Responsible AI Practices

Why Responsible AI matters for Applied Scientists

As an Applied Scientist, you turn ideas into deployable models that affect people. Responsible AI ensures your work is fair, private by design, safe against abuse, transparent to stakeholders, and compliant with policy. It reduces product risk, builds trust, and speeds approvals, letting you ship impactful features without costly rollbacks.

• Unlocks tasks: bias audits, PII-safe data pipelines, safety filters and evaluations, documentation (model/data cards), risk registers, and launch reviews.
• Impacts metrics: fewer incidents, improved slice performance, lower false positives/negatives on sensitive groups, faster go-to-market via smoother compliance.

Who this is for

• Applied Scientists and ML Engineers shipping models or LLM features.
• Data Scientists moving from analysis to production systems.
• Tech leads needing pragmatic guardrails in fast-moving teams.

Prerequisites

• Python and common ML tooling (NumPy/Pandas/sklearn). No extra libraries required for the exercises.
• Basic classification/regression knowledge; comfort with metrics like precision/recall.
• Familiarity with version control and experiment tracking.

Learning path and milestones

1. Foundations and principles
   • Define fairness goals (e.g., equal opportunity) and harms to avoid.
   • Identify personal data/PII you must never store in plaintext.
   Milestone checklist

   • Write a 3–5 sentence model purpose and out-of-scope statement.
   • Choose 1–2 fairness metrics tied to your use case.
   • List PII fields in your data and how they’ll be handled (mask, hash, drop).
2. Data audit
   • Quantify representation across user slices; identify imbalance and leakage.
   • Scan for PII and policy-violating content.
   Milestone checklist

   • Slice your data by key attributes and compute label prevalence.
   • Run a PII scan (emails/phones/IDs) and decide redaction strategy.
3. Modeling with guardrails
   • Try thresholds per group or post-processing to reduce unfair gaps.
   • Minimize feature leakage; prefer interpretable features for sensitive areas.
   Milestone checklist

   • Compare a baseline vs a fairness-adjusted threshold.
   • Document any features removed due to leakage risk.
4. Evaluation across slices
   • Compute metrics by group: accuracy, precision/recall, calibration, parity gaps.
   • Run robustness tests (adversarial or noisy inputs).
   Milestone checklist

   • Produce a slice report with gap thresholds and mitigation notes.
   • Add unit tests for metrics to avoid regressions.
5. Transparency and governance
   • Create a lightweight model card and data card.
   • Open a risk register with owners and mitigations.
   Milestone checklist

   • Model card draft approved by a peer.
   • Risk register with severity/likelihood scoring and review cadence.
6. Safety and deployment
   • Add input/output filters; rate limits; privacy-aware logging.
   • Enable canary release and rollback plan.
   Milestone checklist

   • Safety filter tested against known harmful prompts/phrases.
   • Logging excludes raw PII; redaction verified.
7. Monitoring and incident response
   • Track slice metrics post-launch; set alert thresholds.
   • Create a simple incident response playbook.
   Milestone checklist

   • Dashboards with per-slice KPIs.
   • Run a mock incident drill.

Worked examples

# Minimal fairness metrics with pandas
import pandas as pd

def rates_by_group(df, y_true='y', y_pred='y_hat', group='group'):
    out = []
    for g, d in df.groupby(group):
        tp = ((d[y_true]==1) & (d[y_pred]==1)).sum()
        fn = ((d[y_true]==1) & (d[y_pred]==0)).sum()
        fp = ((d[y_true]==0) & (d[y_pred]==1)).sum()
        tn = ((d[y_true]==0) & (d[y_pred]==0)).sum()
        pos_rate = (tp+fp)/len(d)
        tpr = tp/(tp+fn) if (tp+fn)>0 else 0.0
        fpr = fp/(fp+tn) if (fp+tn)>0 else 0.0
        out.append({group:g,'pos_rate':pos_rate,'tpr':tpr,'fpr':fpr,'n':len(d)})
    return pd.DataFrame(out)

# Example data
df = pd.DataFrame({
    'y':[1,0,1,0,1,0,1,0,1,0],
    'y_hat':[1,0,1,0,0,0,1,1,1,0],
    'group':['A','A','A','A','A','B','B','B','B','B']
})

r = rates_by_group(df)
# Compute gaps
parity_gap = r['pos_rate'].max() - r['pos_rate'].min()
equal_opp_gap = r['tpr'].max() - r['tpr'].min()
print(r); print({'parity_gap': parity_gap, 'equal_opp_gap': equal_opp_gap})

import re, hashlib

EMAIL = re.compile(r"[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}")
PHONE = re.compile(r"\b(?:\+?\d{1,3}[ -]?)?(?:\(?\d{3}\)?[ -]?)?\d{3}[ -]?\d{4}\b")

def luhn_check(s):
    digits = [int(c) for c in re.sub(r"\D","", s)]
    if not digits: return False
    checksum = 0
    parity = len(digits) % 2
    for i,d in enumerate(digits):
        if i % 2 == parity:
            d *= 2
            if d > 9: d -= 9
        checksum += d
    return checksum % 10 == 0 and len(digits) in (13,15,16,19)

def redact(text):
    text = EMAIL.sub("[EMAIL]", text)
    text = PHONE.sub("[PHONE]", text)
    # Mask credit-card-like numbers
    def mask_cc(m):
        s = m.group(0)
        return "[CARD]" if luhn_check(s) else s
    text = re.sub(r"(?:\d[ -]?){13,19}", mask_cc, text)
    return text

def pseudonymize(user_id, secret_salt="my_salt"):
    h = hashlib.sha256((secret_salt+str(user_id)).encode()).hexdigest()
    return f"USR_{h[:12]}"

print(redact("Email me at a@b.com or call +1 212-555-0123; card 4111 1111 1111 1111"))
print(pseudonymize("user42"))

ABUSE = {"hateword1","hateword2","kill","suicide"}
ALLOW_CONTEXT = {"suicide prevention","support line","crisis help"}

def is_abusive(text):
    t = text.lower()
    if any(kw in t for kw in ALLOW_CONTEXT):
        return False
    return any(kw in t for kw in ABUSE) or (t.count("!") > 5)

samples = [
    "I need suicide prevention resources",
    "You should kill them!!!",
]
print([is_abusive(s) for s in samples])

{
  "model_name": "review_sentiment_v2",
  "intended_use": "Classify product review sentiment for analytics and moderation triage.",
  "out_of_scope": ["Predicting clinical outcomes", "Making credit decisions"],
  "training_data_summary": {
    "size": 500000,
    "sources": ["public reviews", "opt-in feedback"],
    "known_gaps": ["non-English dialects underrepresented"]
  },
  "metrics": {
    "overall": {"accuracy": 0.90, "f1": 0.89},
    "slices": {"dialect_X": {"f1": 0.82}},
    "fairness_targets": ["equal_opportunity"]
  },
  "ethical_considerations": ["Avoid use in hiring decisions"],
  "safety": {"content_filters": ["toxicity-lexicon", "rate-limit"]},
  "privacy": {"pii": "logs redacted; user_ids hashed"},
  "version": "2.1.0",
  "owner": "Applied Science Team"
}

# risk_id,area,severity,likelihood,owner,mitigation,status
R1,Fairness,High,Medium,A.Smith,Per-group thresholds + retrain on dialect_X,Open
R2,Privacy,High,Low,J.Lee,Redact logs + add PII scanner pre-ingest,In Progress
R3,Safety,Medium,Medium,K.Patel,Add allowlist + human-in-the-loop for flagged outputs,Open
R4,Governance,Medium,Low,M.Rivera,Finalize model card + quarterly review,Open

Drills and exercises

• [ ] Compute parity and TPR gaps for two sensitive attributes and compare.
• [ ] Add a PII redaction step to a data loader and verify with test cases.
• [ ] Design 10 red-team prompts and check your safety filter’s precision/recall.
• [ ] Draft a one-page model card and get a peer review.
• [ ] Create a risk register with at least 4 risks and assign owners.

Common mistakes and debugging tips

• Mistake: Measuring only overall accuracy.
  Fix: Always compute metrics per slice; watch for TPR/FPR gaps.
• Mistake: Logging raw PII for convenience.
  Fix: Redact at the edge; pseudonymize IDs; regularly test redactors.
• Mistake: One-size-fits-all safety blocklists that overblock.
  Fix: Add context allowlists and human review for borderline cases.
• Mistake: Using sensitive attributes as features inadvertently (leakage).
  Fix: Audit features; remove or strictly justify any sensitive or proxy features.
• Mistake: No documentation until launch week.
  Fix: Maintain living model/data cards from the first prototype.

Mini project: Audit and harden a sentiment model

Objective: Take a sentiment classifier or LLM sentiment prompt and ship a hardened version.

1. Data: Sample 5k texts across at least 3 user slices; add 50 red-team prompts.
2. Privacy: Add PII redaction to preprocessing and logging; write unit tests.
3. Fairness: Compute parity and equal opportunity gaps; mitigate with thresholds or data balancing.
4. Safety: Add lexical safety baseline; evaluate on red-team prompts, log precision/recall.
5. Transparency: Publish a 1-page model card; list limitations and out-of-scope uses.
6. Governance: Create a risk register; assign owners and due dates.
7. Monitoring: Define 3 production KPIs and alert thresholds; write an incident playbook.

Subskills

• Bias and Fairness Evaluation: Choose appropriate fairness metrics; measure and reduce performance gaps across slices.
• Privacy PII Handling: Redact, minimize, and pseudonymize personal data; verify with tests.
• Safety and Abuse Considerations: Add input/output guardrails; evaluate against harmful prompts and edge cases.
• Data and Model Governance Awareness: Maintain data/model cards, versioning, approvals, and review cadences.
• Transparency and User Impact Assessment: Document intended use, limitations, and potential user harms/benefits.
• Compliance Review Support: Prepare artifacts for reviews (risk register, DPIA-style notes, consent sources).
• Risk Mitigation Planning: Track risks with owners, severity/likelihood, and specific mitigations.

Practical projects

• Fairness-first spam filter: Train a classifier, add per-group thresholds, publish a model card.
• PII-safe text analytics: Build a redaction pipeline with tests; run analytics on sanitized data.
• Safety-aware LLM assistant: Add guardrails, escalation paths, and monitor flagged content rates.

Next steps

• Integrate these practices into your team’s PR templates and CI checks.
• Expand to robust evaluation (stress tests, adversarial prompts) and MLOps monitoring.
• Schedule quarterly audits to refresh metrics, documentation, and risk register.