Protect Private Information through Redaction:
Analysis and Recommendation

Privacy! In all 50 U.S. states and around the world, stronger regulations with increased penalties tumble out of governments, agencies and standards setters. Some are well-publicized; some are stealthy. Holders of private information, even when they know about tightened requirements, may not have the resources or strategies to comply. Many will do nothing until a “trigger event” occurs, but inaction can be catastrophic.

Often, companies’ first line of defense against the loss of private information is to strengthen their network firewall and this is commendable. However, securing networks against outside hacks addresses the macro issues—the “elephant in the room”. It does not address the most frequent loss of personally identifiable information (PII), private data on individual documents. Because it is smaller and less dramatic, this loss is like a snake in the grass: It goes largely unseen, but its bite can be deadly.

Regulators may question and test for network security, but they look for document security as well and the fines for lax PII protection can be severe. The potential loss may be Social Security numbers, payment card information (PCI), medical information, bank account numbers, driver’s license numbers and many others. Often, the most risky documents are old ones—legacy records where Social Security numbers were used as ID numbers and credit card numbers were printed on invoices, forms and receipts.

Lax security fails any number of state and national regulations. Violators face expenses including victim notifications, credit monitoring, reputation repair and fines.

The latter can mount quickly: The loss of old medical records, for example, may triple damages because a single record can contain medical information, Social Security numbers and PCI.

All organizations are exposed to risk, and it is their responsibility to bring the likelihood of loss and the impact down to an acceptable level. One obvious risk-reducer is to not collect PII unless it is absolutely necessary. However, this does not atone for past practices.

Certainly network protection is important. However, this does not address physical documents (paper and microform), and it does not prevent PII leaks to people who have a need or right to see other content on documents containing PII. Inside an organization, PII may be exposed to:

• line-of-business workers
• auditors
• regulators
• inappropriate permissions
• outgoing e-mails and attachments
• thievery and espionage, and
• contract service workers

What’s an organization to do? Restricted access, password protection and encryption (system- or document-level) can help, but their effectiveness is limited.

Significantly, the risk of losing PII on documents can be lowered through redaction, defined as <i>the censoring or obscuring of part of a text for legal or security purposes</i>. This process renders PII unreadable while displaying all other information on a document. Whole document encryption has its place as a shotgun approach, but redaction is tightly focused. Only the sensitive information is obscured, leaving other useful data visible.

Automated redaction is proven both effective and cost-effective. On standardized forms, PII is redacted by zones on the document. For freeform documents, optical and intelligent character recognition identifies PII with surprising certainty. Doubtful data is referred for human scrutiny. Redaction software works on both born-electronic and scanned paper documents.

Organizations using redaction to protect PII have a choice: either they can redact all of their back files, or they can redact individual documents on demand. In the latter scenario, records that never see the light of day need no processing beyond system protection

Software as a Solution

Redaction software adapts to many situations and needs, and it is flexible, turning several different strategies and tactics into reality. The threshold to implement it, both in budget and technical expertise, is low, meaning it is appropriate for low-volume operations. At the same time, it is scalable to very high-volume systems.

Redaction software finds PII in digital documents, whether they are new or old. Virtually any format is amenable to redaction. It may be a bargain; while some vendors sell software licenses, other charge by the document. An effective taxonomy the selects only documents with risk raises cost/effectiveness.

Redaction software works for any kind of information that needs protection, from Social Security numbers to college transcripts. It protects any text-containing format, whether it is a fax, a PDF, scanned correspondence, or word processing. It could be in the public or private sector and it could be a Fortune 100 department or a startup. If the software can see the information, it can redact the information.

Analysis and Opinion

Given the great variety of regulations, business models, information systems and risks, there is no single solution that guarantees privacy compliance. Each covered group must choose its response, but inaction is unacceptable. Despite risks: businesses, organizations and agencies need to hold private information in order to operate. The collection of PII is not going away. However, here are three “golden” directives:

• Collect only private information essential to the organization’s mission
• Dispose the PII as soon as it has met its operational, legal, regulatory and historical need
• Protect the PII you must have, with consequential resources

Redaction software can be a valuable tool for meeting that third dictum. It has proven its efficacy, versatility and cost/effectiveness in the field. At different organizations, users I interviewed applied redaction with various strategies and tactics. They agreed, however, that the product was effective and within their budgets.