PII Classes define the detection patterns used by PII Scanner agents to identify sensitive data during scans. Each class consists of a regular expression pattern applied to file content โ when a match is found, the result is forwarded in real time to the configured target destination. Only enabled PII classes are available for selection when creating scan jobs and schedules.
Understanding PII Classes:
PII Classes are reusable detection rules managed centrally on the PII Scanner Server. Administrators define and maintain the class library here, and agents apply the selected classes when executing scan jobs. Classes can be enabled or disabled without deleting them, allowing the library to be maintained over time without losing configuration history.
Supported class types:
| Class Type | Description |
| PII | Personally Identifiable Information |
| PHI | Protected Health Information |
| Sensitive | Sensitive organizational data |
| Confidential | Confidential business information |
| Private | Private personal information |
Accessing PII Classes:
- Log in to the PII Scanner Server web interface at https://<server-name>:52766
- Navigate to PII Classes in the main navigation
The PII Classes page displays all configured detection rules with their name, class type, pattern, description, and enabled status.
Adding a new PII Class:
- Click Add Class
- Configure the class details:
Class Name: A descriptive name identifying the type of sensitive data this class detects:
Examples:
Social Security Number
Credit Card Number
Medical Record Number
Employee ID
Class Type: Select the appropriate category for this class:
- PII
- PHI
- Sensitive
- Confidential
- Private
Pattern (Regex): Enter the regular expression used to identify matches in file content. Patterns are entered as raw regular expressions without surrounding delimiters or flags:
Examples:
SSN: \b\d{3}[-\s]?\d{2}[-\s]?\d{4}\b
Credit Card: \b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14})\b
Email: \b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b
Phone: \b(\+1[-\s]?)?\(?\d{3}\)?[-\s.]?\d{3}[-\s.]?\d{4}\b
Description: A brief explanation of what this class detects and any relevant notes about the pattern:
Example: Detects US Social Security Numbers in XXX-XX-XXXX and XXXXXXXXX formats
Enabled: Controls whether this class is available for selection when creating scan jobs and schedules. Only enabled classes appear in the job creation interface.
- Click Save
Editing an existing PII Class:
- Locate the class in the PII Classes list
- Click the Edit icon
- Modify the class name, type, pattern, description, or enabled status as needed
- Click Save
Test any modified regex patterns against sample data before using them in production scans to confirm they match the intended data and do not produce excessive false positives.
Enabling and disabling PII Classes:
To enable or disable a class without deleting it:
- Locate the class in the PII Classes list
- Click the Edit icon
- Toggle the Enabled setting
- Click Save
Disabled classes are not available for selection in scan jobs or schedules but are retained in the system and can be re-enabled at any time.
Only enabled PII classes are available when creating jobs and schedules. If a class is not appearing in the job creation interface, confirm it is set to Enabled.
Deleting a PII Class:
- Locate the class in the PII Classes list
- Click the Delete icon
- Confirm the deletion
Deleting a PII class is permanent. Consider disabling the class instead if you may need it again in the future.
Writing effective regex patterns:
When creating or modifying PII class patterns keep the following in mind:
Use word boundaries to avoid partial matches:
# Without boundary โ matches “123456789” inside “9123456789”
\d{9}
# With boundary โ only matches standalone 9-digit sequences
\b\d{9}\b
Build in format flexibility: Real-world data is not always consistently formatted. SSNs may appear with or without dashes, phone numbers may use spaces, dots, or dashes as separators:
# Matches SSN with or without dashes
\b\d{3}[-\s]?\d{2}[-\s]?\d{4}\b
Keep patterns specific enough to avoid false positives: A pattern that is too broad will match unintended content and generate noise in scan results. Test patterns thoroughly with representative sample data before activating them in production scans.
[Your administrator should involve your legal and compliance teams when defining PII class patterns for regulated data types to ensure alignment with your compliance obligations.]
Recommended starting PII Classes:
| Class Name | Class Type | Notes |
| Social Security Number | PII | US SSN in common formats |
| Credit Card Number | PII | Major card formats |
| Email Address | PII | Standard email format |
| Phone Number | PII | US and international formats |
| Date of Birth | PII | Common date formats |
| Medical Record Number | PHI | Common MRN formats |
| Health Insurance ID | PHI | Common insurance ID formats |
[Your administrator should review this list against your organization’s specific compliance requirements and add any custom classes needed for organization-specific sensitive data types.]
Best practices:
- Review and validate all PII class patterns before using them in production scans
- Disable rather than delete classes that are temporarily not needed โ this preserves the pattern for future use
- Use descriptive class names and descriptions so other administrators understand what each class detects without needing to read the regex pattern
- Test new regex patterns against representative sample data before activating them
- Assign class types accurately โ correct classification helps with compliance reporting in LT Auditor-MP
- Review the PII class library regularly and update patterns if data formats in your organization change over time
[Your administrator should document the purpose and expected output of each custom PII class so the library is auditable and can be maintained by any team member.]