Common Misconceptions about Redaction: How to Protect your Data

Redaction is the process of limiting sensitive data by dynamically changing how data is displayed for certain users. This can be by done by either concealing certain content or removing confidential information completely. Earlier, this was called document sanitizing, which was the process of blacking out or removing sensitive information. Confidential information, when in the wrong hands, could be used to commit fraud or expose private information.

Some information that can be redacted includes social security numbers, driver’s licenses, protected health information, financial documents, proprietary information, judiciary records, residential addresses, dates and months of birth.

Redaction is typically permanent. Sometimes, when filling out the bank account details for third party sites or services, one might want to redact all the digits except the last 4 so as to maintain security over their account. Once this is done, the reversal or re-identification of the redacted data is not possible. Other privacy methods such as tokenization must be used.

Data obfuscating solutions are commonly sought out when dealing with legal documents. We call it redaction when a document is edited to hide or eradicate any sensitive information before it is published or disclosed.

Data masking tools work more closely with SQL (Structured Query Language), which is a universal language that helps to put across queries (question or request for data) to databases through fields, which are the columns and the rows that store data. Data masking solutions are used to create a duplicate, but realistic representation of one’s organizational data.

The objective is to safeguard sensitive information, while creating a working alternative when real data is not needed. Data masking for SQL deals with dynamic data masking, which is the process of obfuscating or hiding sensitive elements such as Credit Card Numbers in the SQL query results before the applications present the data.

In instances, data masking Oracle is ideal for situations where one must redact specific characters of PII for certain application users. It is also suited for applications that are read-only. One must be careful while using data masker for Oracle with applications that perform updates on their databases as redacted data can be traced back to these databases.

Redaction software works in a few simple steps:

• The document is scanned and converted to a digital formatted with the help of Optical Character Recognition technology (OCR)
• Personal identifiable information (PII) is identified in their digital forms for redaction
• Sensitive and confidential information is removed and redacted

OCR technology can yield organized search results that can help us locate and tag sensitive information within digital files for redaction. It first analyses the document for PII and then automatically sanitizes the file by redacting the marked information. The document is then reproduced in its redacted form and stored within a cloud storage or a document management system (DMS).

Successfully redacting electronic records requires not only a grasp over how the software works but also an understanding of its limitations. Additionally, many programs such as Adobe Acrobat are still not smart enough to detect and consecutively act as a redact tool on PII; they require manual processes which are prone to inaccuracies and mistakes.

To learn more about this, check out our blog on How OCR is Revolutionizing Business process.

Redacting digital records need to be done in a way that is sure and fool-proof. For example, PDF documents are essentially layered with texts and images. When the document is put through the built-in PDF redaction tool, it uses masking technology to cover the image or text in question. It merely adds a layer to the document and ultimately, this too can be peeled off to reveal the content.

An easy way of mitigating these problems is to have quality control procedures for such software. Integrating a human reviewing system into these procedures can provide an additional check on the quality. These days, we have advanced text redaction tools which can handle texts from different kinds of sources with ease, like the one offered by teX.ai.

Another common mistake while attempting to redact a document is to change the font colour to that of the background. The thought behind this is that if you cannot see the text, it’s not there. This is possibly one of the least secure ways of redacting a document as the text can be shown by revealing “hidden texts” or by changing its colour.

Some things should be kept in mind while redacting documents – for instance, one should make sure that the document reproduced after redaction is properly and thoroughly sanitized. There can be metadata, bookmarks, links – sensitive information can also be situated within indexes and review comments. Redaction works not only on texts but also on other visual content such as tables and diagrams. While one is trying to redact part of a table or a diagram, the software could redact more than what was originally intended. One needs to make sure that the redaction tool is working efficiently every step of the way to avoid errors.

In a world where data leaks are a common place, securing one’s PII (Personal Identifiable Information) is a challenge for many organizations as the data volumes keep growing with the years. Redaction solutions must be used in a way that the method or software in question redacts confidential information but also retains the overall context of the document.

Looking to redact the confidential text data? teX.ai is your all-in-one solution for all your text analytics needs. Talk to us now.