With the great success of neural networks, it is important to improve the information security of application systems based on them. This paper investigates a scenario where an attacker eavesdrops the intermediate representation computed by the encoder layers and tries to recover the private information of the input text. We propose a new metric to evaluate the encoder's ability to protect privacy and evaluate the Transformer based encoder, which is the first privacy research conducted on Transformer-based neural networks. We also propose an adversarial
training method to enhance the privacy of Transformer-based neural networks.