48–50%)—confirming that the models best suited to sensitive
  content are precisely the ones that cannot legally be used on it.The resu
 lting pipeline is intended for researchers, institutional review boards, a
 nd data stewards who must anonymize survey data before storage or sharing 
 but cannot rely on cloud-hosted AI for regulatory or ethical reasons. Beca
 use detectors are interchangeable behind a common interface, institutions 
 can adopt regex-only, AI-only, or hybrid mode as a configuration decision
 —trading speed and infrastructure cost against detection sensitivity—r
 ather than a redesign. For further information please contact Dr Gokhan Ku
 l at gkul@umassd.edu.\nEvent page: https://www.umassd.edu/events/cms/8-4-2
 6-ai-powered-personal-identifying-information-anonymization.php\nEvent lin
 k: https://teams.microsoft.com/meet/225470078366318?p=4hWIV8w4Us9lVFoi5g
X-ALT-DESC;FMTTYPE=text/html:<html><body><p>Thesis Advisor:  Dr. Gokhan Ku
 l - Computer & Information Science<br /> <br />Committee Members:</p>\n<u
 l>\n<li>Dr. Iren Valova - Computer & Information Science/Associate Dean\, 
 College of Engineering</li>\n<li>Dr. Joshua Carberry - Computer & Informat
 ion Science</li>\n</ul>\n<p>Abstract:  Survey research depends on respond
 ents disclosing information that is identifying by design. Health studies 
 require diagnoses and medication histories\, labor studies require employe
 r names and income\, and social science studies require demographic and im
 migration status. This necessity creates the protection problem. Virtually
  all federally funded human subjects research is governed by the Common Ru
 le (45 CFR §46) and IRB oversight\, with sector-specific statutes such as
  HIPAA\, GDPR Article 9\, CCPA\, FERPA\, GINA\, GLBA\, and others\, layeri
 ng additional obligations depending on institutional context. A single sur
 vey spanning health\, financial\, and demographic questions may trigger se
 veral frameworks at once\, and even absent a specific statute\, research e
 thics principles require protecting respondents from re-identification. An
 onymization resolves this by preserving the analytical utility while remov
 ing identifying elements\, but existing tools force a poor choice between 
 regex pattern matching that misses contextual and combinatorial risk\, and
  cloud-hosted AI that cannot legally or ethically process PHI-adjacent con
 tent.</p>\n<p>This thesis presents a database-agnostic anonymization pipel
 ine that evaluates three detection methods under controlled\, reproducible
  conditions: a regex-only detector\, an AI-only detector using a locally h
 osted Ollama model for contextual risk assessment\, and a hybrid detector 
 that merges both signals via an escalation-only design\, always selecting 
 the higher-risk classification. Medical and PHI-adjacent content is routed
  exclusively to local models\; the pipeline operates uniformly across Mong
 oDB\, SQL\, and file-based sources through a shared interface\; and every 
 classification maps to a four-tier anonymization-action framework (suppres
 s\, pseudonymize\, generalize\, keep) grounded in U.S. privacy law rather 
 than abstract sensitivity alone.</p>\n<p>Evaluated against a 300-question 
 ground-truth dataset spanning PII\, medical\, and benign content\, and val
 idated against two independent external AI annotators (Claude and GPT\, wh
 ich agreed with each other on 88.3% of labels\, kappa = 0.850)\, the three
  pipeline detectors showed vastly different performance profiles. The rege
 x-only detector achieved the highest overall accuracy among pipeline strat
 egies (57.0%) and near-perfect benign recall\, but systematically under-cl
 assified RELAXED and MODERATE content and under-flagged 31.5% of high-risk
  fields. The local AI-only detector (llama3.1:8b) reached 47.3% overall ac
 curacy and under-flagged 57.5% of high-risk fields\, the worst of the thre
 e\, but demonstrated complementary value by catching contextual risk regex
  missed\, including two STRICT financial identifiers regex scored only MOD
 ERATE. The hybrid escalation only detector reached 46.7% overall accuracy 
 while reducing high risk under-flagging to 26.0%\, the lowest of any pipel
 ine detector\, validating the escalation only design principle. External a
 nnotators substantially outperformed all three pipeline detectors (76.7% a
 nd 76.0% overall accuracy\, with only 9.6% and 13.7% high-risk under-flagg
 ing)\, with the largest gap concentrated in medical content (16–20% vers
 us 48–50%)—confirming that the models best suited to sensitive content
  are precisely the ones that cannot legally be used on it.<br />The result
 ing pipeline is intended for researchers\, institutional review boards\, a
 nd data stewards who must anonymize survey data before storage or sharing 
 but cannot rely on cloud-hosted AI for regulatory or ethical reasons. Beca
 use detectors are interchangeable behind a common interface\, institutions
  can adopt regex-only\, AI-only\, or hybrid mode as a configuration decisi
 on—trading speed and infrastructure cost against detection sensitivity
 —rather than a redesign.</p>\n<p>For further information please contact 
 Dr Gokhan Kul at gkul@umassd.edu.</p><p>Event page: <a href="https://www.u
 massd.edu/events/cms/8-4-26-ai-powered-personal-identifying-information-an
 onymization.php">https://www.umassd.edu/events/cms/8-4-26-ai-powered-perso
 nal-identifying-information-anonymization.php</a><br>Event link: <a href="
 https://teams.microsoft.com/meet/225470078366318?p=4hWIV8w4Us9lVFoi5g">htt
 ps://teams.microsoft.com/meet/225470078366318?p=4hWIV8w4Us9lVFoi5g</a></p>
 </body></html>
DTSTAMP:20260707T171054
DTSTART;TZID=America/New_York:20260804T153000
DTEND;TZID=America/New_York:20260804T163000
LOCATION:Microsoft Teams
SUMMARY;LANGUAGE=en-us:Database Agnostic Regex & AI Powered Personal Identi
 fying Information Anonymization Pipeline
UID:12f003b2042331e9296ba06a911528aa@www.umassd.edu
END:VEVENT
END:VCALENDAR
