PIIpersonal

Last updated: June 9, 2026

The PIIpersonal policy check identifies highly-sensitive person-centered information in your database changelogs, helping prevent PII (Personally Identifiable Information) data exposure. This check employs the Phileas library of Identifiers to scan INSERT and UPDATE SQL statements in your changesets for personal identifiers such as Social Security Numbers, names, driver's licenses, passport numbers, phone numbers, and email addresses. When the check detects potential personal PII, it flags the changelog and can block deployment, protecting your organization from accidentally committing sensitive personal data to version control or deploying it to your databases. This check supports compliance efforts in highly-regulated environments by providing audit-ready evidence that your team is actively monitoring and preventing personal PII exposure in database changes.

Scope

Database

changelog

Any SQL database

Before you begin

  • Create a Check Settings file

  • Update any existing Check Settings file to 5.2+ by running liquibase checks show --auto-update=ON to ensure the PIIpersonal check appears on the list of checks.

  • (Maven users only) Add the liquibase-checks dependency to your pom.xml file. See Add extensions with Maven for more information.

  • Ensure you have Java 17+ installed. If you used the Liquibase Installer, Java is included automatically. Otherwise, you must install Java manually.

Procedure

1

Enable the PIIpersonal check

This check is disabled by default. To enable it, run the checks enable command: liquibase checks enable --check-name=PIIpersonal

2

Customize the check.

After enabling PIIpersonal, run checks customize to configure the check's behavior. This command lets you set which personal identifiers to scan for, the message displayed when a violation is found, and additional identifier-specific options.

Command: liquibase checks customize --check-name=PIIpersonal

Liquibase prompts you to set these parameters:

  1. Severity — The return code generated on a violation. Options: INFO|0, MINOR|1, MAJOR|2, CRITICAL|3, BLOCKER|4. Default: INFO.

  2. PERSONAL_IDENTIFIERS — The personal data types to scan for. Accepts ALL or a comma-separated list of: FIRST_NAME, SURNAME, AGE, DRIVERS_LICENSE, PASSPORT_NUMBER, SSN, PHONE_NUMBER, PHONE_NUMBER_EXTENSION, EMAIL_ADDRESS. Default: ALL.

  3. MESSAGE — The message displayed when a violation is found. The default message includes the detected data type, statement type, statement number, line number, and position.

If EMAIL_ADDRESS is included in PERSONAL_IDENTIFIERS, Liquibase also prompts for:

  1. EMAIL_VALIDATE_RFC — Use strict RFC-compliant email validation to reduce false positives. Options: true, false. Default: true.

  2. EMAIL_VALIDATE_TLD — Validate email addresses against known top-level domains. Options: true, false. Default: false.

Example output:

Short Name

Category

Description

Customization

Status

Severity

Scope

Type

PIIpersonal

Sensitive Data

Identifies highly-sensitive Person-centered information, helping avoid PII data exposure in highly-regulated environments.

PERSONAL_IDENTIFIERS = ALL MESSAGE = Policy violation: raw {filter_type} detected in {stmt_type} at statement #{statement_number}, line {line_number}, positions {start}-{end}.{file_line_info} EMAIL_VALIDATE_RFC = true EMAIL_VALIDATE_TLD = false

enabled

0

changelog

sql, xml, yaml, json

3

Run the checks run command

After enabling and customizing the PIIpersonal check, run it against your changelog to detect the personal identifiers you have configured. Your customized check is stored in your checks settings file.

To run checks with a custom settings file, use the --checks-settings-file parameter. If you don't specify this parameter, Liquibase uses the default liquibase.checks-settings.conf file. You can also use the --changelog-file flag to target a specific changelog.

Checks settings file example: liquibase checks run --checks-settings-file=path_to_my_file_name.yaml

Checks settings file and specific changelog file example: liquibase checks run --checks-settings-file=<path_to_my_file_name>.yaml --changelogfile --<your_changelog_here>.sql

Note: If you run liquibase update with a checks settings file configured, the checks run automatically as part of the update process.

liquibase checks run --checkname < yourCustomizedCheckName > --changelogfile --< yourChangelogHere >.sql

liquibase checks run --checks-settings-file=my_file_name.yaml
4

Analyze the results in the terminal output.

When the PIIpersonal check finds sensitive data in the changelog, you will see output similar to this in the terminal:

CHANGELOG CHECKS ---------------- Checks completed validation of the changelog and found the following issues: Check Name: PII (Personal) Information detection (PIIpersonal) Changeset ID: personal-1 Changeset Filepath: my-changelog.sql Check Severity: INFO (Return code: 0) Message: Policy violation: raw SSN detected in INSERT at statement #1, line 1, positions 52-63. Check Name: PII (Personal) Information detection (PIIpersonal) Changeset ID: personal-2 Changeset Filepath: my-changelog.sql Check Severity: INFO (Return code: 0) Message: Policy violation: raw EMAIL-ADDRESS detected in INSERT at statement #1, line 1, positions 56-76. Changesets Validated: in my-changelog.sql ID: personal-1; Author: test ID: personal-2; Author: test Checks run against each changeset: PII (Personal) Information detection (Short names: PIIpersonal)

The output identifies the check name, changeset ID, file path, severity, and the exact location of the detected personal data in the changelog.

Results

Now you can see how the check runs and what the results look like when it flags an issue within the changelog.

You can then remove, mask, or handle the sensitive personal information appropriately before committing changes to your database.