The right way to redact electronic documents

Following incidents involving incorrectly redacted documents, the Information Governance team would like everyone to understand what they should be doing when removing sensitive information from documents.

‘Redaction’ is the process of removing privileged or private data from documents.
There are many things you might want to redact in your document: patient or staff information, phone numbers, NHS numbers, email addresses, employee ID numbers, and many more.
The old way of doing it would be to:

1. Print out the document.
2. Use a black marker to cross out the information to be redacted.
3. Photocopy the redacted pages a few times (so the underlying text has no chance of showing through).
4. Re-scan the documents.
5. Attach the scanned copy to an email and send.

So, until fairly recently, all you needed to achieve secure redaction was a thick permanent marker.

Word (and other software) has attempted to keep this simplicity alive with ‘virtual’ black markers.
But this do-it-yourself redaction doesn’t really work.

Remember, what you see on your screen isn’t all there is going on. Just because you see a black box over text, it doesn’t mean the text isn’t there anymore.

• ‘Virtual’ marker lines are easy to see through. Using a black marker on a paper document is the perfect way of covering up sensitive text. But ‘virtual’ black markers (in MS Word, for example) don’t work the same way. All anyone has to do is use their cursor to highlight the blacked-out lines, and the underlying text suddenly materializes!

• Black boxes can ingeniously be ‘left behind.’ Lawyers for former Trump campaign chair, Paul Manafort, made this mistake. They placed black boxes over sensitive text and the media conveniently copy/pasted all the text into another document. The black boxes were left behind, leaving the redacted sentences clearly visible!

So, what you need is a way to ‘burn-in’ the redactions properly.

Applications like Adobe Acrobat Pro have redaction tools that provide this level of security. 
They create new documents that have irreversible redaction.  

The PDF downloadable below explains what is, and what is not secure digital redaction and the tools that you can use to achieve it.