Document Processing · CSV / CRM PII

Find the regulated columnthat isn't handled.

A column-aware PII readiness check for CSV and CRM exports. It reads your table, classifies each column by the kind of PII it holds, and checks whether that column is protected to the minimum its class requires — and one exposed regulated column is enough to hold the whole dataset.

Get the Engine — $79one-time · instant download · yours to keep
Five deliverables · runnable
Column PII detection engine
py
PII Scorecard workbook
xlsx
Column Classification Playbook
docx
Remediation Runbook
docx
Worked 8-column sample
csv
Works alongside
PII Redaction · Field Validator · Governance Starter
01.The Problem

Document scanners find a needle. Your CRM export is the whole haystack.

1 col

An exposed regulated column — every row's SSN in the clear — holds the dataset.

column

The grain that matters for tables: is this column protected across all rows?

0

AI, network, or uploads — deterministic, offline, a sample of your own export.

Text-scanning tools read a document and flag findings — an SSN here, an email there. But a CSV or CRM export isn't prose; it's columns. The right question is whether your ssn column is handled across every row, not whether one cell tripped a regex. This kit works at the column grain, and it knows that a regulated column with no protection is dispositive.

02.See It Work

Set a class, change the handling, watch the gate.

Live demo · set a column's PII class and handling

ColumnPII classHandlingVerdict
customer_idHANDLED
full_nameHANDLED
emailHANDLED
phoneHANDLED
ssnEXPOSED
dobHANDLED
planHANDLED
signup_ipHANDLED

Dataset verdict

HOLD

regulated-exposed gate FIRED on ssn

Columns

7 handled · 0 mask first · 1 exposed (6 PII, 83% handled)

Fix first: ssn

Handling either meets the minimum its class requires or it doesn't. One regulated column left EXPOSED trips the gate and holds the whole dataset — 83% handled with an open SSN column is still a HOLD. The handled-share is context only.

03.The Engine, Run

Verbatim output on the shipped 8-column CRM sample.

Seven of eight columns read HANDLED and the dataset is 83% handled — and yet the verdict is HOLD, because the one regulated column (ssn) sits with no handling and the gate is dispositive. The percentage would have told you a comforting story; the gate tells you the truth.

PII DETECTION FOR STRUCTURED DATA  (as of 2026-06-23)
======================================================================
  customer_id            class=none         handling=none             -> HANDLED
  full_name              class=low          handling=access_controlled -> HANDLED
  email                  class=moderate     handling=masked           -> HANDLED
  phone                  class=moderate     handling=access_controlled -> HANDLED
  ssn                    class=regulated    handling=none             -> EXPOSED
  dob                    class=moderate     handling=access_controlled -> HANDLED
  plan                   class=none         handling=none             -> HANDLED
  signup_ip              class=low          handling=none             -> HANDLED
----------------------------------------------------------------------
Columns: 7 HANDLED / 0 MASK FIRST / 1 EXPOSED (6 PII-bearing, 83% handled)
Regulated-exposed gate: FIRED on ssn
DATASET VERDICT: HOLD
Fix first: ssn

Flags what to handle; does NOT mask or remove anything. Reads a sample of your
own export; does not score or rank people. Lightly regulated — confirm your
regulated categories and data-handling policy with your security/compliance
owner. Not legal advice.
04.The Standard

Three rules that keep a PII check honest.

Column, not cell

A table's risk lives in its columns. Each column is classified by the PII it holds and checked across every row — not one matched cell at a time.

Required minimum, not a score

Handling either meets the minimum its class requires or it doesn't. Regulated needs strong protection; access control alone isn't enough for a regulated column.

One exposure is dispositive

Any EXPOSED regulated column forces HOLD. The handled-share % is context only — it never lets a dataset with one open SSN column call itself safe.

05.What This Is — And Isn't

A readiness flag, not a de-identifier.

It is
  • A column-level PII classifier for CSV / CRM exports.
  • A handling check against the minimum each PII class requires.
  • A runnable engine plus a workbook that reproduces the scoring.
  • Deterministic and offline — a sample of your own export, no AI, nothing uploaded.
It isn't
  • A de-identification tool — it flags; it doesn't mask, tokenize, or remove.
  • A certified compliance certification of your data.
  • A document text-scanner — that's the PII Redaction Readiness Kit.
  • A score of people; it classifies columns, not individuals.

Not legal advice. This kit flags what to handle; it does not mask, tokenize, or remove anything, and is not a certified de-identification tool. It does not score or rank people. Which categories count as regulated, and the handling each requires, vary by jurisdiction and policy — confirm your regulated categories and data-handling rules with your security or compliance owner.

06.Who It's For

Anyone exporting tables that carry PII.

  • · Data and ops teams shipping CSVs to vendors or analysts.
  • · RevOps owners exporting CRM segments and lists.
  • · Anyone handing a dataset to a tool, partner, or model.
  • · Security and compliance leads spot-checking exports.
  • · Engineers prepping training or test data that must be de-identified.
  • · Teams who need column-level PII visibility, not a cell-by-cell scan.
08.Common Questions

The questions data and compliance teams actually ask before an export leaves.

They work at different grains. The PII Redaction Readiness Kit scans unstructured document text and flags individual findings — an SSN here, an email there — before you share a file. PII Detection for Structured Data works at the column grain on tables: it classifies each whole column by the kind of PII it holds and checks whether that column is protected across every row, to the minimum its class requires. A document scanner asks “did a cell match a regex?”; this asks “is the ssn column handled, period?” For a CSV or CRM export, the column is the unit of risk, which a cell-by-cell text scan can't express. Many teams own both — the document kit for prose, this for tables.

Start here

New to the document-ops line? Run the Document Processing Pipeline Diagnostic first — it scores your workflow across six stages and routes you to the exact drop that fixes your bottleneck.

Know which columns are exposed
before the export leaves.

One purchase, lifetime access, 12 months of updates. $79, once.

Not legal advice. Flags what to handle; does not mask or remove anything, and is not a certified de-identification tool. Does not score or rank people. Confirm your regulated categories and data-handling policy with your security or compliance owner.

Sold by RedHub AI LLC · Secured by Stripe · redhub.ai