![]() The tool not only redacted the desired information, but also text on one line above and below each redaction. The screenshot above is from a document redacted with a popular PDF tool. Make sure the tool you are using handles image redaction properly. While you are trying to partially redact sensitive information out of a diagram, the tool you are using might not be able to do that and redact the whole image instead. However, redaction can apply to different types of content – diagrams for example. See image below for an example of what I mean. Instead of just redacting the social security number for example, you also lose nearby content that could be above, below, left, and right of what you were targeting. Some tools can redact just fine, but they are what I call too 'loose'. Use a tool that has a clean redaction.A good PDF redaction tool will clean up all those, and more, during sanitization. Search indexes and review comments are also good hiding spots for sensitive data. Previous versions of documents can contain information we thought is redacted, making it readily available. As I mentioned before, the document’s metadata can contain sensitive information. Make sure the document is sanitized after the redaction.But, what if we use a tool that claims to redact a document, but does a poor job? How do you know? Such tools are more common than you would think, so let me give you some pointers on redaction: You want to use a tool that is designed for proper redaction. Furthermore, this text can be searched for, and changing the font color back to a visible one is easy. Simply selecting all the text on a page will reveal all the “hidden” text. This is perhaps the least secure of all the incorrect redaction methods available. The idea is that if you can’t see the text, it’s not there. Properly redacting a document will take care of all of those issues.Īnother common mistake while attempting to redact a document is to change the font color of sensitive information to simply match the background. Metadata can also contain previously deleted content, or references to it. Those versions will contain previously deleted content. A lot of tools keep versions of a document without us ever realizing that. What if we decide to manually select and delete the content, and then manually add a black box over it? Aside from this being a laborious process, there are some major downsides to it. We focus on the optional black box that goes over the content, and don’t realize the content is still readily available in the document. The most common example of incorrectly redacted documents is the one that I started the article with. An additional step is to sanitize the document, cleaning up sneaky data like metadata, bookmarks, links, and anything that could have content in it that you do not want availableĪs you can see, if those steps are not followed properly, many things can go wrong, and you might end up distributing documents that still contain sensitive information.The redaction annotations are reviewed and applied, permanently removing the content. ![]() The content to be redacted is identified and redaction annotations are placed over it.Redaction is typically a 2 step process, with an optional 3rd step The important and mandatory part of redaction is that the content is permanently removed from the document. This is traditionally a black box, however, it does not have to be a box, and the color does not have to be black. An optional piece of content is usually added in place of the removed content to indicate something has changed. So, what is redaction? In PDF, redaction is the act of removing content directly from the content stream of the page. ![]() I came to realize that a lot of the problems around bad redactions could possibly stem from the fact that it’s not clear what real redactions really are. They had thousands of incorrectly redacted documents and were looking for an automated solution to perform real redactions on those documents. I was on a call with a company that had done just that. This happens more often than you would think. Everything is going great until a couple of years down the line, someone in your organization realizes that anyone can just move the black box “redaction” to uncover the social security number underneath. ![]() The resulting PDF looks perfectly redacted - after all, the content is blacked out. Then, the document was converted to a PDF file using Word’s built-in converter. One of the common practices used to be adding a black box over the targeted content using Word. So, your organization is redacting sensitive information, like social security numbers, out of documents prior to making them available to the public.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |