Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
An agency reported a recent data breach to us and it has given our office another example of how some attempts at redaction are bound to fail.
In this instance, Twink (or some other brand of white-out fluid or tape) was used to cover a person’s name in a document. The person who received the information simply scratched off the whiteout material. While this might make for an amusing anecdote, this case had serious implications for the safety of three people and managing the situation will certainly be costly.
Attempts at redaction are famously fraught with failures. Sometimes when software is used, not all the necessary steps taken. And remember when a black felt tip marker pen was commonly used on a paper copy and the recipient could simply hold the paper up to the light? Now you can now even use a scanner to separate the shades and get an idea of the possible text despite the black out.
If you cannot find official guidance on what process you should follow to redact information from a document, there is ample guidance available on the Internet - such as here.
The US National Security Agency’s Redacting with Confidence came out in 2005 but it still offers a relevant explanation of the kinds of data you need to consider in a digital document.
When redacting information, the most important step is to get someone else to check what you have done. That check needs to be about two things - that you have redacted all the information you should have (because it is easy to overlook a vital piece of information) and that the process has been effective.
