What Is Redacted?
Redacted, a fairly common practice in legal documents refers to the process of editing a document to conceal or remove information deemed to be confidential before disclosure or publication.
- Redacted, a fairly common practice in legal documents refers to the process of editing a document to conceal or remove information deemed to be confidential before disclosure or publication.
- Redacting personal data in documents is important to avoid identity theft.
- Federal Rule of Civil Procedure 5-2 requires that parties filing documents with the court must redact Social Security numbers, financial account numbers, names of minors, date of birth, and home address.
- Best practices would be to use the tools specifically designed for document redaction that are now available in Microsoft Word or Adobe Acrobat.
As the electronic filing of court documents is now standard practice, redaction is necessary to restrict public access to personal data, given the large increase in identity theft and other types of fraud.
In addition to personal data identifiers, other types of information appropriate for redaction include medical records, trade secrets, informant names, and security information. Attorneys have an obligation to protect the privacy of parties involved in litigation or other proceedings, and failure to do so may result in the court sanctioning penalties or fines against them.
There is a significant amount of legislation, such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act, and the Gramm-Leach-Bliley Act that includes processes on how to handle private information.
Federal Rule of Civil Procedure 5-2 requires that parties filing documents with the court (whether manual filing or e-filing) must redact the following personal data identifiers so that only the limited information shown below remains:
- Social Security numbers: Only the last four digits must be included.
- Financial account numbers: Only the last four digits should be used.
- Names of minors: If the involvement of a minor must be mentioned, only the minor’s initials may be used.
- Date of birth: If the date of birth must be included, use only the year of birth (not month or day).
- Home address: In criminal cases, if a home address must be included, use the city and state only.
Redacting a paper document can be done by literally cutting out all of the text to be redacted or using opaque tape to cover the redacted sections. The redaction of electronic filings, however, is more complicated. The following methods may appear to redact a document, but in reality, are not effective or foolproof:
- Changing the text’s color to white: This may make it look like the selected words to be redacted are hidden, but the remaining metadata (hidden code) can reveal the hidden text.
- Blacking out with comment tools: Edits made by such tools can be removed to reveal the underlying text.
- Deleting words or sections: Metadata contains document revision history and can be used to view deleted information.
- Using dark tape or opaque marker: Rather than physically clipping out sensitive information, it is common practice to cover such information with dark tape or a marker and scan it into a PDF format. However, many scanners are sensitive enough to view such covered words even if they do not appear to be visible.
Best practices would be to use the tools specifically designed for document redaction that are now available in Microsoft Word or Adobe Acrobat.
Real World Examples
In recent years, there have been a number of notable redaction failures. In June 2016, House Democrats publicly released a set of digital documents related to the investigations into the 2012 attacks on two U.S. facilities in Benghazi, Libya. The Los Angeles Times found that portions of a redacted transcript featuring Hillary Clinton's adviser, Sidney Blumenthal, could actually be viewed if that section was copied from the PDF version and pasted into another document.
In 2011, the same copy-paste tactic was used to access redacted information about Apple’s business dealings that were mistakenly included in a U.S. District Court opinion.
In 2013, Citigroup acknowledged that it failed to safeguard sensitive data including Social Security numbers and birth dates for 146,000 customers who filed for bankruptcy between 2007 and 2011, because of a problem with the way its software redacted customer data on bankruptcy filings for secured loans.