privacy concerns when working with sensitive documents using Vision API

Suli Adeniye 20 Reputation points
2024-06-03T21:31:02.36+00:00

Hi:

I am trying to extract texts from some sensitive image pdf documents using the Vision API. Any suggestions on how to ensure non-disclosure of these documents when processing them on Azure.

Thank you.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,471 questions
Azure AI Custom Vision
Azure AI Custom Vision
An Azure artificial intelligence service and end-to-end platform for applying computer vision to specific domains.
231 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,464 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 15,370 Reputation points MVP
    2024-06-03T21:57:01.6833333+00:00

    Refer to https://learn.microsoft.com/en-us/legal/cognitive-services/computer-vision/imageanalysis-data-privacy-security


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments No comments

  2. brtrach-MSFT 15,451 Reputation points Microsoft Employee
    2024-06-12T02:51:26.3766667+00:00

    @Suli Adeniye To expand upon the document that Marcin shared, when working with sensitive documents using the Azure Vision API, it’s crucial to ensure the non-disclosure and privacy of the data. Here are some measures you can implement to enhance security:

    1. Data Retention: The Vision API processes data temporarily and retains it for a maximum of 48 hours. After processing, the data is automatically deleted.
    2. Encryption: Ensure that data is encrypted both in transit and at rest. Azure Cognitive Services, including the Vision API, support encryption to protect your data.
    3. Access Controls: Implement strict access controls to ensure that only authorized personnel can access the data. Use Azure Active Directory to manage identities and access.
    4. Resource Group Deletion: Although not necessary for data that is only temporarily stored, you can delete the resource group after processing to ensure that all associated data is removed.
    5. Compliance and Privacy: Review the Microsoft Cognitive Services privacy statement and ensure you are familiar with the Azure Cognitive Services compliance and privacy documentation. Azure Computer Vision complies with various data protection regulations, including GDPR.

    Additionally, document and follow internal policies for handling sensitive data, including guidelines for using external APIs and services. Make sure to understand the specifics of compliance standards such as HIPAA and GDPR as they apply to your use case.

    0 comments No comments