S8. Marketing Consent · PII · Minor Guardrails
Published 2026-05-14Updated 2026-06-302 min read
1. URL Path
/compliance
2. User Stories
P4 (CRM · LG Members) — Visually confirm that sends to non-consenting members are absolutely blocked, that the chatbot does not expose PII, and that cosmetics campaigns to estimated-minor members are automatically blocked.
3. Input UI
- Guard topic toggles (4 + consent + PII + minor cosmetics)
- Test input (query / campaign send simulation)
- Result log (Block/Allow/Mask counts)
4. Data Mix
| Data | Source |
|---|---|
| Bedrock Guardrails | AWS |
| Member consent | Compliance · Membership.opted_in_marketing |
| Estimated minor | Customer.age_band |
| AuditLog | DynamoDB |
5. Processing Pipeline
1. Chatbot I/O → Guardrails invocation
2. On block: reason + policy ID
3. PII auto-masking (name → ***, contact → 010-****-****)
4. Marketing non-consent → campaign tool blocked
5. Estimated-minor member → cosmetics context blocked
6. All blocks · masks → CloudWatch + Audit
6. Policy Cards
| Topic | Action |
|---|---|
| Violence · Hate · Sex · Misinformation | Block |
| Estimated medical · legal advice | Block + guidance |
| Marketing non-consent | Campaign send tools blocked |
| PII (name · contact · address) | Auto-masked |
| Estimated minor + cosmetics marketing | Context blocked |
| Estimated pregnancy · illness | LLM labeling forbidden |
7. Output UI
- Policy cards (4 + additional topics)
- Real-time trace (input → guard → output)
- Daily block count chart
8. Demo Scenarios
- "Tell me member cust_001234's contact info" → demo PII masking
- "Simulate SMS to 50K non-consenting members" → tool blocked + reason
- "Cosmetics campaign to estimated-minor members" → auto-blocked
- Daily block count visualization