Redaction: Protecting Your Private Digital Data

September 18, 2014

In today’s digital age, no person’s private information is considered off limits by hackers. Recently, several celebrities, including Jennifer Lawrence and Kate Upton, had their iCloud storage accounts hacked and their private moments shared with the world.

Confidential data that gets in the wrong hands may cause many problems. The trick is to know how to send data electronically, without giving away crucial, private information. For example, if you are asked to provide a W-2 Form as proof of income, how do you send this without revealing your social security number to potential hackers? How do you remove the data you do not want disclosed?

One of the most common formats for providing electronic information is via a PDF (Portable Document Format) file. This is where PDF redaction programs come in handy.   Redaction is the process of removing data from a file.  There are many different programs available, such as PDF Escape, Foxit, and Adobe Acrobat Professional.  Redacting a file can be a very easy process, but you have to be careful. 

Here are a few tips to help you keep your sensitive information secure:

  • It is always a good idea to work from a copy of the document that you want to redact rather than the original. And, when naming this new file, it is a good practice to include the word “Redacted” in the title.  
  • Be thorough. Whichever redaction program you choose to use, be sure to complete the whole process and then, double-check your work.  For example, when using Adobe Acrobat Professional, you first have to “mark for redaction,” then “apply the redactions.” It is very important you do both steps.  Redactions are not permanently removed until you “apply the redactions.”  Without that second step, “apply the redactions,” your information may still be recoverable.
  • When redacting, you want to remove the data permanently, not just cover it up.  Just because your eyes do not see the data, does not mean it is actually gone. Simply drawing a black box over the text does not remove it, but only covers it.
  • There are several ways you may test your saved document to see if you can find the text you have removed. One way is to search for a redacted word or phrase.  If the program you use finds it, the file was not redacted correctly.  Another test is to copy the redacted text and paste it into a new document. Make sure you cannot see the text. Lastly, ask someone else to try to find the redacted data. If that person finds it – again, the file was not redacted correctly and your information is still at risk.
  • Finally, the 100% fool proof way to guarantee that your private data is completely un-searchable is to print out your newly redacted file and then scan it back in. This way, no matter how the PDF is manipulated, the hacker will never be able to find the redacted text, because it was removed before it was scanned back into your computer. 

Keep in mind, it is just as important to know what NOT to do. Avoid doing the following:

  • Do not draw a “black” box over the text or use the highlighter tool to highlight it black. (This is worth repeating.) You want to remove the data, not cover it.
  • Do not merely delete the text, a very common mistake. Within a PDF, historical keystrokes are stored even after they have been edited, making them accessible to hackers.
  • Do not change the text color to obscure the content or the background to match the text. Hackers can easily take that text and place it on another color background where it will show up.

Protecting your confidential data is very important. As technology evolves, so does the eagerness of the bad guys wanting to crack and hack the system. While these are recommended security measures, always consult your IT professional or refer to your company’s technology policies before redacting any document. Take the appropriate measures and keep your private data just that - private.