Redacted: Concealing Confidential Information in Documents

What Is Redacted?

Redacted, a fairly common practice in legal documents, refers to the process of editing a document to conceal or remove confidential information before disclosure or publication.

Understanding Redacted

As the electronic filing of court documents is now standard practice, redaction is necessary to restrict public access to personal data, given the possibility of identity theft and other types of fraud.

In addition to personal data identifiers, other information that should be redacted include medical records, trade secrets, informant names, and security information. Attorneys have an obligation to protect the privacy of parties involved in litigation or other proceedings, and failure to do so may result in the court sanctioning penalties or fines against them.

There is a significant amount of legislation—such as the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act—that includes processes on how to handle private information.

Redacted Process

Federal Rule of Civil Procedure 5-2 requires that parties filing documents with the court (whether manual filing or e-filing) must redact the following personal data identifiers:

• Social Security numbers: Only the last four digits must be included.
• Financial account numbers: Only the last four digits should be used.
• Names of minors: If the involvement of a minor must be mentioned, only the minor's initials may be used.
• Date of birth: If the date of birth must be included, use only the year of birth (not month or day).
• Home address: In criminal cases, if a home address must be included, use the city and state only.

Redacting a paper document can be done by cutting out the text to be redacted or using opaque tape to cover the redacted sections. The redaction of electronic filings, however, is more complicated. The following methods may appear to redact a document, but in reality, are not effective or foolproof:

• Changing the text's color to white. This may make it look as though the selected words to be redacted are hidden, but the remaining metadata can reveal the hidden text.
• Blacking out with comment tools: Edits made by such tools can be removed to reveal the underlying text.
• Deleting words or sections: Metadata contains document revision history and can be used to view deleted information.
• Using dark tape or opaque marker: Rather than physically clipping out sensitive information, it is common practice to cover such information with dark tape or a marker and scan it into a PDF format. However, many scanners are sensitive enough to view such covered words even if they do not appear to be visible.

Best practices would be to use the tools specifically designed for document redaction, available in Microsoft Word or Adobe Acrobat.

Real-World Examples

There have been some notable redaction failures. In June 2016, House Democrats publicly released a set of digital documents related to the investigations into the 2012 attacks on two U.S. facilities in Benghazi, Libya. The Los Angeles Times found that portions of a redacted transcript featuring Hillary Clinton's adviser, Sidney Blumenthal, could actually be viewed if that section was copied from the PDF version and pasted into another document.

In 2011, the same copy-paste tactic was used to access redacted information about Apple's business dealings that were mistakenly included in a U.S. District Court opinion.

In 2013, Citigroup acknowledged that it failed to safeguard sensitive data including Social Security numbers and birth dates for 146,000 customers who filed for bankruptcy between 2007 and 2011, because of a problem with the way its software redacted customer data on bankruptcy filings for secured loans.

In 2019, redaction failures made by lawyers representing former Trump campaign chair Paul Manafort accidentally disclosed ties with Russian businessmen, a claim he had previously denied.