Sensitive Data in Voice AI: PCI‑Safe Payments, HIPAA‑Compliant PHI, Redaction & Tokenization

When handling sensitive data always start from the principle: less data, less risk. Use data minimization, strong encryption, redaction and tokenization, zero-trust access, and purpose-built flows (PCI-safe for payments, HIPAA-compliant for health). Keep sensitive values out of models and logs, limit retention, and prove controls with audits.

What counts as sensitive

1. Payment data: PAN, CVV, expiry, bank account numbers, tokens
2. Health data: PHI (diagnoses, treatments, member IDs), biometric identifiers
3. Government IDs: SSN/NIN, driver’s license, passport
4. Authentication secrets: passwords, OTPs, recovery codes
5. Special categories (GDPR): health, biometrics, racial/ethnic origin, etc.

Core principles

1. Collect the minimum necessary; only for clear, lawful purposes
2. Keep sensitive values out of transcripts, prompts, and general logs
3. Process through specialized, certified systems; never in general LLMs
4. Encrypt everywhere; restrict access rigorously; monitor continuously
5. Delete promptly according to policy; retain only what is legally required

Security foundations

1. In transit: TLS 1.2+ for signaling/APIs, SRTP/DTLS-SRTP for media
2. At rest: AES-256 with cloud KMS/HSM, per-tenant keys, periodic rotation
3. Network: private networking (VPC/PrivateLink), IP allowlists, mTLS to back-end services
4. Access: SSO/MFA, least-privilege RBAC/ABAC, just-in-time access, audited exports
5. Environment isolation: no production data in non-prod; use synthetic data for testing

Payment information (PCI DSS)

1. Scope reduction
2. DTMF masking/tone suppression to collect card data; pause/resume recording
3. Optional web handoff to a hosted payment page; keep PAN/CVV out of voice pipeline
4. Tokenization
5. Replace PAN with tokens from a PCI-certified gateway; store only tokens and last 4 digits
6. No-go list
7. Never send PAN/CVV to LLMs, transcripts, analytics, or support tickets
8. Never store CVV post-authorization
9. Evidence
10. Annual assessments (SAQ/DSS), quarterly scans, segmented network, least-privilege access
11. Receipt storage without PAN; encryption and strict retention

Health data (HIPAA and GDPR Art. 9)

1. Contracting
2. Business Associate Agreements with all PHI-handling vendors
3. Minimum necessary and segregation
4. Separate PHI stores; deny default access for non-care teams
5. De-identification
6. Remove HIPAA Safe Harbor identifiers for analytics; use limited data sets with DUAs where needed
7. Model handling
8. Do not train models on PHI; prefer VPC/on-prem inference or PHI-isolated providers
9. Logging and retention
10. Redact PHI from transcripts/logs before analytics; short TTL caches; policy-driven retention
11. Patient rights
12. Support access/amendment where applicable; secure portals for disclosures

Government IDs and KYC

1. Capture via OTP, document verification services, or masked DTMF
2. Hash or tokenize identifiers; never send raw values to general-purpose LLMs
3. Retain only as long as required by KYC/AML laws; encrypt at rest; monitor access

Redaction and masking

1. Real time
2. Detect and mask numbers that look like PAN/SSN; tone-mask in audio; pause recording during sensitive steps
3. Post processing
4. Auto-redact PII/PHI in transcripts before storage, indexing, or analytics
5. Structured capture
6. Use validators and class-based grammars to reduce miscapture; confirm critical fields back to the user without repeating full sensitive values

Model and vendor data handling

1. Default to data isolation; opt out of provider training on your data
2. Region pinning and data residency; Standard Contractual Clauses or Data Privacy Framework for cross-border transfers
3. Limit prompts to non-sensitive context; prefer retrieval from secure KBs and deterministic APIs
4. Prefer private/VPC inference for regulated workloads; monitor for prompt injection attempts and block tool misuse

Purpose limitation and lawful basis

1. Payments: legitimate interest/contract necessity; store consent for recurring charges
2. Health: explicit consent or applicable legal basis; disclose processing purposes clearly
3. Recording: comply with one/all-party consent rules; play correct disclosures by locale; log consent outcome

Retention, residency, and deletion

1. Configurable retention by data type (audio, transcripts, tokens, PHI)
2. Localize storage/processing in required regions; separate EU/UK/US
3. Automated deletion with verified erasure; immutable/WORM archives only where legally mandated (e.g., FINRA/MiFID)
4. Data subject requests: search, export, and delete across systems; documented timelines

Monitoring, audit, and incident response

1. Tamper-evident audit logs for access, exports, and admin actions; stream to SIEM
2. Real-time alerts for anomalous queries, large exports, failed mTLS, or excessive PII in prompts
3. Regular pen tests, vulnerability scans, and access reviews
4. Incident runbooks: containment, forensics, regulator/customer notification within required timelines

What to never do

1. No PAN/CVV/SSN/PHI in LLM prompts, summaries, or analytics datasets
2. No plaintext secrets in code or logs; no unsecured exports
3. No indiscriminate retention “just in case”
4. No vendor usage without DPA/BAA, deletion SLAs, and audit reports

Managing sensitive data safely is about disciplined design and operations: collect less, process through the right specialized paths, encrypt and isolate, keep values out of models and logs, and delete quickly. With these controls, you can deliver fast, helpful voice experiences without compromising privacy or compliance.