Agen for Work provides predefined data masking types organized by regulatory compliance framework. When creating a data protection policy, you select which categories of sensitive data to detect and mask in tool responses before they reach AI agents.
Each category maps to a specific compliance framework and contains multiple data type definitions that Agen for Work can detect and redact automatically.
39 predefined types covering health-related identifiers required for HIPAA compliance. Includes international variants for countries including Australia, Canada, Germany, and the Netherlands.
| Data type | Description |
|---|---|
| Au Medicare | Australian Medicare card numbers |
| Canada Health Service Number | Canadian provincial health service identifiers |
| Canada Personal Health Id Number Phin | Canadian personal health identification numbers |
| Canada Social Insurance Number | Canadian social insurance numbers |
| Dutch Bank Account Number | Dutch banking account identifiers |
| Email Address | Email addresses in any standard format |
| Germany Drivers License Number | German driver's license numbers |
| Germany Id Number | German national identity card numbers |
| Germany Passport Number | German passport numbers |
And 30 additional types covering insurance numbers, medical record identifiers, national health IDs, and other protected health information across jurisdictions.
Use Select all in the PHI category to apply all 39 types at once.
General personally identifiable information types applicable across industries and jurisdictions. Covers the most commonly regulated personal data categories:
- Social security numbers
- Driver's license numbers
- Passport numbers
- Financial account numbers
- National identification numbers
- Date of birth identifiers
- Physical address components
Data types regulated under the EU General Data Protection Regulation. Focused on personal data of EU residents and data subjects, including:
- Full names and name components
- Physical addresses and location data
- National IDs and tax numbers specific to EU member states
- Biometric data identifiers
- Online identifiers (where applicable)
Payment card data types required to be protected under PCI DSS compliance:
- Primary account numbers (credit and debit card numbers)
- CVV and card verification codes
- Cardholder names
- Card expiration dates
- Full magnetic stripe data
Data types specific to the privacy rights of California residents under CCPA. Covers categories of personal information defined by the Act, including:
- Identifiers such as real name, alias, postal address, and email
- Commercial information (purchase history, financial records)
- Geolocation data
- Professional or employment-related information
Personal information related to children under 13, regulated under the US Children's Online Privacy Protection Act:
- Child's name and contact information
- Persistent identifiers that can be used to track a child
- Geolocation information precise enough to identify a street address
When a data protection policy is active and its targeting conditions match a tool call:
- Agen for Work receives the tool response from the connected SaaS API.
- The response is scanned for patterns matching the selected data types.
- Detected sensitive values are replaced with masked equivalents — for example,
***-**-1234for a Social Security number, or****@****.comfor an email address. - The masked response is returned to the AI agent.
The original data is never stored by Agen for Work and never reaches the AI agent or AI platform.
A single data protection policy can include data types from multiple categories. For example:
- A healthcare organization might combine PHI and PII to cover both HIPAA requirements and general personal data.
- A company operating in the EU might combine GDPR and PCI DSS to protect both European personal data and payment card information.
- A platform serving California users might combine CCPA and PII for comprehensive California compliance coverage.
Use the Select all option within each category to quickly enable all types in that category, then refine by deselecting types that are not relevant to your use case.
- Data protection overview — How to create and manage data protection policies
- Policies — Access control policies that govern tool usage