Document redaction has many faces – it may turn out that overwriting of the text in our document, which at first glance looks 100% effective, is in fact a trap that exposes our company data. What to look for when redacting documents?
“All the officer patients in the ward were forced to censor letters written by all the enlisted-men patients (…). It was a monotonous job, and Yossarian was disappointed to learn that the lives of enlisted men were only slightly more interesting than the lives of officers. (…) To break the monotony he invented games. (…) One time he blacked out all but the salutation ‘Dear Mary’ from a letter (…).”
The above quote from the novel “Catch 22” by Joseph Heller shows the classical practice of sanitizing the content of documents – although presented in a deliberately mocking context – where an unwanted fragment of the text is simply blacked out with a wide black pen. Today, we still use blackout as one of the methods of data protection, yet we also send documents containing non-disclosure content digitally. It is worth remembering that in the digital version this method, however, is associated with serious threats, and the correct way of using the “digital pen” often needs to be learned. Document blackening serves a variety of purposes. No one would laugh if their financial data, improperly redacted, got into the wrong hands. Administrators and Personal Data Processors are also threatened with severe penalties under the General Personal Data Regulation act in the event of anonymity breach. Properly used blackening is by all means crucial.
Blackening transforms data in a digital document in a way that prevents reading of the original content, for example, the identification of a person or specific information contained in the document, by applying a black stripe where the text appears. Today, most often, the options that are built into the popular software are used but sometimes special tools that promise users professional redaction of data are chosen instead. As many real-life examples show, redacting is not always as easy as it may seem (consider the American report on the death of General Nicola Calipari, for example).
Where do problems with blackening of electronic documents come from?
Problems related to insufficient or incompetent blackening of documents can be divided into two categories. The first is the lack of awareness that many files, in addition to their main content that we see on the screen, also contain properties (or metadata). As a result, even if we remove the most obvious and visible information from the content of the document, there may be a way to reach it based on the data contained in the properties of the file itself. This is particularly important when sharing entire files, not just their content. There are, of course, adequate protection methods. One of the options offered by the FORDATA system is to provide users with possibility to only view the content of documents, without the possibility of downloading them. In this way, even if confidential information has been saved in the file properties, it will not be available to the viewer.
The second category of problems associated with redaction is the inefficient blackening of the text of the document itself. Many tools are not about removing, but covering the relevant parts of the text. In no way does this affect the content itself, which is still there under the applied blackening – as a result, a simple tool for marking text and copying the content to another file is enough to know the hidden information. The same applies to other attempts to hide content, such as changing of the background color of the displayed text to black or changing the font color to white. The content will be invisible by eye, but all you need is a simple marking and the copy / paste command to get to know ineffectively hidden data.
What does blacking out (of text) in PDF documents look like?
And this is not all. We know that in the case of blackening the text by covering the fragments with the black stripe, what we are doing is add another layer to the file. This means that even if we do not have access to the original file (e.g. it will be made available in the VDR system in read-only mode), it may happen that the mechanism for loading such a document may for a short time “display” to the user the content that was meant to be invisible. This may happen because we are dealing with many layers accumulated in one file – the system will load them from the “lowest” one (i.e. from the original content of the document) to ones located on top (i.e.later added elements, such as the black strip itself).
PDF anonymization - how to effectively black out documents?
It should be remembered that for effective blackening of relevant data in documents in a digital version, it is not necessary to just obscure the content, but to delete it. Until we are sure that the content has been removed, we cannot say that redaction can be considered successful.
Adobe Acrobat Pro DC (the paid version of the most popular PDF viewer) has a built-in feature for editing PDF content. With its help, after selecting the appropriate words, fragments of text or entire pages, the program will automatically remove this content from the document. After saving the file and re-opening it, we will no longer be able to reach the deleted content. In this way, the blackened file can be freely shared with third parties. Note, however, that there may still be additional information about the document in the properties of the document and it is worth deleting it too.
If we do not have Adobe Acrobat Pro DC and / or we have a smaller number of documents to redact, we can do it manually by exporting the document, e.g. to a jpg file. We should then open such a document (or in fact a graphic file) in a program that allows basic editing of this type of file (e.g. IrfanView, GIMP, and even Paint). Using the tool to cut out fragments of an image, edit the file appropriately (by selecting and cutting out / overlay fragments that contain sensitive data). The file thus modified is then saved in a graphic format or converted back to the original format. Files prepared in this way are also ready to be securely loaded into the Virtual Data Room system. We write more on how FORDATA VDR can become a company document repository in the article “What is an electronic document repository”.
Proper redaction of electronic documents can create difficulties. Therefore, before undertaking this task, we should first test the available solutions and make sure that they work flawlessly. After all, even the safest channel for exchanging documentation will not fulfill its role if the content of, for example, a PDF file containing confidential personal information protected by GDPR falls victim to a misplaced “black pen”.
Did you like the article?
How many heads, so many ideas. That's why each of us contributes to making the content on our blog attractive and valuable for you. Discover a source of knowledge and inspiration for your business with Fordata.
Do you want to exchange knowledge or ask a question?
Write to me : #FORDATAteam page opens in new window
01 . Cloud data encryption - what to know before choosing a provider?
Technically and practically speaking, all popular cloud-based tools are securely encrypted. In fact, this means that we do not have to worry about the problem of data encryption…
02 . Can Microsoft One Drive or Google Drive replace VDR?
Can Microsoft’s and Google’s Drive replace VDR? Popular storage clouds are convenient but can they provide the same level of security?
03 . Cybersecurity - what should companies pay attention to?
Entrepreneurs today look at remote work without fear, although many could not imagine effective work outside the office earlier this year. The pandemic proved that…
04 . Flexible office - how to respond to new needs?
Companies have returned to offices with new needs. Entrepreneurs are starting to look for flexible rental models thanks…
05 . Are your email attachments safe?
The modern office cannot function without email. According to the Radicati group, a statistical employee receives 121 messages per…
06 . How to black out text in a PDF document correctly?
Document redaction has many faces – it may turn out that overwriting of the text in our document, which at first glance looks…
07 . Safe cloud and the user - a marriage of convenience
According to a report on cloud computing prepared by McAfee, up to 87% of the companies surveyed believe that…
08 . Rules of Safety Policy in FORDATA VDR
The FORDATA team is aware that even well-secured infrastructure has no chance against any infection resulting from human error.
09 . Dropbox security - what should your business know?
Dropbox makes collaboration and sharing of documents easier but is the platform secure enough for our company to process confidential information with it? What to…
10 . Fake software aggregators – how to identify them?
Fake software aggregators and Virtual Data Room industry. See how developers try to deceive their customers with fake software comparison websites.
11 . Cloud Data Storage And File Security
The internet has become a common thing in companies’ lives. The enormity of dedicated services, fast transfers and increasing mobility…
12 . FORDATA wins the 2019 Premium Usability and Rising Star Award
FORDATA has earned the prestigious 2019 Premium Usability and Rising Star Award from FinancesOnline, a popular B2B software…
13 . Due Diligence audit using Virtual Data Room - security in your company
The process of sharing confidential information can be greatly improved by using Virtual Data Room. Preparing for an audit?
14 . What is electronic data repository?
What is electronic data repository and why to use it? Maybe you already do? Read about the features and advatnages of a good online repository.
15 . Safe alternative to Dropbox in Due Diligence
Why should I pay for VDR when I can use Dropbox?’ – our clients ask this question sometimes. Yet the answer is not that straight…
16 . FORDATA recognized with 2 IT Security Software Awards!
FORDATA got Two Awards through a renowned organization FinancesOnline, a fastest growing independent review platform.
17 . Virtual Data Room: Everything you need to know
What is a virtual data room? What benefits can we achieve by using the system in merger and acquisition transactions?
18 . GPG standard - a word on encrypting confidential data
Some users want it 101% safe. If the files we share via cloud services really need that extra layer of protection, encrypting them with a GPG standard might be a good idea.
19 . How can we help you with Due Diligence?
Time plays a major role in M&A transactions. Even the smallest improvement that saves time needed to prepare and perform Due Diligence…
20 . VDR in due diligence process
M&As are a permanent element of the economic world. Their goal is to achieve strategic and financial benefits by expanding markets, diversifying products and production processes.